Edit tour

Windows Analysis Report
GUtEaDsc9X.dll

Overview

General Information

Sample name:	GUtEaDsc9X.dll renamed because original name is a hash value
Original sample name:	068b5cf6bfdd3adb07561b32450d49a2.dll
Analysis ID:	1591516
MD5:	068b5cf6bfdd3adb07561b32450d49a2
SHA1:	316640df0e3494acdf6fd97f9696d91b8bb7fd51
SHA256:	dcbd3a53b07724b50a4a10f75d73be3ad7d427046486f35ceec3aff041a87657
Tags:	dllexeuser-mentality
Infos:

Detection

Wannacry

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Wannacry ransomware

AI detected suspicious sample

Connects to many different private IPs (likely to spread or exploit)

Connects to many different private IPs via SMB (likely to spread or exploit)

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for dropped file

Machine Learning detection for sample

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Yara signature match

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 2940 cmdline: loaddll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 6884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4200 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 3160 cmdline: rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

mssecsvr.exe (PID: 5072 cmdline: C:\WINDOWS\mssecsvr.exe MD5: 3DC07E6A906F86FDD76CDF2B51738089)

rundll32.exe (PID: 3580 cmdline: rundll32.exe C:\Users\user\Desktop\GUtEaDsc9X.dll,PlayGame MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 5644 cmdline: rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",PlayGame MD5: 889B99C52A60DD49227C5E485A016679)

mssecsvr.exe (PID: 5536 cmdline: C:\WINDOWS\mssecsvr.exe MD5: 3DC07E6A906F86FDD76CDF2B51738089)

mssecsvr.exe (PID: 2820 cmdline: C:\WINDOWS\mssecsvr.exe -m security MD5: 3DC07E6A906F86FDD76CDF2B51738089)

svchost.exe (PID: 6128 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
WannaCryptor, WannaCry, WannaCrypt		Lazarus Group	http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/ http://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html https://baesystemsai.blogspot.de/2017/05/wanacrypt0r-ransomworm.html https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d	https://malpedia.caad.fkie.fraunhofer.de/details/win.wannacryptor

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
GUtEaDsc9X.dll	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
GUtEaDsc9X.dll	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x45604:$x1: icacls . /grant Everyone:F /T /C /Q 0x353d0:$x3: tasksche.exe 0x455e0:$x3: tasksche.exe 0x455bc:$x4: Global\MsWinZonesCacheCounterMutexA 0x45634:$x5: WNcry@2ol7 0x353a8:$x8: C:\%s\qeriuwjhrf 0x45604:$x9: icacls . /grant Everyone:F /T /C /Q 0x3014:$s1: C:\%s\%s 0x12098:$s1: C:\%s\%s 0x1b39c:$s1: C:\%s\%s 0x353bc:$s1: C:\%s\%s 0x45534:$s3: cmd.exe /c "%s" 0x77a88:$s4: msg/m_portuguese.wnry 0x326f0:$s5: \\192.168.56.20\IPC$ 0x1fae5:$s6: \\172.16.99.5\IPC$ 0xd195:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x78da:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x5449:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
GUtEaDsc9X.dll	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x455e0:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x45608:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68

Dropped Files

Source	Rule	Description	Author	Strings
C:\Windows\tasksche.exe	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
C:\Windows\tasksche.exe	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
C:\Windows\tasksche.exe	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68

Memory Dumps

Source	Rule	Description	Author	Strings
00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000009.00000002.2298150332.000000000040F000.00000008.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000007.00000000.2274209166.000000000040F000.00000008.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000006.00000000.2254855112.000000000040F000.00000008.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000009.00000000.2283925530.000000000040F000.00000008.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf57c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf5a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
00000009.00000000.2284105441.0000000000710000.00000002.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000009.00000000.2284105441.0000000000710000.00000002.00000001.01000000.00000004.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf57c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf5a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
00000007.00000002.2926241811.0000000001E97000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000007.00000002.2926241811.0000000001E97000.00000004.00000020.00020000.00000000.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x32600:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x32628:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf57c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf5a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
00000006.00000000.2255015334.0000000000710000.00000002.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000006.00000000.2255015334.0000000000710000.00000002.00000001.01000000.00000004.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf57c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf5a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
00000009.00000002.2298346949.0000000000710000.00000002.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000009.00000002.2298346949.0000000000710000.00000002.00000001.01000000.00000004.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf57c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf5a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
00000007.00000002.2926502101.00000000023BD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000007.00000002.2926502101.00000000023BD000.00000004.00000020.00020000.00000000.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x32e44:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x32e6c:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
00000007.00000000.2274388470.0000000000710000.00000002.00000001.01000000.00000004.sdmp	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
00000007.00000000.2274388470.0000000000710000.00000002.00000001.01000000.00000004.sdmp	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf57c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf5a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
Process Memory Space: mssecsvr.exe PID: 5072	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
Process Memory Space: mssecsvr.exe PID: 2820	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
Process Memory Space: mssecsvr.exe PID: 5536	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
Click to see the 20 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
7.0.mssecsvr.exe.7100a4.1.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
7.0.mssecsvr.exe.7100a4.1.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.23ae8c8.6.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
9.2.mssecsvr.exe.7100a4.1.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
9.2.mssecsvr.exe.7100a4.1.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.1e88084.2.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
6.0.mssecsvr.exe.7100a4.1.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
6.0.mssecsvr.exe.7100a4.1.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.23e096c.8.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
7.2.mssecsvr.exe.23e096c.8.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.7100a4.1.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
7.2.mssecsvr.exe.7100a4.1.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.1eba128.5.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
7.2.mssecsvr.exe.1eba128.5.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
6.2.mssecsvr.exe.7100a4.1.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
6.2.mssecsvr.exe.7100a4.1.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
9.0.mssecsvr.exe.7100a4.1.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xe8fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xe8d8:$x3: tasksche.exe 0xe8b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xe92c:$x5: WNcry@2ol7 0xe8fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xe82c:$s3: cmd.exe /c "%s"
9.0.mssecsvr.exe.7100a4.1.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xe8d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xe900:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.7100a4.1.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.7100a4.1.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
7.2.mssecsvr.exe.7100a4.1.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.0.mssecsvr.exe.7100a4.1.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.0.mssecsvr.exe.7100a4.1.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
7.0.mssecsvr.exe.7100a4.1.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.23e096c.8.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.23e096c.8.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
7.2.mssecsvr.exe.23e096c.8.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
9.0.mssecsvr.exe.7100a4.1.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
9.0.mssecsvr.exe.7100a4.1.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
9.0.mssecsvr.exe.7100a4.1.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.1eba128.5.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.1eba128.5.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
7.2.mssecsvr.exe.1eba128.5.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
9.2.mssecsvr.exe.7100a4.1.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
9.2.mssecsvr.exe.7100a4.1.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
9.2.mssecsvr.exe.7100a4.1.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
6.2.mssecsvr.exe.7100a4.1.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
6.2.mssecsvr.exe.7100a4.1.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
6.2.mssecsvr.exe.7100a4.1.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
6.0.mssecsvr.exe.7100a4.1.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
6.0.mssecsvr.exe.7100a4.1.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0xf4fc:$x1: icacls . /grant Everyone:F /T /C /Q 0xf4d8:$x3: tasksche.exe 0xf4b4:$x4: Global\MsWinZonesCacheCounterMutexA 0xf52c:$x5: WNcry@2ol7 0xf4fc:$x9: icacls . /grant Everyone:F /T /C /Q 0xf42c:$s3: cmd.exe /c "%s" 0x41980:$s4: msg/m_portuguese.wnry
6.0.mssecsvr.exe.7100a4.1.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0xf4d8:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0xf500:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.23ae8c8.6.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.23ae8c8.6.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x3136c:$x3: tasksche.exe 0x31344:$x8: C:\%s\qeriuwjhrf 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
7.2.mssecsvr.exe.23ae8c8.6.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
7.2.mssecsvr.exe.1e88084.2.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.1e88084.2.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x3136c:$x3: tasksche.exe 0x31344:$x8: C:\%s\qeriuwjhrf 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
7.2.mssecsvr.exe.1e88084.2.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
7.2.mssecsvr.exe.23bd948.7.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.23bd948.7.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x32520:$x1: icacls . /grant Everyone:F /T /C /Q 0x222ec:$x3: tasksche.exe 0x324fc:$x3: tasksche.exe 0x324d8:$x4: Global\MsWinZonesCacheCounterMutexA 0x32550:$x5: WNcry@2ol7 0x222c4:$x8: C:\%s\qeriuwjhrf 0x32520:$x9: icacls . /grant Everyone:F /T /C /Q 0x82b8:$s1: C:\%s\%s 0x222d8:$s1: C:\%s\%s 0x32450:$s3: cmd.exe /c "%s" 0x649a4:$s4: msg/m_portuguese.wnry 0x1f60c:$s5: \\192.168.56.20\IPC$ 0xca01:$s6: \\172.16.99.5\IPC$
7.2.mssecsvr.exe.23bd948.7.raw.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0xca4c:$s1: __TREEID__PLACEHOLDER__ 0xcae8:$s1: __TREEID__PLACEHOLDER__ 0xd354:$s1: __TREEID__PLACEHOLDER__ 0xe3b9:$s1: __TREEID__PLACEHOLDER__ 0xf420:$s1: __TREEID__PLACEHOLDER__ 0x10488:$s1: __TREEID__PLACEHOLDER__ 0x114f0:$s1: __TREEID__PLACEHOLDER__ 0x12558:$s1: __TREEID__PLACEHOLDER__ 0x135c0:$s1: __TREEID__PLACEHOLDER__ 0x14628:$s1: __TREEID__PLACEHOLDER__ 0x15690:$s1: __TREEID__PLACEHOLDER__ 0x166f8:$s1: __TREEID__PLACEHOLDER__ 0x17760:$s1: __TREEID__PLACEHOLDER__ 0x187c8:$s1: __TREEID__PLACEHOLDER__ 0x19830:$s1: __TREEID__PLACEHOLDER__ 0x1a898:$s1: __TREEID__PLACEHOLDER__ 0x1b900:$s1: __TREEID__PLACEHOLDER__ 0x1bb14:$s1: __TREEID__PLACEHOLDER__ 0x1bb74:$s1: __TREEID__PLACEHOLDER__ 0x1f244:$s1: __TREEID__PLACEHOLDER__ 0x1f2c0:$s1: __TREEID__PLACEHOLDER__
7.2.mssecsvr.exe.23bd948.7.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x324fc:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x32524:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
9.2.mssecsvr.exe.400000.0.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
9.2.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q 0x3136c:$x3: tasksche.exe 0x4157c:$x3: tasksche.exe 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA 0x415d0:$x5: WNcry@2ol7 0x31344:$x8: C:\%s\qeriuwjhrf 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x414d0:$s3: cmd.exe /c "%s" 0x73a24:$s4: msg/m_portuguese.wnry 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
9.2.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
9.2.mssecsvr.exe.400000.0.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.400000.0.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q 0x3136c:$x3: tasksche.exe 0x4157c:$x3: tasksche.exe 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA 0x415d0:$x5: WNcry@2ol7 0x31344:$x8: C:\%s\qeriuwjhrf 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x414d0:$s3: cmd.exe /c "%s" 0x73a24:$s4: msg/m_portuguese.wnry 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
7.2.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
7.2.mssecsvr.exe.400000.0.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
9.0.mssecsvr.exe.400000.0.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
9.0.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q 0x3136c:$x3: tasksche.exe 0x4157c:$x3: tasksche.exe 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA 0x415d0:$x5: WNcry@2ol7 0x31344:$x8: C:\%s\qeriuwjhrf 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x414d0:$s3: cmd.exe /c "%s" 0x73a24:$s4: msg/m_portuguese.wnry 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
9.0.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
9.0.mssecsvr.exe.400000.0.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.0.mssecsvr.exe.400000.0.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.0.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q 0x3136c:$x3: tasksche.exe 0x4157c:$x3: tasksche.exe 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA 0x415d0:$x5: WNcry@2ol7 0x31344:$x8: C:\%s\qeriuwjhrf 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x414d0:$s3: cmd.exe /c "%s" 0x73a24:$s4: msg/m_portuguese.wnry 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
7.0.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
7.0.mssecsvr.exe.400000.0.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
6.2.mssecsvr.exe.400000.0.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
6.2.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q 0x3136c:$x3: tasksche.exe 0x4157c:$x3: tasksche.exe 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA 0x415d0:$x5: WNcry@2ol7 0x31344:$x8: C:\%s\qeriuwjhrf 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x414d0:$s3: cmd.exe /c "%s" 0x73a24:$s4: msg/m_portuguese.wnry 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
6.2.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
6.2.mssecsvr.exe.400000.0.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.1e97104.4.raw.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.1e97104.4.raw.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x32520:$x1: icacls . /grant Everyone:F /T /C /Q 0x222ec:$x3: tasksche.exe 0x324fc:$x3: tasksche.exe 0x324d8:$x4: Global\MsWinZonesCacheCounterMutexA 0x32550:$x5: WNcry@2ol7 0x222c4:$x8: C:\%s\qeriuwjhrf 0x32520:$x9: icacls . /grant Everyone:F /T /C /Q 0x82b8:$s1: C:\%s\%s 0x222d8:$s1: C:\%s\%s 0x32450:$s3: cmd.exe /c "%s" 0x649a4:$s4: msg/m_portuguese.wnry 0x1f60c:$s5: \\192.168.56.20\IPC$ 0xca01:$s6: \\172.16.99.5\IPC$
7.2.mssecsvr.exe.1e97104.4.raw.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0xca4c:$s1: __TREEID__PLACEHOLDER__ 0xcae8:$s1: __TREEID__PLACEHOLDER__ 0xd354:$s1: __TREEID__PLACEHOLDER__ 0xe3b9:$s1: __TREEID__PLACEHOLDER__ 0xf420:$s1: __TREEID__PLACEHOLDER__ 0x10488:$s1: __TREEID__PLACEHOLDER__ 0x114f0:$s1: __TREEID__PLACEHOLDER__ 0x12558:$s1: __TREEID__PLACEHOLDER__ 0x135c0:$s1: __TREEID__PLACEHOLDER__ 0x14628:$s1: __TREEID__PLACEHOLDER__ 0x15690:$s1: __TREEID__PLACEHOLDER__ 0x166f8:$s1: __TREEID__PLACEHOLDER__ 0x17760:$s1: __TREEID__PLACEHOLDER__ 0x187c8:$s1: __TREEID__PLACEHOLDER__ 0x19830:$s1: __TREEID__PLACEHOLDER__ 0x1a898:$s1: __TREEID__PLACEHOLDER__ 0x1b900:$s1: __TREEID__PLACEHOLDER__ 0x1bb14:$s1: __TREEID__PLACEHOLDER__ 0x1bb74:$s1: __TREEID__PLACEHOLDER__ 0x1f244:$s1: __TREEID__PLACEHOLDER__ 0x1f2c0:$s1: __TREEID__PLACEHOLDER__
7.2.mssecsvr.exe.1e97104.4.raw.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x324fc:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x32524:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
6.0.mssecsvr.exe.400000.0.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
6.0.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x415a0:$x1: icacls . /grant Everyone:F /T /C /Q 0x3136c:$x3: tasksche.exe 0x4157c:$x3: tasksche.exe 0x41558:$x4: Global\MsWinZonesCacheCounterMutexA 0x415d0:$x5: WNcry@2ol7 0x31344:$x8: C:\%s\qeriuwjhrf 0x415a0:$x9: icacls . /grant Everyone:F /T /C /Q 0x17338:$s1: C:\%s\%s 0x31358:$s1: C:\%s\%s 0x414d0:$s3: cmd.exe /c "%s" 0x73a24:$s4: msg/m_portuguese.wnry 0x2e68c:$s5: \\192.168.56.20\IPC$ 0x1ba81:$s6: \\172.16.99.5\IPC$ 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
6.0.mssecsvr.exe.400000.0.unpack	WannaCry_Ransomware_Gen	Detects WannaCry Ransomware	Florian Roth (based on rule by US CERT)	0x1bacc:$s1: __TREEID__PLACEHOLDER__ 0x1bb68:$s1: __TREEID__PLACEHOLDER__ 0x1c3d4:$s1: __TREEID__PLACEHOLDER__ 0x1d439:$s1: __TREEID__PLACEHOLDER__ 0x1e4a0:$s1: __TREEID__PLACEHOLDER__ 0x1f508:$s1: __TREEID__PLACEHOLDER__ 0x20570:$s1: __TREEID__PLACEHOLDER__ 0x215d8:$s1: __TREEID__PLACEHOLDER__ 0x22640:$s1: __TREEID__PLACEHOLDER__ 0x236a8:$s1: __TREEID__PLACEHOLDER__ 0x24710:$s1: __TREEID__PLACEHOLDER__ 0x25778:$s1: __TREEID__PLACEHOLDER__ 0x267e0:$s1: __TREEID__PLACEHOLDER__ 0x27848:$s1: __TREEID__PLACEHOLDER__ 0x288b0:$s1: __TREEID__PLACEHOLDER__ 0x29918:$s1: __TREEID__PLACEHOLDER__ 0x2a980:$s1: __TREEID__PLACEHOLDER__ 0x2ab94:$s1: __TREEID__PLACEHOLDER__ 0x2abf4:$s1: __TREEID__PLACEHOLDER__ 0x2e2c4:$s1: __TREEID__PLACEHOLDER__ 0x2e340:$s1: __TREEID__PLACEHOLDER__
6.0.mssecsvr.exe.400000.0.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x4157c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x415a4:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.23b98e8.9.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.23b98e8.9.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x36580:$x1: icacls . /grant Everyone:F /T /C /Q 0x2634c:$x3: tasksche.exe 0x3655c:$x3: tasksche.exe 0x36538:$x4: Global\MsWinZonesCacheCounterMutexA 0x365b0:$x5: WNcry@2ol7 0x26324:$x8: C:\%s\qeriuwjhrf 0x36580:$x9: icacls . /grant Everyone:F /T /C /Q 0xc318:$s1: C:\%s\%s 0x26338:$s1: C:\%s\%s 0x364b0:$s3: cmd.exe /c "%s" 0x68a04:$s4: msg/m_portuguese.wnry 0x2366c:$s5: \\192.168.56.20\IPC$ 0x10a61:$s6: \\172.16.99.5\IPC$
7.2.mssecsvr.exe.23b98e8.9.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x3655c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x36584:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.1e97104.4.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.1e97104.4.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x2dd20:$x1: icacls . /grant Everyone:F /T /C /Q 0x1daec:$x3: tasksche.exe 0x2dcfc:$x3: tasksche.exe 0x2dcd8:$x4: Global\MsWinZonesCacheCounterMutexA 0x2dd50:$x5: WNcry@2ol7 0x1dac4:$x8: C:\%s\qeriuwjhrf 0x2dd20:$x9: icacls . /grant Everyone:F /T /C /Q 0x76b8:$s1: C:\%s\%s 0x1dad8:$s1: C:\%s\%s 0x2dc50:$s3: cmd.exe /c "%s" 0x601a4:$s4: msg/m_portuguese.wnry 0x1ae0c:$s5: \\192.168.56.20\IPC$ 0xb601:$s6: \\172.16.99.5\IPC$
7.2.mssecsvr.exe.1e97104.4.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x2dcfc:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x2dd24:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.23bd948.7.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.23bd948.7.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x2dd20:$x1: icacls . /grant Everyone:F /T /C /Q 0x1daec:$x3: tasksche.exe 0x2dcfc:$x3: tasksche.exe 0x2dcd8:$x4: Global\MsWinZonesCacheCounterMutexA 0x2dd50:$x5: WNcry@2ol7 0x1dac4:$x8: C:\%s\qeriuwjhrf 0x2dd20:$x9: icacls . /grant Everyone:F /T /C /Q 0x76b8:$s1: C:\%s\%s 0x1dad8:$s1: C:\%s\%s 0x2dc50:$s3: cmd.exe /c "%s" 0x601a4:$s4: msg/m_portuguese.wnry 0x1ae0c:$s5: \\192.168.56.20\IPC$ 0xb601:$s6: \\172.16.99.5\IPC$
7.2.mssecsvr.exe.23bd948.7.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x2dcfc:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x2dd24:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
7.2.mssecsvr.exe.1e930a4.3.unpack	JoeSecurity_Wannacry	Yara detected Wannacry ransomware	Joe Security
7.2.mssecsvr.exe.1e930a4.3.unpack	WannaCry_Ransomware	Detects WannaCry Ransomware	Florian Roth (with the help of binar.ly)	0x36580:$x1: icacls . /grant Everyone:F /T /C /Q 0x2634c:$x3: tasksche.exe 0x3655c:$x3: tasksche.exe 0x36538:$x4: Global\MsWinZonesCacheCounterMutexA 0x365b0:$x5: WNcry@2ol7 0x26324:$x8: C:\%s\qeriuwjhrf 0x36580:$x9: icacls . /grant Everyone:F /T /C /Q 0xc318:$s1: C:\%s\%s 0x26338:$s1: C:\%s\%s 0x364b0:$s3: cmd.exe /c "%s" 0x68a04:$s4: msg/m_portuguese.wnry 0x2366c:$s5: \\192.168.56.20\IPC$ 0x10a61:$s6: \\172.16.99.5\IPC$
7.2.mssecsvr.exe.1e930a4.3.unpack	wanna_cry_ransomware_generic	detects wannacry ransomware on disk and in virtual page	us-cert code analysis team	0x3655c:$s11: 74 61 73 6B 73 63 68 65 2E 65 78 65 00 00 00 00 54 61 73 6B 53 74 61 72 74 00 00 00 74 2E 77 6E 72 79 00 00 69 63 61 63 0x36584:$s12: 6C 73 20 2E 20 2F 67 72 61 6E 74 20 45 76 65 72 79 6F 6E 65 3A 46 20 2F 54 20 2F 43 20 2F 51 00 61 74 74 72 69 62 20 2B 68
Click to see the 87 entries

Sigma Signatures

System Summary

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6128, ProcessName: svchost.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-15T02:52:22.716548+0100	2803304	3	Unknown Traffic	192.168.2.6	49760	103.224.212.215	80	TCP
2025-01-15T02:52:24.331004+0100	2803304	3	Unknown Traffic	192.168.2.6	49772	103.224.212.215	80	TCP
2025-01-15T02:54:30.791606+0100	2803304	3	Unknown Traffic	192.168.2.6	50650	103.224.212.215	80	TCP

ETPRO MALWARE Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-15T02:52:21.806843+0100	2830018	1	A Network Trojan was detected	192.168.2.6	53119	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: GUtEaDsc9X.dll

Avira: detected

Antivirus detection for URL or domain

Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00a	Avira URL Cloud: Label: malware
Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e91	Avira URL Cloud: Label: malware
Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00aa0	Avira URL Cloud: Label: malware
Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1254-3084-96ca-8a185b1cc780	Avira URL Cloud: Label: malware
Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6	Avira URL Cloud: Label: malware
Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6c3	Avira URL Cloud: Label: malware
Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e	Avira URL Cloud: Label: malware

Multi AV Scanner detection for dropped file

Source: C:\WINDOWS\qeriuwjhrf (copy)	ReversingLabs: Detection: 96%
Source: C:\Windows\tasksche.exe	ReversingLabs: Detection: 96%

Multi AV Scanner detection for submitted file

Source: GUtEaDsc9X.dll	ReversingLabs: Detection: 92%
Source: GUtEaDsc9X.dll	Virustotal: Detection: 94%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.0% probability

Machine Learning detection for dropped file

Source: C:\Windows\tasksche.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: GUtEaDsc9X.dll

Joe Sandbox ML: detected

Exploits

Connects to many different private IPs (likely to spread or exploit)

Source: global traffic	TCP traffic: 192.168.2.39:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.38:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.42:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.41:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.44:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.43:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.46:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.45:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.48:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.47:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.40:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.28:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.27:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.29:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.31:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.30:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.33:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.32:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.35:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.34:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.37:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.36:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.17:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.16:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.19:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.18:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.20:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.22:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.21:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.24:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.23:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.26:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.25:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.97:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.96:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.11:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.99:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.10:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.98:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.13:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.12:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.15:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.14:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.91:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.90:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.93:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.92:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.95:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.94:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.2:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.1:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.8:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.7:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.9:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.4:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.3:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.6:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.5:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.86:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.104:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.85:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.105:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.88:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.102:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.87:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.103:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.108:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.89:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.109:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.106:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.107:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.80:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.82:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.100:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.81:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.101:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.84:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.83:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.75:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.74:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.77:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.113:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.76:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.114:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.79:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.78:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.71:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.111:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.70:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.112:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.73:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.72:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.110:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.64:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.63:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.66:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.65:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.68:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.67:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.69:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.60:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.62:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.61:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.49:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.53:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.52:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.55:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.54:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.57:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.56:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.59:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.58:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.51:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.50:445	Jump to behavior

Connects to many different private IPs via SMB (likely to spread or exploit)

Source: global traffic	TCP traffic: 192.168.2.39:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.38:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.42:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.41:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.44:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.43:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.46:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.45:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.48:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.47:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.40:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.28:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.27:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.29:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.31:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.30:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.33:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.32:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.35:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.34:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.37:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.36:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.17:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.16:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.19:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.18:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.20:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.22:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.21:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.24:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.23:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.26:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.25:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.97:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.96:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.11:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.99:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.10:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.98:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.13:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.12:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.15:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.14:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.91:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.90:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.93:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.92:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.95:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.94:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.2:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.1:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.8:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.7:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.9:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.4:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.3:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.6:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.5:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.86:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.104:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.85:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.105:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.88:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.102:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.87:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.103:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.108:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.89:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.109:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.106:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.107:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.80:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.82:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.100:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.81:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.101:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.84:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.83:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.75:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.74:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.77:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.113:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.76:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.114:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.79:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.78:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.71:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.111:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.70:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.112:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.73:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.72:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.110:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.64:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.63:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.66:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.65:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.68:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.67:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.69:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.60:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.62:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.61:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.49:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.53:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.52:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.55:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.54:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.57:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.56:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.59:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.58:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.51:445	Jump to behavior
Source: global traffic	TCP traffic: 192.168.2.50:445	Jump to behavior

Source: GUtEaDsc9X.dll

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL

Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50179 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2830018 - Severity 1 - ETPRO MALWARE Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup) : 192.168.2.6:53119 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1252-223d-bfe5-eafa75e00aa0 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1252-2445-b94c-0396d6dca6c3 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cacheCookie: __tad=1736905942.8520710
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1252-25c1-9452-126911d13e91 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-AliveCookie: parking_session=02f4a5e1-bc9e-499a-b87f-cbca01081703
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1254-3084-96ca-8a185b1cc780 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive

Source: Joe Sandbox View

JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49772 -> 103.224.212.215:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49760 -> 103.224.212.215:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:50650 -> 103.224.212.215:80

Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239405475856_1F6V8529RVRKMO1TM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239405475857_1HVCAGG6HX6F987D5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239391081812_16WIS2WQBVWJESJY8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239391081813_18VUO41WSWZPI1SC6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.143
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.143
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.143
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.1
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.143
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.1
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.1
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.1
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.1
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.1
Source: unknown	TCP traffic detected without corresponding DNS query: 147.174.249.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.219
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.219
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.219
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.219
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.78.75.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.242
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.242
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.242
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.1
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.242
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.1
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.1
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.1
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.1
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.1
Source: unknown	TCP traffic detected without corresponding DNS query: 48.84.84.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.160
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.160
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.160
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.160
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.83.190.1

Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239405475856_1F6V8529RVRKMO1TM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239405475857_1HVCAGG6HX6F987D5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239391081812_16WIS2WQBVWJESJY8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239391081813_18VUO41WSWZPI1SC6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1252-223d-bfe5-eafa75e00aa0 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1252-2445-b94c-0396d6dca6c3 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cacheCookie: __tad=1736905942.8520710
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1252-25c1-9452-126911d13e91 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-AliveCookie: parking_session=02f4a5e1-bc9e-499a-b87f-cbca01081703
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?subid1=20250115-1254-3084-96ca-8a185b1cc780 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Source: global traffic	DNS traffic detected: DNS query: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

Source: svchost.exe, 00000014.00000002.3517617559.000001ADB2000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: qmgr.db.20.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.20.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
Source: qmgr.db.20.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.20.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.20.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.20.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.20.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.20.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosuri
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000006.00000002.2293628180.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00a
Source: mssecsvr.exe, 00000007.00000002.2925772733.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6
Source: mssecsvr.exe, 00000009.00000002.2298698988.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e
Source: GUtEaDsc9X.dll	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Source: mssecsvr.exe, 00000009.00000002.2298698988.0000000000A08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
Source: mssecsvr.exe, 00000007.00000002.2925772733.0000000000C66000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/3b
Source: mssecsvr.exe, 00000009.00000002.2298698988.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/5
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/g(w
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/llt
Source: mssecsvr.exe, 00000009.00000002.2298698988.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/t
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/z)
Source: mssecsvr.exe, 00000007.00000002.2925201454.000000000019D000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJ
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.como
Source: edb.log.20.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000014.00000003.2831969118.000001ADB1F30000.00000004.00000800.00020000.00000000.sdmp, edb.log.20.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:50179 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected Wannacry ransomware

Source: Yara match	File source: GUtEaDsc9X.dll, type: SAMPLE
Source: Yara match	File source: 7.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.23e096c.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.1eba128.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.23ae8c8.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.1e88084.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.23bd948.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.1e97104.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.23b98e8.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.1e97104.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.23bd948.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mssecsvr.exe.1e930a4.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2298150332.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.2274209166.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.2254855112.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.2283925530.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.2284105441.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2926241811.0000000001E97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.2255015334.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2298346949.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2926502101.00000000023BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.2274388470.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mssecsvr.exe PID: 5072, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mssecsvr.exe PID: 2820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: mssecsvr.exe PID: 5536, type: MEMORYSTR
Source: Yara match	File source: C:\Windows\tasksche.exe, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: GUtEaDsc9X.dll, type: SAMPLE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: GUtEaDsc9X.dll, type: SAMPLE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.23ae8c8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 9.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 9.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.1e88084.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 6.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 6.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.23e096c.8.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.23e096c.8.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.1eba128.5.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.1eba128.5.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 6.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 6.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 9.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 9.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.23e096c.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.23e096c.8.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 9.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 9.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.1eba128.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.1eba128.5.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 9.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 9.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 6.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 6.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 6.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 6.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.23ae8c8.6.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.23ae8c8.6.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 7.2.mssecsvr.exe.1e88084.2.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.1e88084.2.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 7.2.mssecsvr.exe.23bd948.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.23bd948.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 7.2.mssecsvr.exe.23bd948.7.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.1e97104.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.1e97104.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 7.2.mssecsvr.exe.1e97104.4.raw.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.23b98e8.9.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.23b98e8.9.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.1e97104.4.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.1e97104.4.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.23bd948.7.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.23bd948.7.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 7.2.mssecsvr.exe.1e930a4.3.unpack, type: UNPACKEDPE	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: 7.2.mssecsvr.exe.1e930a4.3.unpack, type: UNPACKEDPE	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000009.00000000.2284105441.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000007.00000002.2926241811.0000000001E97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000006.00000000.2255015334.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000009.00000002.2298346949.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000007.00000002.2926502101.00000000023BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: 00000007.00000000.2274388470.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team
Source: C:\Windows\tasksche.exe, type: DROPPED	Matched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
Source: C:\Windows\tasksche.exe, type: DROPPED	Matched rule: detects wannacry ransomware on disk and in virtual page Author: us-cert code analysis team

Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\WINDOWS\mssecsvr.exe	Jump to behavior
Source: C:\Windows\mssecsvr.exe	File created: C:\WINDOWS\tasksche.exe	Jump to behavior
Source: C:\Windows\mssecsvr.exe	File created: C:\WINDOWS\tasksche.exe	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	Jump to behavior

Source: tasksche.exe.6.dr

Static PE information: No import functions for PE file found

Source: GUtEaDsc9X.dll

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL

Source: GUtEaDsc9X.dll, type: SAMPLE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: GUtEaDsc9X.dll, type: SAMPLE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.23ae8c8.6.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 9.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 9.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.1e88084.2.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 6.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 6.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.23e096c.8.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.23e096c.8.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.1eba128.5.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.1eba128.5.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 6.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 6.2.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 9.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 9.0.mssecsvr.exe.7100a4.1.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.23e096c.8.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.23e096c.8.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 9.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 9.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.1eba128.5.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.1eba128.5.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 9.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 9.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 6.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 6.2.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 6.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 6.0.mssecsvr.exe.7100a4.1.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.23ae8c8.6.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.23ae8c8.6.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 7.2.mssecsvr.exe.1e88084.2.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.1e88084.2.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 7.2.mssecsvr.exe.23bd948.7.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.23bd948.7.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 7.2.mssecsvr.exe.23bd948.7.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.1e97104.4.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.1e97104.4.raw.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 7.2.mssecsvr.exe.1e97104.4.raw.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.23b98e8.9.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.23b98e8.9.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.1e97104.4.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.1e97104.4.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.23bd948.7.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.23bd948.7.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 7.2.mssecsvr.exe.1e930a4.3.unpack, type: UNPACKEDPE	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: 7.2.mssecsvr.exe.1e930a4.3.unpack, type: UNPACKEDPE	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000009.00000000.2284105441.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000007.00000002.2926241811.0000000001E97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000006.00000000.2255015334.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000009.00000002.2298346949.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000007.00000002.2926502101.00000000023BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: 00000007.00000000.2274388470.0000000000710000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set
Source: C:\Windows\tasksche.exe, type: DROPPED	Matched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
Source: C:\Windows\tasksche.exe, type: DROPPED	Matched rule: wanna_cry_ransomware_generic date = 2017/05/12, hash0 = 4da1f312a214c07143abeeafb695d904, author = us-cert code analysis team, description = detects wannacry ransomware on disk and in virtual page, reference = not set

Source: tasksche.exe.6.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: tasksche.exe.6.dr	Static PE information: Section: .rdata ZLIB complexity 1.0007621951219512
Source: tasksche.exe.6.dr	Static PE information: Section: .data ZLIB complexity 1.001953125
Source: tasksche.exe.6.dr	Static PE information: Section: .rsrc ZLIB complexity 1.0007408405172413

Source: GUtEaDsc9X.dll, tasksche.exe.6.dr

Binary or memory string: @.der.pfx.key.crt.csr.p12.pem.odt.ott.sxw.stw.uot.3ds.max.3dm.ods.ots.sxc.stc.dif.slk.wb2.odp.otp.sxd.std.uop.odg.otg.sxm.mml.lay.lay6.asc.sqlite3.sqlitedb.sql.accdb.mdb.db.dbf.odb.frm.myd.myi.ibd.mdf.ldf.sln.suo.cs.c.cpp.pas.h.asm.js.cmd.bat.ps1.vbs.vb.pl.dip.dch.sch.brd.jsp.php.asp.rb.java.jar.class.sh.mp3.wav.swf.fla.wmv.mpg.vob.mpeg.asf.avi.mov.mp4.3gp.mkv.3g2.flv.wma.mid.m3u.m4u.djvu.svg.ai.psd.nef.tiff.tif.cgm.raw.gif.png.bmp.jpg.jpeg.vcd.iso.backup.zip.rar.7z.gz.tgz.tar.bak.tbk.bz2.PAQ.ARC.aes.gpg.vmx.vmdk.vdi.sldm.sldx.sti.sxi.602.hwp.snt.onetoc2.dwg.pdf.wk1.wks.123.rtf.csv.txt.vsdx.vsd.edb.eml.msg.ost.pst.potm.potx.ppam.ppsx.ppsm.pps.pot.pptm.pptx.ppt.xltm.xltx.xlc.xlm.xlt.xlw.xlsb.xlsm.xlsx.xls.dotx.dotm.dot.docm.docb.docx.docWANACRY!%s\%sCloseHandleDeleteFileWMoveFileExWMoveFileWReadFileWriteFileCreateFileWkernel32.dll

Source: classification engine

Classification label: mal100.rans.expl.evad.winDLL@19/6@2/100

Source: C:\Windows\mssecsvr.exe	Code function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,		6_2_00407C40
Source: C:\Windows\mssecsvr.exe	Code function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,		7_2_00407C40

Source: C:\Windows\mssecsvr.exe

Code function: 6_2_00407CE0 InternetCloseHandle,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,FindResourceA,LoadResource,LockResource,SizeofResource,sprintf,sprintf,sprintf,MoveFileExA,CreateFileA,WriteFile,CloseHandle,CreateProcessA,CloseHandle,CloseHandle,

6_2_00407CE0

Source: C:\Windows\mssecsvr.exe

Code function: 6_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,

6_2_00407C40

Source: C:\Windows\mssecsvr.exe	Code function: 6_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,		6_2_00408090
Source: C:\Windows\mssecsvr.exe	Code function: 7_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,		7_2_00408090

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6884:120:WilError_03

Source: GUtEaDsc9X.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\GUtEaDsc9X.dll,PlayGame

Source: GUtEaDsc9X.dll	ReversingLabs: Detection: 92%
Source: GUtEaDsc9X.dll	Virustotal: Detection: 94%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\GUtEaDsc9X.dll,PlayGame
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe
Source: unknown	Process created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe -m security
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",PlayGame
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\GUtEaDsc9X.dll,PlayGame	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",PlayGame	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: msvcp60.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: msvcp60.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: msvcp60.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior

Source: C:\Windows\mssecsvr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: GUtEaDsc9X.dll

Static file information: File size 5267459 > 1048576

Source: GUtEaDsc9X.dll

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x501000

Source: tasksche.exe.6.dr

Static PE information: section name: .text entropy: 7.64241276975841

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Windows\SysWOW64\rundll32.exe

Executable created and started: C:\WINDOWS\mssecsvr.exe

Jump to behavior

Source: C:\Windows\mssecsvr.exe	File created: C:\WINDOWS\qeriuwjhrf (copy)			Jump to dropped file
Source: C:\Windows\mssecsvr.exe	File created: C:\Windows\tasksche.exe			Jump to dropped file

Source: C:\Windows\mssecsvr.exe	File created: C:\WINDOWS\qeriuwjhrf (copy)			Jump to dropped file
Source: C:\Windows\mssecsvr.exe	File created: C:\Windows\tasksche.exe			Jump to dropped file

Source: C:\Windows\mssecsvr.exe

Code function: 6_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,

6_2_00407C40

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\mssecsvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\mssecsvr.exe

Thread delayed: delay time: 86400000

Jump to behavior

Source: C:\Windows\mssecsvr.exe	Dropped PE file which has not been started: C:\WINDOWS\qeriuwjhrf (copy)			Jump to dropped file
Source: C:\Windows\mssecsvr.exe	Dropped PE file which has not been started: C:\Windows\tasksche.exe			Jump to dropped file

Source: C:\Windows\mssecsvr.exe TID: 2688	Thread sleep count: 92 > 30	Jump to behavior
Source: C:\Windows\mssecsvr.exe TID: 2688	Thread sleep time: -184000s >= -30000s	Jump to behavior
Source: C:\Windows\mssecsvr.exe TID: 5832	Thread sleep count: 130 > 30	Jump to behavior
Source: C:\Windows\mssecsvr.exe TID: 5832	Thread sleep count: 43 > 30	Jump to behavior
Source: C:\Windows\mssecsvr.exe TID: 2688	Thread sleep time: -86400000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 1524	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe	Thread delayed: delay time: 120000			Jump to behavior
Source: C:\Windows\mssecsvr.exe	Thread delayed: delay time: 86400000			Jump to behavior

Source: svchost.exe, 00000014.00000002.3514121835.000001ADACA2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000007.00000002.2925772733.0000000000C7D000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000007.00000002.2925772733.0000000000C3C000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000009.00000002.2298698988.0000000000A67000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000009.00000002.2298698988.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000009.00000002.2298698988.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.3518200629.000001ADB205A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWk
Source: mssecsvr.exe, 00000006.00000002.2293628180.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1

Jump to behavior

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Service Execution	4 Windows Service	4 Windows Service	12 Masquerading	OS Credential Dumping	1 Network Share Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Process Injection	31 Virtualization/Sandbox Evasion	LSASS Memory	111 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	11 Process Injection	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	21 System Information Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Rundll32	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
GUtEaDsc9X.dll	92%	ReversingLabs	Win32.Ransomware.WannaCry
GUtEaDsc9X.dll	94%	Virustotal		Browse
GUtEaDsc9X.dll	100%	Avira	TR/AD.DPulsarShellcode.gohtr
GUtEaDsc9X.dll	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Windows\tasksche.exe	100%	Joe Sandbox ML
C:\WINDOWS\qeriuwjhrf (copy)	97%	ReversingLabs	Win32.Ransomware.WannaCry
C:\Windows\tasksche.exe	97%	ReversingLabs	Win32.Ransomware.WannaCry

Source	Detection	Scanner	Label
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00a	100%	Avira URL Cloud	malware
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e91	100%	Avira URL Cloud	malware
http://ww25.iuqerfsodp9ifjaposdfjhgosuri	0%	Avira URL Cloud	safe
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00aa0	100%	Avira URL Cloud	malware
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1254-3084-96ca-8a185b1cc780	100%	Avira URL Cloud	malware
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6	100%	Avira URL Cloud	malware
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6c3	100%	Avira URL Cloud	malware
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e	100%	Avira URL Cloud	malware
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.como	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
77026.bodis.com	199.59.243.228	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com	103.224.212.215	true	false	high
ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://tse1.mm.bing.net/th?id=OADD2.10239405475856_1F6V8529RVRKMO1TM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false		high
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00aa0	false	Avira URL Cloud: malware	unknown
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/	false		high
https://tse1.mm.bing.net/th?id=OADD2.10239405475857_1HVCAGG6HX6F987D5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false		high
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e91	false	Avira URL Cloud: malware	unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false		high
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6c3	false	Avira URL Cloud: malware	unknown
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1254-3084-96ca-8a185b1cc780	false	Avira URL Cloud: malware	unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false		high
https://tse1.mm.bing.net/th?id=OADD2.10239391081813_18VUO41WSWZPI1SC6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false		high
https://tse1.mm.bing.net/th?id=OADD2.10239391081812_16WIS2WQBVWJESJY8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/3b	mssecsvr.exe, 00000007.00000002.2925772733.0000000000C66000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ww25.iuqerfsodp9ifjaposdfjhgosuri	mssecsvr.exe, 00000006.00000002.2293628180.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com	GUtEaDsc9X.dll	false		high
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.como	mssecsvr.exe, 00000006.00000002.2293628180.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/ProdV21C:	svchost.exe, 00000014.00000003.2831969118.000001ADB1F30000.00000004.00000800.00020000.00000000.sdmp, edb.log.20.dr	false		high
http://crl.ver)	svchost.exe, 00000014.00000002.3517617559.000001ADB2000000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/t	mssecsvr.exe, 00000009.00000002.2298698988.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/5	mssecsvr.exe, 00000009.00000002.2298698988.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/z)	mssecsvr.exe, 00000006.00000002.2293628180.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/Prod1C:	edb.log.20.dr	false		high
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00a	mssecsvr.exe, 00000006.00000002.2293628180.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000006.00000002.2293628180.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e	mssecsvr.exe, 00000009.00000002.2298698988.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6	mssecsvr.exe, 00000007.00000002.2925772733.0000000000C4B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJ	mssecsvr.exe, 00000007.00000002.2925201454.000000000019D000.00000004.00000010.00020000.00000000.sdmp	false		high
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/g(w	mssecsvr.exe, 00000006.00000002.2293628180.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/llt	mssecsvr.exe, 00000006.00000002.2293628180.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
16.6.71.1	unknown	United States	unknown	unknown	false
185.149.203.183	unknown	Poland	62201	KTMTELEKOM-ASPL	false
56.148.232.1	unknown	United States	2686	ATGS-MMD-ASUS	false
70.83.190.2	unknown	Canada	5769	VIDEOTRONCA	false
70.83.190.1	unknown	Canada	5769	VIDEOTRONCA	false
48.84.84.1	unknown	United States	2686	ATGS-MMD-ASUS	false
44.142.202.224	unknown	United States	1653	SUNETSUNETSwedishUniversityNetworkEU	false
48.84.84.2	unknown	United States	2686	ATGS-MMD-ASUS	false
188.217.194.1	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
223.2.101.1	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
185.149.203.2	unknown	Poland	62201	KTMTELEKOM-ASPL	false
185.149.203.1	unknown	Poland	62201	KTMTELEKOM-ASPL	false
147.174.249.1	unknown	United States	25968	SELUNETUS	false
147.174.249.2	unknown	United States	25968	SELUNETUS	false
56.148.232.23	unknown	United States	2686	ATGS-MMD-ASUS	false
30.7.203.119	unknown	United States	7922	COMCAST-7922US	false
108.114.73.1	unknown	United States	10507	SPCSUS	false
27.13.195.1	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
114.249.64.1	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
36.227.128.1	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
4.244.95.82	unknown	United States	3356	LEVEL3US	false
112.113.202.1	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
134.252.241.191	unknown	United States	3562	SNLL-NET-ASUS	false
147.174.249.143	unknown	United States	25968	SELUNETUS	false
76.187.63.1	unknown	United States	11427	TWC-11427-TEXASUS	false
102.114.25.1	unknown	Mauritius	23889	MauritiusTelecomMU	false
131.21.241.12	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
119.135.172.1	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
79.149.62.181	unknown	Spain	3352	TELEFONICA_DE_ESPANAES	false
36.227.128.128	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false

Private

IP
192.168.2.148
192.168.2.149
192.168.2.146
192.168.2.147
192.168.2.140
192.168.2.141
192.168.2.144
192.168.2.145
192.168.2.142
192.168.2.143
192.168.2.159
192.168.2.157
192.168.2.158
192.168.2.151
192.168.2.152
192.168.2.150
192.168.2.155
192.168.2.156
192.168.2.153
192.168.2.154
192.168.2.126
192.168.2.247
192.168.2.127
192.168.2.248
192.168.2.124
192.168.2.245
192.168.2.125
192.168.2.246
192.168.2.128
192.168.2.249
192.168.2.129
192.168.2.240
192.168.2.122
192.168.2.243
192.168.2.123
192.168.2.244
192.168.2.120
192.168.2.241
192.168.2.121
192.168.2.242
192.168.2.97
192.168.2.137
192.168.2.96
192.168.2.138
192.168.2.99
192.168.2.135
192.168.2.98
192.168.2.136
192.168.2.139
192.168.2.250
192.168.2.130
192.168.2.251
192.168.2.91
192.168.2.90
192.168.2.93
192.168.2.133
192.168.2.254
192.168.2.92
192.168.2.134
192.168.2.95
192.168.2.131
192.168.2.252
192.168.2.94
192.168.2.132
192.168.2.253
192.168.2.104
192.168.2.225
192.168.2.105
192.168.2.226
192.168.2.102

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591516
Start date and time:	2025-01-15 02:51:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	GUtEaDsc9X.dll renamed because original name is a hash value
Original Sample Name:	068b5cf6bfdd3adb07561b32450d49a2.dll
Detection:	MAL
Classification:	mal100.rans.expl.evad.winDLL@19/6@2/100
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .dll

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 2.23.242.162, 13.107.246.45, 172.202.163.200, 20.199.58.43, 2.23.227.215, 20.31.169.57, 150.171.27.10, 20.223.36.55
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, e16604.g.akamaiedge.net, azureedge-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
20:52:24	API Interceptor	1x Sleep call for process: loaddll32.exe modified
20:52:59	API Interceptor	112x Sleep call for process: mssecsvr.exe modified
20:53:18	API Interceptor	2x Sleep call for process: svchost.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	9kNjKSEUym.dll	Get hash	malicious	Wannacry	Browse	13.107.246.45
	https://telegrams-tw.org/	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://6y.tickarmoz.ru/aY57/	Get hash	malicious	Unknown	Browse	13.107.246.45
	Eastern Contractors Corporation Contract and submittal document.eml	Get hash	malicious	Unknown	Browse	13.107.246.45
	download.exe	Get hash	malicious	Babuk, Mimikatz	Browse	13.107.246.45
	https://emp.eduyield.com/el?aid=962445be-3c17-11ec-9620-0e45aa61dde5&cid=497&dest=https://google.com/amp/avrancecorp.com/wp-web/Griffinwink/64616b6f74616c796e6e406772696666696e77696e6b2e636f6d/$ZGFrb3&pid=564628&rid=68730789	Get hash	malicious	Unknown	Browse	13.107.246.45
	habHh1BC0L.dll	Get hash	malicious	Wannacry	Browse	13.107.246.45
	19MgUpI9tj.dll	Get hash	malicious	Wannacry	Browse	13.107.246.45
	https://securityalert-corporate.com/click/f288bff9-842d-4e34-8d2d-41ad20e48e9d	Get hash	malicious	Unknown	Browse	13.107.246.45
	hzQNazOx3Z.dll	Get hash	malicious	Wannacry	Browse	13.107.246.45
77026.bodis.com	D3W41IdtQA.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	F1G5BkUV74.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	04Ct9PoJrL.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	sLlAsC4I5r.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	habHh1BC0L.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	19MgUpI9tj.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	ruXU7wj3X9.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	eIZi481eP6.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	m9oUIFauYl.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
	sUlHfYQxNw.dll	Get hash	malicious	Wannacry	Browse	199.59.243.228
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com	D3W41IdtQA.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	F1G5BkUV74.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	04Ct9PoJrL.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	sLlAsC4I5r.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	habHh1BC0L.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	19MgUpI9tj.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	ruXU7wj3X9.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	eIZi481eP6.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	m9oUIFauYl.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215
	sUlHfYQxNw.dll	Get hash	malicious	Wannacry	Browse	103.224.212.215

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
KTMTELEKOM-ASPL	imaginebeingarm7.elf	Get hash	malicious	Mirai, Moobot	Browse	185.149.201.234
KTMTELEKOM-ASPL	pandora.x86-20220417-1500	Get hash	malicious	Mirai	Browse	185.149.201.204
VIDEOTRONCA	ppc.elf	Get hash	malicious	Unknown	Browse	184.163.140.255
	i486.elf	Get hash	malicious	Unknown	Browse	142.81.115.98
	sh4.elf	Get hash	malicious	Unknown	Browse	96.21.74.173
	6.elf	Get hash	malicious	Unknown	Browse	173.178.131.190
	6.elf	Get hash	malicious	Unknown	Browse	24.225.200.55
	sora.arm.elf	Get hash	malicious	Unknown	Browse	142.72.148.237
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	74.56.15.178
	miori.arm.elf	Get hash	malicious	Unknown	Browse	204.48.73.80
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	96.20.167.137
	miori.mpsl.elf	Get hash	malicious	Unknown	Browse	74.61.238.226
VIDEOTRONCA	ppc.elf	Get hash	malicious	Unknown	Browse	184.163.140.255
	i486.elf	Get hash	malicious	Unknown	Browse	142.81.115.98
	sh4.elf	Get hash	malicious	Unknown	Browse	96.21.74.173
	6.elf	Get hash	malicious	Unknown	Browse	173.178.131.190
	6.elf	Get hash	malicious	Unknown	Browse	24.225.200.55
	sora.arm.elf	Get hash	malicious	Unknown	Browse	142.72.148.237
	arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	74.56.15.178
	miori.arm.elf	Get hash	malicious	Unknown	Browse	204.48.73.80
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	96.20.167.137
	miori.mpsl.elf	Get hash	malicious	Unknown	Browse	74.61.238.226
ATGS-MMD-ASUS	330tqxXVzm.dll	Get hash	malicious	Wannacry	Browse	48.0.238.151
	https://suman006723213.github.io/garena.reward.ff/	Get hash	malicious	HTMLPhisher	Browse	34.36.216.150
	https://checkpoint681.verifications.io.vn/491c51f2b04f4064b623dfcead849625	Get hash	malicious	Unknown	Browse	34.149.134.77
	https://jpmchase.secure.virtru.com/start/?c=experiment&t=emailtemplate2019-09&s=ccs.collections%40jpmchase.com&p=c0d0aede-7bea-4ead-a752-2d73ef1c7343#v=3.0.0&d=https%3A%2F%2Fapi.virtru.com%2Fstorage%2Fapi%2Fpolicies%2Fc0d0aede-7bea-4ead-a752-2d73ef1c7343%2Fdata%2Fmetadata&dk=1k9dx%2B9Tl5K3SfB3B3irzBa9ZHLb5jXqYy1n7NSx1lE%3D	Get hash	malicious	Unknown	Browse	34.160.98.162
	F1G5BkUV74.dll	Get hash	malicious	Wannacry	Browse	33.175.236.126
	ruXU7wj3X9.dll	Get hash	malicious	Wannacry	Browse	56.59.202.1
	YZJG8NuHEP.dll	Get hash	malicious	Wannacry	Browse	51.209.245.1
	http://monitor.linkwhat.com/tl4tl4726Qz107cK770xR10599lj360px17lb07468gl70015oV95328Kn41253VG39381FP5605427918==aru2826664	Get hash	malicious	Phisher	Browse	34.149.158.220
	hsmSW6Eifl.dll	Get hash	malicious	Wannacry	Browse	34.1.98.1
	FjSrGs0AE2.dll	Get hash	malicious	Wannacry	Browse	51.243.90.42

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
6271f898ce5be7dd52b0fc260d0662b3	DHL AWB CUSTOM CLEARANCE.xls	Get hash	malicious	Unknown	Browse	150.171.28.10
	DHL AWB CUSTOM CLEARANCE.xls	Get hash	malicious	Unknown	Browse	150.171.28.10
	https://forrestore.com/static/apps/437.zip	Get hash	malicious	Unknown	Browse	150.171.28.10
	q9JZUaS1Gy.doc	Get hash	malicious	Unknown	Browse	150.171.28.10
	P-04071A.xls	Get hash	malicious	Unknown	Browse	150.171.28.10
	P-04071A.xls	Get hash	malicious	Unknown	Browse	150.171.28.10
	https://delicate-twilight-4fcb7a.netlify.app/	Get hash	malicious	Unknown	Browse	150.171.28.10
	http://latamavuelospromosco.com/	Get hash	malicious	Unknown	Browse	150.171.28.10
	https://pub-ce1f93897bdf44e9b1cd99ad0325c570.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	150.171.28.10
	statement.doc	Get hash	malicious	KnowBe4	Browse	150.171.28.10

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.726315727173146
Encrypted:	false
SSDEEP:	1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0Z:9JZj5MiKNnNhoxuI
MD5:	DEE70E4A056E22B86F40BBC9AD2989EE
SHA1:	1EE2F14E886913C38DC1DC0114622D77E0B46CD2
SHA-256:	0466492E28EAE0148567B537B3F28F5CC5C4EC427353DE145702A4AE26B953DF
SHA-512:	1DF1BC944F479E44EFCC8950AE8B45191D41C0BF70B2D9BAF2A40C71787834D950F438EE3A655077037BEE25F1A7B26A4845697EF7DE3243F9D331B9300F692A
Malicious:	false
Reputation:	low
Preview:	...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage user DataBase, version 0x620, checksum 0x95619a1d, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7555616957886023
Encrypted:	false
SSDEEP:	1536:1SB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:1azaSvGJzYj2UlmOlOL
MD5:	08B232C1D953EE2A6A607681E1F029ED
SHA1:	7DFA06053B7FAC855FBA680B0EAB54C349805A49
SHA-256:	8628F46F70490958E82CC8D938DA08FE217A20C5718532F02E9CBCA18A127193
SHA-512:	E9E8E41FEAB75CE52723FB8AE066AA643018B966C2A4B55EA20865160FD1D8877054731BF7B6AC7E845AA1174B273E6C1589C951E896A8E4C0006E1B958FA78A
Malicious:	false
Reputation:	low
Preview:	.a..... .......7.......X\...;...{......................0.e......!...{?..5...}..h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{...................................>...5...}/...................k..5...}/..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07967290506449429
Encrypted:	false
SSDEEP:	3:GCtEYeAxfvvfNaAPaU1lIxxqkYwlalluxmO+l/SNxOf:AzufPNDPaUQWkYwAgmOH
MD5:	E94D897A9567D7B106061C21E4C5A6E0
SHA1:	9A55ACA9E8BFBB58FDA838047820A8EF798F169F
SHA-256:	61A1DCD432D828B363D68806951568415EA852FE615902F06C7344DAF2CFDD44
SHA-512:	C20B64E603E5825B7CE72C110DD11FA3287969F68BA30ED442341927B1C4C451F661424E437DD9421F5B191A1A32E23B5C8F6B2F8F6289E0B74BF476BDA4EA98
Malicious:	false
Preview:	.D.2.....................................;...{...5...}/..!...{?..........!...{?..!...{?..g...!...{?...................k..5...}/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\WINDOWS\qeriuwjhrf (copy)

Download File

Process:	C:\Windows\mssecsvr.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2061938
Entropy (8bit):	7.992584937288453
Encrypted:	true
SSDEEP:	49152:heMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvm:hePoBhz1aRxcSUDk36SAEdhvm
MD5:	55C8302ECD9451E1F72D094B09D4A9FC
SHA1:	E3081D0C1DE2A0D8D2F0CC1F8395689097A78EFB
SHA-256:	A6B35730CFE4B3032587AE1D61754CBFF64064CDAFA4CBAB82262AA0DFBC5EEB
SHA-512:	B6C38275F8158429C15ED2698CBFB953E195A65DE73132652620383AD3C33AEBF03544431F518C8E23B1E218D6029D54266338FA838696E342BEEA3AFA826527
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 97%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&K.WG%.WG%.WG%.^?..LG%.^?...G%.^?..BG%.WG$.G%.^?..0G%.^?..VG%.^?..VG%.^?..VG%.RichWG%.................PE..L......U..........................................@..........................`......................................p...3............ ..(9..............................................................@............................................text.............................. ..`.rdata...P.......R..................@..@.data...(...........................@....rsrc...(9... ...:..................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\tasksche.exe

Download File

Process:	C:\Windows\mssecsvr.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2061938
Entropy (8bit):	7.992584937288453
Encrypted:	true
SSDEEP:	49152:heMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvm:hePoBhz1aRxcSUDk36SAEdhvm
MD5:	55C8302ECD9451E1F72D094B09D4A9FC
SHA1:	E3081D0C1DE2A0D8D2F0CC1F8395689097A78EFB
SHA-256:	A6B35730CFE4B3032587AE1D61754CBFF64064CDAFA4CBAB82262AA0DFBC5EEB
SHA-512:	B6C38275F8158429C15ED2698CBFB953E195A65DE73132652620383AD3C33AEBF03544431F518C8E23B1E218D6029D54266338FA838696E342BEEA3AFA826527
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: C:\Windows\tasksche.exe, Author: Joe Security Rule: WannaCry_Ransomware, Description: Detects WannaCry Ransomware, Source: C:\Windows\tasksche.exe, Author: Florian Roth (with the help of binar.ly) Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: C:\Windows\tasksche.exe, Author: us-cert code analysis team
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 97%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&K.WG%.WG%.WG%.^?..LG%.^?...G%.^?..BG%.WG$.G%.^?..0G%.^?..VG%.^?..VG%.^?..VG%.RichWG%.................PE..L......U..........................................@..........................`......................................p...3............ ..(9..............................................................@............................................text.............................. ..`.rdata...P.......R..................@..@.data...(...........................@....rsrc...(9... ...:..................@..@........................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	4.325166765591709
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	GUtEaDsc9X.dll
File size:	5'267'459 bytes
MD5:	068b5cf6bfdd3adb07561b32450d49a2
SHA1:	316640df0e3494acdf6fd97f9696d91b8bb7fd51
SHA256:	dcbd3a53b07724b50a4a10f75d73be3ad7d427046486f35ceec3aff041a87657
SHA512:	251fc96701693cc753a623600e3c3c8e1f6925739ed530f6edb0fc22882f8086f59004537c50078f036c2a310763b9c8b7ba89e18ef226ff18bf40a77c14348c
SSDEEP:	49152:RnHeMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnv:1HePoBhz1aRxcSUDk36SAEdhv
TLSH:	7D363399717C91FCD10519B444ABCA23B2B23C6E26FE6E0F9F4049761D43B5AFB90B42
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.r_9...9...9.......=...9...6.....A.:.......8.......8.......:...Rich9...........................PE..L...QW.Y...........!.......

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x100011e9
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
DLL Characteristics:
Time Stamp:	0x59145751 [Thu May 11 12:21:37 2017 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2e5708ae5fed0403e8117c645fb23e5b

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push ebx
mov ebx, dword ptr [ebp+08h]
push esi
mov esi, dword ptr [ebp+0Ch]
push edi
mov edi, dword ptr [ebp+10h]
test esi, esi
jne 00007F3A98BCE5BBh
cmp dword ptr [10003140h], 00000000h
jmp 00007F3A98BCE5D8h
cmp esi, 01h
je 00007F3A98BCE5B7h
cmp esi, 02h
jne 00007F3A98BCE5D4h
mov eax, dword ptr [10003150h]
test eax, eax
je 00007F3A98BCE5BBh
push edi
push esi
push ebx
call eax
test eax, eax
je 00007F3A98BCE5BEh
push edi
push esi
push ebx
call 00007F3A98BCE4CAh
test eax, eax
jne 00007F3A98BCE5B6h
xor eax, eax
jmp 00007F3A98BCE600h
push edi
push esi
push ebx
call 00007F3A98BCE37Ch
cmp esi, 01h
mov dword ptr [ebp+0Ch], eax
jne 00007F3A98BCE5BEh
test eax, eax
jne 00007F3A98BCE5E9h
push edi
push eax
push ebx
call 00007F3A98BCE4A6h
test esi, esi
je 00007F3A98BCE5B7h
cmp esi, 03h
jne 00007F3A98BCE5D8h
push edi
push esi
push ebx
call 00007F3A98BCE495h
test eax, eax
jne 00007F3A98BCE5B5h
and dword ptr [ebp+0Ch], eax
cmp dword ptr [ebp+0Ch], 00000000h
je 00007F3A98BCE5C3h
mov eax, dword ptr [10003150h]
test eax, eax
je 00007F3A98BCE5BAh
push edi
push esi
push ebx
call eax
mov dword ptr [ebp+0Ch], eax
mov eax, dword ptr [ebp+0Ch]
pop edi
pop esi
pop ebx
pop ebp
retn 000Ch
jmp dword ptr [10002028h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[ C ] VS98 (6.0) build 8168
[C++] VS98 (6.0) build 8168
[RES] VS98 (6.0) cvtres build 1720
[LNK] VS98 (6.0) imp/exp build 8168

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2190	0x48	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x203c	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x500060	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x505000	0x5c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x28c	0x1000	8de9a2cb31e4c74bd008b871d14bfafc	False	0.13037109375	data	1.4429971244731552	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2000	0x1d8	0x1000	3dd394f95ab218593f2bc8eb65184db4	False	0.072509765625	data	0.7346018133622799	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3000	0x154	0x1000	9b27c3f254416f775f5a51102ef8fb84	False	0.016845703125	Matlab v4 mat-file (little endian) C:\%s\%s, numeric, rows 0, columns 0	0.085726967663312	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x4000	0x500060	0x501000	3827e57415ac2b3744662b215d1e9513	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x505000	0x2ac	0x1000	620f0b67a91f7f74151bc5be745b7110	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
W	0x4060	0x500000	data	English	United States	0.8790616989135742

Imports

DLL	Import
KERNEL32.dll	CloseHandle, WriteFile, CreateFileA, SizeofResource, LockResource, LoadResource, FindResourceA, CreateProcessA
MSVCRT.dll	free, _initterm, malloc, _adjust_fdiv, sprintf

Exports

Name	Ordinal	Address
PlayGame	1	0x10001114

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-15T02:52:21.806843+0100	2830018	ETPRO MALWARE Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)	1	192.168.2.6	53119	1.1.1.1	53	UDP
2025-01-15T02:52:22.716548+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49760	103.224.212.215	80	TCP
2025-01-15T02:52:24.331004+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49772	103.224.212.215	80	TCP
2025-01-15T02:54:30.791606+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50650	103.224.212.215	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 02:52:16.733941078 CET	49674	443	192.168.2.6	173.222.162.64
Jan 15, 2025 02:52:16.733961105 CET	49673	443	192.168.2.6	173.222.162.64
Jan 15, 2025 02:52:17.046448946 CET	49672	443	192.168.2.6	173.222.162.64
Jan 15, 2025 02:52:22.117706060 CET	49760	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:22.122570992 CET	80	49760	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:22.122760057 CET	49760	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:22.123343945 CET	49760	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:22.128063917 CET	80	49760	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:22.716481924 CET	80	49760	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:22.716492891 CET	80	49760	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:22.716547966 CET	49760	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:22.720963001 CET	49760	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:22.725855112 CET	80	49760	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:23.058684111 CET	49766	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:23.063719034 CET	80	49766	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:23.063960075 CET	49766	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:23.064048052 CET	49766	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:23.069700956 CET	80	49766	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:23.547317982 CET	80	49766	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:23.547334909 CET	80	49766	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:23.547456026 CET	49766	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:23.551564932 CET	49766	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:23.551565886 CET	49766	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:23.700426102 CET	49772	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:23.705373049 CET	80	49772	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:23.705750942 CET	49772	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:23.706012011 CET	49772	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:23.710771084 CET	80	49772	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:24.330926895 CET	80	49772	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:24.331003904 CET	49772	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:24.331052065 CET	80	49772	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:24.331161022 CET	49772	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:24.334846973 CET	49772	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:24.336112022 CET	49777	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:24.339615107 CET	80	49772	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:24.340997934 CET	80	49777	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:24.341094017 CET	49777	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:24.341330051 CET	49777	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:24.346189022 CET	80	49777	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:24.830851078 CET	49779	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:24.835805893 CET	80	49779	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:24.835897923 CET	49779	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:24.836139917 CET	49779	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:24.840944052 CET	80	49779	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:24.845679998 CET	80	49777	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:24.845716000 CET	80	49777	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:24.845757008 CET	49777	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:24.845788002 CET	49777	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:24.902885914 CET	49777	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:24.902909994 CET	49777	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:25.226308107 CET	49785	445	192.168.2.6	147.174.249.143
Jan 15, 2025 02:52:25.231116056 CET	445	49785	147.174.249.143	192.168.2.6
Jan 15, 2025 02:52:25.231187105 CET	49785	445	192.168.2.6	147.174.249.143
Jan 15, 2025 02:52:25.231776953 CET	49785	445	192.168.2.6	147.174.249.143
Jan 15, 2025 02:52:25.231955051 CET	49786	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:25.236613989 CET	445	49785	147.174.249.143	192.168.2.6
Jan 15, 2025 02:52:25.236681938 CET	49785	445	192.168.2.6	147.174.249.143
Jan 15, 2025 02:52:25.236762047 CET	445	49786	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:25.237194061 CET	49786	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:25.238495111 CET	49786	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:25.240678072 CET	49787	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:25.243307114 CET	445	49786	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:25.243393898 CET	49786	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:25.245614052 CET	445	49787	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:25.245680094 CET	49787	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:25.245858908 CET	49787	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:25.250941992 CET	445	49787	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:25.425900936 CET	80	49779	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:25.425935984 CET	80	49779	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:25.426023960 CET	49779	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:25.426023960 CET	49779	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:25.432987928 CET	49779	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:52:25.434031010 CET	49791	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:25.437735081 CET	80	49779	103.224.212.215	192.168.2.6
Jan 15, 2025 02:52:25.438832045 CET	80	49791	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:25.438961029 CET	49791	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:25.439827919 CET	49791	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:25.444591999 CET	80	49791	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:25.902156115 CET	80	49791	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:25.902173042 CET	80	49791	199.59.243.228	192.168.2.6
Jan 15, 2025 02:52:25.902297020 CET	49791	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:25.909666061 CET	49791	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:25.909719944 CET	49791	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:52:26.343235970 CET	49673	443	192.168.2.6	173.222.162.64
Jan 15, 2025 02:52:26.343318939 CET	49674	443	192.168.2.6	173.222.162.64
Jan 15, 2025 02:52:26.655747890 CET	49672	443	192.168.2.6	173.222.162.64
Jan 15, 2025 02:52:27.220521927 CET	49821	445	192.168.2.6	117.78.75.219
Jan 15, 2025 02:52:27.225375891 CET	445	49821	117.78.75.219	192.168.2.6
Jan 15, 2025 02:52:27.227971077 CET	49821	445	192.168.2.6	117.78.75.219
Jan 15, 2025 02:52:27.228010893 CET	49821	445	192.168.2.6	117.78.75.219
Jan 15, 2025 02:52:27.228476048 CET	49822	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:27.232954025 CET	445	49821	117.78.75.219	192.168.2.6
Jan 15, 2025 02:52:27.233304024 CET	445	49822	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:27.233362913 CET	49821	445	192.168.2.6	117.78.75.219
Jan 15, 2025 02:52:27.233442068 CET	49822	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:27.233490944 CET	49822	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:27.237049103 CET	49823	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:27.238493919 CET	445	49822	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:27.238838911 CET	49822	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:27.241942883 CET	445	49823	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:27.243900061 CET	49823	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:27.243977070 CET	49823	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:27.248775005 CET	445	49823	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:28.300237894 CET	443	49709	173.222.162.64	192.168.2.6
Jan 15, 2025 02:52:28.300352097 CET	49709	443	192.168.2.6	173.222.162.64
Jan 15, 2025 02:52:29.235979080 CET	49861	445	192.168.2.6	48.84.84.242
Jan 15, 2025 02:52:29.240920067 CET	445	49861	48.84.84.242	192.168.2.6
Jan 15, 2025 02:52:29.241158962 CET	49861	445	192.168.2.6	48.84.84.242
Jan 15, 2025 02:52:29.247143030 CET	49861	445	192.168.2.6	48.84.84.242
Jan 15, 2025 02:52:29.247905970 CET	49862	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:29.252135992 CET	445	49861	48.84.84.242	192.168.2.6
Jan 15, 2025 02:52:29.252207994 CET	49861	445	192.168.2.6	48.84.84.242
Jan 15, 2025 02:52:29.252774954 CET	445	49862	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:29.252849102 CET	49862	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:29.252897978 CET	49862	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:29.254131079 CET	49863	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:29.257865906 CET	445	49862	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:29.257961988 CET	49862	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:29.259006023 CET	445	49863	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:29.259082079 CET	49863	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:29.259156942 CET	49863	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:29.263952971 CET	445	49863	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:31.251605034 CET	49893	445	192.168.2.6	70.83.190.160
Jan 15, 2025 02:52:31.256463051 CET	445	49893	70.83.190.160	192.168.2.6
Jan 15, 2025 02:52:31.256576061 CET	49893	445	192.168.2.6	70.83.190.160
Jan 15, 2025 02:52:31.256633997 CET	49893	445	192.168.2.6	70.83.190.160
Jan 15, 2025 02:52:31.256923914 CET	49894	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:31.261630058 CET	445	49893	70.83.190.160	192.168.2.6
Jan 15, 2025 02:52:31.261714935 CET	445	49894	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:31.261749029 CET	49893	445	192.168.2.6	70.83.190.160
Jan 15, 2025 02:52:31.261816025 CET	49894	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:31.261899948 CET	49894	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:31.263271093 CET	49895	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:31.266880035 CET	445	49894	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:31.266949892 CET	49894	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:31.268161058 CET	445	49895	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:31.268318892 CET	49895	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:31.268318892 CET	49895	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:31.273221016 CET	445	49895	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:33.266266108 CET	49927	445	192.168.2.6	88.17.75.220
Jan 15, 2025 02:52:33.271104097 CET	445	49927	88.17.75.220	192.168.2.6
Jan 15, 2025 02:52:33.271204948 CET	49927	445	192.168.2.6	88.17.75.220
Jan 15, 2025 02:52:33.271204948 CET	49927	445	192.168.2.6	88.17.75.220
Jan 15, 2025 02:52:33.271384954 CET	49928	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:33.276209116 CET	445	49928	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:33.276221037 CET	445	49927	88.17.75.220	192.168.2.6
Jan 15, 2025 02:52:33.276290894 CET	49927	445	192.168.2.6	88.17.75.220
Jan 15, 2025 02:52:33.276310921 CET	49928	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:33.276312113 CET	49928	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:33.277236938 CET	49929	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:33.281305075 CET	445	49928	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:33.281373024 CET	49928	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:33.282001019 CET	445	49929	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:33.282097101 CET	49929	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:33.282097101 CET	49929	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:33.286876917 CET	445	49929	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:35.282216072 CET	49960	445	192.168.2.6	113.99.161.80
Jan 15, 2025 02:52:35.428796053 CET	445	49960	113.99.161.80	192.168.2.6
Jan 15, 2025 02:52:35.428864002 CET	49960	445	192.168.2.6	113.99.161.80
Jan 15, 2025 02:52:35.428963900 CET	49960	445	192.168.2.6	113.99.161.80
Jan 15, 2025 02:52:35.429152966 CET	49964	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:35.435812950 CET	445	49964	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:35.435874939 CET	49964	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:35.435961008 CET	445	49960	113.99.161.80	192.168.2.6
Jan 15, 2025 02:52:35.436014891 CET	49960	445	192.168.2.6	113.99.161.80
Jan 15, 2025 02:52:35.437314987 CET	49964	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:35.442281008 CET	445	49964	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:35.442326069 CET	49964	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:35.444420099 CET	49966	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:35.449137926 CET	445	49966	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:35.449197054 CET	49966	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:35.449250937 CET	49966	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:35.454071045 CET	445	49966	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:37.297022104 CET	49996	445	192.168.2.6	134.252.241.191
Jan 15, 2025 02:52:37.302176952 CET	445	49996	134.252.241.191	192.168.2.6
Jan 15, 2025 02:52:37.302339077 CET	49996	445	192.168.2.6	134.252.241.191
Jan 15, 2025 02:52:37.302339077 CET	49996	445	192.168.2.6	134.252.241.191
Jan 15, 2025 02:52:37.302536011 CET	49997	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:37.307379961 CET	445	49997	134.252.241.1	192.168.2.6
Jan 15, 2025 02:52:37.307426929 CET	445	49996	134.252.241.191	192.168.2.6
Jan 15, 2025 02:52:37.307502985 CET	49996	445	192.168.2.6	134.252.241.191
Jan 15, 2025 02:52:37.307507038 CET	49997	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:37.307591915 CET	49997	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:37.307986021 CET	49998	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:37.312510967 CET	445	49997	134.252.241.1	192.168.2.6
Jan 15, 2025 02:52:37.312566042 CET	49997	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:37.312891960 CET	445	49998	134.252.241.1	192.168.2.6
Jan 15, 2025 02:52:37.312997103 CET	49998	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:37.313014030 CET	49998	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:37.317765951 CET	445	49998	134.252.241.1	192.168.2.6
Jan 15, 2025 02:52:39.312418938 CET	50036	445	192.168.2.6	44.142.202.224
Jan 15, 2025 02:52:39.317238092 CET	445	50036	44.142.202.224	192.168.2.6
Jan 15, 2025 02:52:39.317450047 CET	50036	445	192.168.2.6	44.142.202.224
Jan 15, 2025 02:52:39.317451000 CET	50036	445	192.168.2.6	44.142.202.224
Jan 15, 2025 02:52:39.317472935 CET	50037	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:52:39.322324038 CET	445	50037	44.142.202.1	192.168.2.6
Jan 15, 2025 02:52:39.322396040 CET	50037	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:52:39.322434902 CET	50037	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:52:39.322463989 CET	445	50036	44.142.202.224	192.168.2.6
Jan 15, 2025 02:52:39.322525024 CET	50036	445	192.168.2.6	44.142.202.224
Jan 15, 2025 02:52:39.322716951 CET	50038	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:52:39.327370882 CET	445	50037	44.142.202.1	192.168.2.6
Jan 15, 2025 02:52:39.327447891 CET	50037	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:52:39.327461958 CET	445	50038	44.142.202.1	192.168.2.6
Jan 15, 2025 02:52:39.327584982 CET	50038	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:52:39.327584982 CET	50038	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:52:39.332344055 CET	445	50038	44.142.202.1	192.168.2.6
Jan 15, 2025 02:52:41.352875948 CET	50068	445	192.168.2.6	79.149.62.181
Jan 15, 2025 02:52:41.357845068 CET	445	50068	79.149.62.181	192.168.2.6
Jan 15, 2025 02:52:41.357937098 CET	50068	445	192.168.2.6	79.149.62.181
Jan 15, 2025 02:52:41.360250950 CET	50068	445	192.168.2.6	79.149.62.181
Jan 15, 2025 02:52:41.360759020 CET	50069	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:52:41.366178036 CET	445	50068	79.149.62.181	192.168.2.6
Jan 15, 2025 02:52:41.366200924 CET	445	50069	79.149.62.1	192.168.2.6
Jan 15, 2025 02:52:41.366255045 CET	50068	445	192.168.2.6	79.149.62.181
Jan 15, 2025 02:52:41.366321087 CET	50069	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:52:41.367311001 CET	50069	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:52:41.367511034 CET	50070	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:52:41.372167110 CET	445	50069	79.149.62.1	192.168.2.6
Jan 15, 2025 02:52:41.372216940 CET	50069	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:52:41.372407913 CET	445	50070	79.149.62.1	192.168.2.6
Jan 15, 2025 02:52:41.372467041 CET	50070	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:52:41.374228954 CET	50070	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:52:41.379060984 CET	445	50070	79.149.62.1	192.168.2.6
Jan 15, 2025 02:52:43.360568047 CET	50100	445	192.168.2.6	8.114.55.147
Jan 15, 2025 02:52:43.365582943 CET	445	50100	8.114.55.147	192.168.2.6
Jan 15, 2025 02:52:43.365916014 CET	50100	445	192.168.2.6	8.114.55.147
Jan 15, 2025 02:52:43.365916014 CET	50100	445	192.168.2.6	8.114.55.147
Jan 15, 2025 02:52:43.366055965 CET	50101	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:52:43.370789051 CET	445	50100	8.114.55.147	192.168.2.6
Jan 15, 2025 02:52:43.370877981 CET	445	50101	8.114.55.1	192.168.2.6
Jan 15, 2025 02:52:43.370938063 CET	50100	445	192.168.2.6	8.114.55.147
Jan 15, 2025 02:52:43.370959044 CET	50101	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:52:43.371042013 CET	50101	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:52:43.371336937 CET	50102	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:52:43.375909090 CET	445	50101	8.114.55.1	192.168.2.6
Jan 15, 2025 02:52:43.376009941 CET	50101	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:52:43.376200914 CET	445	50102	8.114.55.1	192.168.2.6
Jan 15, 2025 02:52:43.376275063 CET	50102	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:52:43.376317024 CET	50102	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:52:43.381125927 CET	445	50102	8.114.55.1	192.168.2.6
Jan 15, 2025 02:52:45.374861002 CET	50131	445	192.168.2.6	102.114.25.98
Jan 15, 2025 02:52:45.379826069 CET	445	50131	102.114.25.98	192.168.2.6
Jan 15, 2025 02:52:45.379919052 CET	50131	445	192.168.2.6	102.114.25.98
Jan 15, 2025 02:52:45.379980087 CET	50131	445	192.168.2.6	102.114.25.98
Jan 15, 2025 02:52:45.380160093 CET	50132	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:52:45.385804892 CET	445	50132	102.114.25.1	192.168.2.6
Jan 15, 2025 02:52:45.385837078 CET	445	50131	102.114.25.98	192.168.2.6
Jan 15, 2025 02:52:45.385875940 CET	50132	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:52:45.385901928 CET	50131	445	192.168.2.6	102.114.25.98
Jan 15, 2025 02:52:45.385994911 CET	50132	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:52:45.386392117 CET	50134	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:52:45.391746998 CET	445	50132	102.114.25.1	192.168.2.6
Jan 15, 2025 02:52:45.391851902 CET	50132	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:52:45.391937017 CET	445	50134	102.114.25.1	192.168.2.6
Jan 15, 2025 02:52:45.392030954 CET	50134	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:52:45.392030954 CET	50134	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:52:45.397542000 CET	445	50134	102.114.25.1	192.168.2.6
Jan 15, 2025 02:52:46.606966972 CET	445	49787	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:46.607033968 CET	49787	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:46.607137918 CET	49787	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:46.607234001 CET	49787	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:46.611974001 CET	445	49787	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:46.612055063 CET	445	49787	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:47.391393900 CET	50169	445	192.168.2.6	114.249.64.73
Jan 15, 2025 02:52:47.396292925 CET	445	50169	114.249.64.73	192.168.2.6
Jan 15, 2025 02:52:47.396370888 CET	50169	445	192.168.2.6	114.249.64.73
Jan 15, 2025 02:52:47.396507025 CET	50169	445	192.168.2.6	114.249.64.73
Jan 15, 2025 02:52:47.396584034 CET	50170	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:52:47.401349068 CET	445	50169	114.249.64.73	192.168.2.6
Jan 15, 2025 02:52:47.401375055 CET	445	50170	114.249.64.1	192.168.2.6
Jan 15, 2025 02:52:47.401395082 CET	50169	445	192.168.2.6	114.249.64.73
Jan 15, 2025 02:52:47.401442051 CET	50170	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:52:47.401735067 CET	50170	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:52:47.401735067 CET	50171	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:52:47.406573057 CET	445	50170	114.249.64.1	192.168.2.6
Jan 15, 2025 02:52:47.406586885 CET	445	50171	114.249.64.1	192.168.2.6
Jan 15, 2025 02:52:47.406641006 CET	50170	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:52:47.406677961 CET	50171	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:52:47.406702995 CET	50171	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:52:47.411565065 CET	445	50171	114.249.64.1	192.168.2.6
Jan 15, 2025 02:52:47.505811930 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.505826950 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:47.505985022 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.506654024 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.506669044 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:47.506705999 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.506717920 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:47.506864071 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.507765055 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.507777929 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:47.530633926 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.530644894 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:47.530797958 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.534562111 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.534573078 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:47.553637981 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.553647995 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:47.553795099 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.554169893 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:47.554181099 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.074783087 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.074857950 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.075412989 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.075570107 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.106894970 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.106981039 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.109225988 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.109306097 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.135870934 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.135885954 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.136388063 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.136396885 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.136439085 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.136450052 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.136590958 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.136596918 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.136652946 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.136668921 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.136809111 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.136817932 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.136838913 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.136850119 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.136923075 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.137001991 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.137012959 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.137017965 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.137072086 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.137115002 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.137361050 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.137525082 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.137567997 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.137631893 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.239360094 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.239408970 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.239434958 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.239453077 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.239469051 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.239533901 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.239535093 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.239573002 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.239636898 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.239636898 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.244987011 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.245021105 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.245038033 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.245064020 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.245074034 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.245096922 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.245140076 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.326309919 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.326385021 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.326419115 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.326442957 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.326467037 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.326486111 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.326742887 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.326790094 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.326814890 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.326822996 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.326867104 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.326867104 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.331568956 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.331590891 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.331634045 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.331648111 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.331661940 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.331876040 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.333539963 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.333559036 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.333587885 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.333595991 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.333617926 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.333632946 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.354219913 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.354276896 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.354314089 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.354331970 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.354346991 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.354374886 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.354696035 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.354757071 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.354824066 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.354851007 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.354892015 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.355233908 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.355256081 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.355298042 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.355333090 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.355338097 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.355539083 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.355560064 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.355598927 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.355601072 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.355638027 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.355644941 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.356002092 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.356065035 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.356070042 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.356539011 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.356602907 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.411973000 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.412048101 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.412101030 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.412115097 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.412134886 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.412157059 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.412214994 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.412271023 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.412326097 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.412326097 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.412333965 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.412446976 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.413616896 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.413675070 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.413718939 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.413724899 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.413774014 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.413774014 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.413945913 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.413991928 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.414051056 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.414051056 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.414057970 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.414134979 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.422068119 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.422086954 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.422147989 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.422164917 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.422203064 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.423000097 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.423016071 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.423058033 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.423062086 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.423084974 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.423099041 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.423476934 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.423494101 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.423531055 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.423536062 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.423557997 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.423574924 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.425049067 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.425065041 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.425100088 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.425106049 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.425131083 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.425146103 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.437784910 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.437820911 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.437858105 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.437871933 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.437902927 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.437912941 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.437927961 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.437961102 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.437973022 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.437999964 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.438039064 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.438062906 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.438066959 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.438092947 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.438112020 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.438141108 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.438149929 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.438191891 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.439378023 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.439440966 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.439448118 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.439490080 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.439888000 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.439941883 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.439950943 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.439990997 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.440392971 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.440460920 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.440468073 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.440747976 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.440757036 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.440815926 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.440824032 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.440874100 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.496690035 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.496761084 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.496809959 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.496824026 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.496848106 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.496912956 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.497400999 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.497445107 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.497476101 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.497492075 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.497534037 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.497534037 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.498174906 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.498223066 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.498306990 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.498306990 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.498315096 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.498440981 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.498956919 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.498997927 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.499090910 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.499090910 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.499099016 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.499227047 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.499954939 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.499996901 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.500046968 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.500053883 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.500092030 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.500092030 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.500901937 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.500945091 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.501029015 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.501029015 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.501036882 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.501291037 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.501854897 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.501895905 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.501936913 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.501944065 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.501972914 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.502058029 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.510766983 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.510803938 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.510853052 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.510857105 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.510907888 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.511210918 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.511228085 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.511260986 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.511270046 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.511295080 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.511305094 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.511935949 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.511959076 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.511995077 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.512001038 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.512025118 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.512039900 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.512923956 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.512944937 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.512976885 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.512981892 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.513029099 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.513808966 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.513824940 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.513865948 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.513870955 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.513900995 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.513917923 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.514815092 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.514831066 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.514883041 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.514888048 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.514942884 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.515700102 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.515719891 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.515793085 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.515796900 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.515830994 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.523372889 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.523457050 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.523463011 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.523530006 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.523844957 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.523845911 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.523914099 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.523936987 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.523962021 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.523968935 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.523972034 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524014950 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524369001 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.524378061 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.524446011 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524445057 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524451971 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.524456024 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.524487019 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524508953 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524538040 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.524600029 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524605989 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.524733067 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.524988890 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.525043964 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.525053024 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.525089025 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.525542021 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.525603056 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.525609016 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.525610924 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.525667906 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.525671005 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.525680065 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.525727034 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.526542902 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.526598930 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.526611090 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.526618958 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.526653051 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.526663065 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.526669979 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.526700974 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.527451038 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.527523994 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.527529955 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.527565002 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.527597904 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.527632952 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.527642965 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.527674913 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.527683020 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.527707100 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.527738094 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.527762890 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.527769089 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.527808905 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.528373003 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.528466940 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.528475046 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.528516054 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.566186905 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.566307068 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.566313982 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.566359997 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.583524942 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.583590984 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.583633900 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.583650112 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.583702087 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.583702087 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.583794117 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.583846092 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.583862066 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.583877087 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.583924055 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.583924055 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.583997965 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.584048033 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.584058046 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.584079027 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.584132910 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.584132910 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.584178925 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.584223986 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.584254980 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.584274054 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.584311962 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.584311962 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588182926 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588226080 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588273048 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588280916 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588326931 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588326931 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588584900 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588625908 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588701010 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588701010 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588709116 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588749886 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588784933 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588836908 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588870049 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588876963 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.588921070 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.588921070 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.589004993 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.589055061 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.589103937 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.589111090 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.589221954 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.589221954 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.600864887 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.600884914 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.600948095 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.600955963 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.601011038 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.601300955 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.601320982 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.601376057 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.601382017 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.601460934 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.601866007 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.601881981 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.601917028 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.601922035 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.601943970 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.601963997 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.602066994 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602087021 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602114916 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.602123022 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602148056 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.602161884 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.602727890 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602744102 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602792978 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.602797031 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602828026 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602844954 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.602849007 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602859974 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.602878094 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.602912903 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.603733063 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.603750944 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.603787899 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.603794098 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.603817940 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.603838921 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.610035896 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.610114098 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.610121012 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.610219955 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.610430002 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.610491991 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.610498905 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.610611916 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.610878944 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.610946894 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.610953093 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.610991955 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.610995054 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611080885 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611085892 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611084938 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611102104 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611103058 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611157894 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611161947 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611232042 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611298084 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611305952 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611345053 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611478090 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611541986 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611547947 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611624002 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611766100 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611824036 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.611829996 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.611870050 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.612799883 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.612883091 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.612890959 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.612927914 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.612997055 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613054991 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613063097 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613110065 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613111973 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613167048 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613173962 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613178968 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613230944 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613233089 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613240004 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613253117 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613265991 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613285065 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613292933 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613318920 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613321066 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613325119 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613342047 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613347054 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613372087 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613382101 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613451004 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613519907 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613526106 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613563061 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613568068 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613596916 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613631010 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613642931 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613646984 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613683939 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613750935 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613753080 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613761902 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613804102 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613806963 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613831043 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.613862991 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613887072 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.613892078 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.614003897 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.614487886 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.614554882 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.614562035 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.614619970 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.614682913 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.614696026 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.614736080 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.614799976 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.614806890 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.614856958 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.616111040 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.616192102 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.616200924 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.616223097 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.616251945 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.616261005 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.616277933 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.616307020 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.616919994 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.616987944 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.617002010 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617043972 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.617046118 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617069006 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617101908 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.617130041 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.617135048 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617268085 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.617798090 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617862940 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.617872000 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617908955 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.617918015 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617939949 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.617993116 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.618007898 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.618012905 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.618052006 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.621659040 CET	445	49823	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:48.621747017 CET	49823	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:48.621778011 CET	49823	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:48.621834993 CET	49823	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:48.626631975 CET	445	49823	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:48.626641035 CET	445	49823	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:48.647270918 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.647325993 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.647336960 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.647362947 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.647389889 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.647423983 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.653266907 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.653327942 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.653333902 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.653376102 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.653587103 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.653644085 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.653654099 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.653815985 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.670769930 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.670838118 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.670902967 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.670913935 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.670953989 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.670953989 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671066046 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671112061 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671130896 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671139956 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671169996 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671184063 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671350956 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671395063 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671472073 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671472073 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671479940 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671766043 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671837091 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671891928 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671911001 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671917915 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.671967030 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.671967030 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.672050953 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.672147036 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.672153950 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.672225952 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.672230005 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.672292948 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.685286999 CET	50176	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.685307980 CET	443	50176	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.692019939 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.692044020 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.692101955 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.692111969 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.692148924 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.692164898 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.692348003 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.692413092 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.692426920 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.692446947 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.696252108 CET	50177	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.696269035 CET	443	50177	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.696722984 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.696791887 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.696800947 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.696856022 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.696974039 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697037935 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697045088 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697109938 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697168112 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697174072 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697211027 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697235107 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697302103 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697308064 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697391987 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697444916 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697451115 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697479010 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697655916 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697724104 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697731018 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697745085 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697766066 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697798967 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697805882 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697870970 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697871923 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.697881937 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.697967052 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.698406935 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.698465109 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.698473930 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.698508978 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.698594093 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.698594093 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.698618889 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.698669910 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.698679924 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.698688030 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.698760986 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.698791027 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.698831081 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699083090 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699150085 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699158907 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699208021 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699218035 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699244976 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699301004 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699309111 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699388981 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699398994 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699412107 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699440002 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699464083 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699469090 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699595928 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699647903 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699662924 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699671030 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699702024 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699709892 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699726105 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699752092 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699858904 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699915886 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699923992 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699938059 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.699964046 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.699970007 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700001955 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700007915 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700030088 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700038910 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700081110 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700109959 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700165033 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700191021 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700200081 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700272083 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700432062 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700494051 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700500965 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700526953 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700546026 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700546026 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700568914 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700593948 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700601101 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700613022 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700615883 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700622082 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700635910 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700643063 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700655937 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700678110 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700680017 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700695038 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700746059 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700751066 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700772047 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700778961 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700823069 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700824022 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700841904 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700875998 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700896978 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700902939 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.700948000 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.700952053 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.701711893 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.701786995 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.701795101 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.701833963 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.701905012 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.701961994 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.701967955 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.702013969 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.702024937 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.702059031 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.702061892 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.702099085 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.712521076 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.712590933 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.712661982 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.713699102 CET	50179	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.713715076 CET	443	50179	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.714436054 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.714466095 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:48.720843077 CET	50175	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:48.720861912 CET	443	50175	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.115149975 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.115175962 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.115227938 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.116055012 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.116067886 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.351742029 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.351845980 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.352324963 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.352356911 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.352606058 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.352619886 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.406295061 CET	50214	445	192.168.2.6	222.133.228.110
Jan 15, 2025 02:52:49.411119938 CET	445	50214	222.133.228.110	192.168.2.6
Jan 15, 2025 02:52:49.411189079 CET	50214	445	192.168.2.6	222.133.228.110
Jan 15, 2025 02:52:49.411216021 CET	50214	445	192.168.2.6	222.133.228.110
Jan 15, 2025 02:52:49.411358118 CET	50215	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:52:49.416204929 CET	445	50215	222.133.228.1	192.168.2.6
Jan 15, 2025 02:52:49.416224003 CET	445	50214	222.133.228.110	192.168.2.6
Jan 15, 2025 02:52:49.416279078 CET	50215	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:52:49.416393042 CET	50214	445	192.168.2.6	222.133.228.110
Jan 15, 2025 02:52:49.416393042 CET	50215	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:52:49.416615009 CET	50216	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:52:49.421233892 CET	445	50215	222.133.228.1	192.168.2.6
Jan 15, 2025 02:52:49.421319008 CET	50215	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:52:49.421499014 CET	445	50216	222.133.228.1	192.168.2.6
Jan 15, 2025 02:52:49.421703100 CET	50216	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:52:49.421745062 CET	50216	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:52:49.426510096 CET	445	50216	222.133.228.1	192.168.2.6
Jan 15, 2025 02:52:49.471710920 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.471734047 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.471746922 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.471772909 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.471806049 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.471826077 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.471889019 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.559727907 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.559750080 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.559817076 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.559854984 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.559885025 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.559917927 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.561769009 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.561785936 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.561835051 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.561849117 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.561887026 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.561908007 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.609154940 CET	50220	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:49.613966942 CET	445	50220	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:49.614031076 CET	50220	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:49.614100933 CET	50220	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:52:49.618897915 CET	445	50220	147.174.249.1	192.168.2.6
Jan 15, 2025 02:52:49.639137030 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.639182091 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.639249086 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.639338017 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.639380932 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.639413118 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.648256063 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.648272038 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.648344994 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.648360014 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.648413897 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.649833918 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.649847984 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.650028944 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.650043011 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.650099993 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.651561022 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.651578903 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.651669025 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.651683092 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.651736021 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.679920912 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.679982901 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.680339098 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.680344105 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.680568933 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.680573940 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.727962017 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.728009939 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.728050947 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.728075981 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.728105068 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.728135109 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.729178905 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.729224920 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.729265928 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.729280949 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.729315042 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.729337931 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.737011909 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.737071991 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.737098932 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.737112999 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.737140894 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.737164021 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.737857103 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.737901926 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.737953901 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.737966061 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.737996101 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.738013983 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.739141941 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.739182949 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.739212990 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.739226103 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.739259958 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.739279985 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.742292881 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.742332935 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.742382050 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.742394924 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.742422104 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.742456913 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.742463112 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.742491961 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.742531061 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.742554903 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.742563009 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.742584944 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.742621899 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.742645979 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.816445112 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.816458941 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.816524029 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.816541910 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.816570997 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.816596031 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.817039013 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.817051888 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.817101002 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.817114115 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.817142010 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.817162991 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.825956106 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.825998068 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826051950 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826066017 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826097012 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826122046 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826467991 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826508045 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826539040 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826550961 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826577902 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826620102 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826642990 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826684952 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826704979 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826718092 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.826749086 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.826770067 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.828149080 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.828188896 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.828241110 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.828253031 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.828313112 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.828331947 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.828361988 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.828378916 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.828392982 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.828438044 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.828455925 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.896440983 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.896509886 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.896539927 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.896557093 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.896573067 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.896609068 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.897423983 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.897444963 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.897500992 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.897531986 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.897537947 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.897656918 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.898058891 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.898125887 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.904383898 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.904402018 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.904488087 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.904556990 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.904620886 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.904634953 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.904653072 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.904695988 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.904711008 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.904747963 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.904782057 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.905147076 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.905162096 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.905234098 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.905247927 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.905299902 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.914144993 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.914160013 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.914236069 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.914247990 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.914300919 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.914908886 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.914925098 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.914999008 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915010929 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915061951 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915172100 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915184975 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915247917 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915260077 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915277958 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915297985 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915309906 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915328026 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915378094 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915379047 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915379047 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915703058 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915716887 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915791035 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.915805101 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.915863037 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.985358953 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.985445976 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.985456944 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.985496998 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.985656977 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.985723972 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.985730886 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.985770941 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.986463070 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.986529112 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.986536980 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.986583948 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.987267017 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.987329960 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.987337112 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.987375975 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.992898941 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.992927074 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993011951 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.993093014 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993201017 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.993355989 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993371964 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993417025 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.993433952 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993468046 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.993509054 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.993679047 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993695021 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993750095 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:49.993762970 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:49.993815899 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.004555941 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.004573107 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.004645109 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.004661083 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.004720926 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.005748987 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.005764008 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.005831957 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.005845070 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.005882978 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.005898952 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.005909920 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.005928040 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.005959988 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.005959988 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.005984068 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.006345987 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.006360054 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.006413937 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.006431103 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.006455898 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.006674051 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.006691933 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.006742001 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.006742001 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.006757021 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.006791115 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.006808996 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.047034025 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.047077894 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.047112942 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.047135115 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.047173977 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.047194004 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.047211885 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.047257900 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.057081938 CET	50199	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.057112932 CET	443	50199	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.075881958 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.075972080 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.075988054 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.076031923 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.076113939 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.076174021 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.076180935 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.076220036 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.076807976 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.076870918 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.076880932 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.076920033 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.077606916 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.077666044 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.077672958 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.077723980 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.077749968 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.077809095 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.077816963 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.077857018 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.078757048 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.078821898 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.078830004 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.078866005 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.078888893 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.078903913 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.078927040 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.078958035 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.079756021 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.079813957 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.079822063 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.079864025 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.162868977 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.162954092 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.162961960 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.163003922 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.163054943 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.163117886 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.163125992 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.163181067 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.163476944 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.163552046 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.163558960 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.163595915 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.164098978 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.164165020 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.164171934 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.164207935 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.164218903 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.164247036 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.164278984 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.164307117 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.164310932 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.164376020 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.165029049 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.165085077 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.165092945 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.165128946 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.165142059 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.165204048 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.165210962 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.165249109 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.165910006 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.165978909 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.165986061 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.166032076 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.166032076 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.166054964 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.166086912 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.166115999 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.166121006 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.166238070 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.166846991 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.166919947 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.166928053 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.166970968 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.166970968 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.166997910 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.167026043 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.167058945 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.167063951 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.167237043 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.167788982 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.167864084 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.167871952 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.167907953 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.167927980 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.167999983 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.168010950 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.168051004 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.168673038 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.168745041 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.168751955 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.168791056 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.207093000 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.207169056 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.207179070 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.207218885 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.252191067 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252279997 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.252290010 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252331972 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.252485991 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252564907 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.252571106 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252712965 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252772093 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.252779007 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252810001 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.252845049 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252904892 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.252912045 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.252949953 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253024101 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253127098 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253129005 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253158092 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253186941 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253216028 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253222942 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253294945 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253360987 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253369093 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253519058 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253577948 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253633022 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253638983 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253689051 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253704071 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253762007 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253768921 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253808975 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253825903 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253895998 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.253902912 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.253942966 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254503012 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254575014 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254581928 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254621983 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254628897 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254657030 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254686117 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254713058 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254717112 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254766941 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254786968 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254849911 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254856110 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254894018 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254915953 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.254987001 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.254993916 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.255038023 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.295589924 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.295660019 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.295670033 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.295713902 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.340501070 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.340569973 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.340578079 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.340589046 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.340641975 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.340657949 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.340766907 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.340812922 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.340818882 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.340856075 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341083050 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341115952 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341133118 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341140032 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341166973 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341180086 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341329098 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341370106 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341377020 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341384888 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341408968 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341415882 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341440916 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341466904 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341766119 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341820002 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.341826916 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.341872931 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345248938 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345310926 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345319033 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345365047 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345479965 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345544100 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345551968 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345626116 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345737934 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345791101 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345798969 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345833063 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345913887 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345957994 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345963955 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345973969 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.345993996 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.345999956 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.346020937 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.346050978 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.346201897 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.346251965 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.346259117 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.346302986 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.346394062 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.346445084 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.346451044 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.346489906 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.384536982 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.384605885 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.384615898 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.384654999 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429239035 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429307938 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429316998 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429352999 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429404974 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429451942 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429459095 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429486036 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429491997 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429497957 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429531097 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429537058 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429574013 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429634094 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429678917 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429686069 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429717064 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429768085 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429816961 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429826021 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.429857016 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.429955006 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430003881 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430010080 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430041075 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430053949 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430099964 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430105925 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430140018 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430210114 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430257082 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430263996 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430294991 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430334091 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430377007 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430383921 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430393934 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430423975 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430430889 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430448055 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430476904 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430696964 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430738926 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430757999 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430766106 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.430792093 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430810928 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.430954933 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.431004047 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.431011915 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.431024075 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.431060076 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.431078911 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.431082964 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.431103945 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.431148052 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.431154966 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.431190014 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.473474026 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.473562002 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.473572969 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.473615885 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.534991026 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535072088 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535090923 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535104990 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535130978 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535140038 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535192013 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535192013 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535260916 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535315990 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535322905 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535377026 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535501957 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535562992 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535569906 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535603046 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535605907 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535617113 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535648108 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535672903 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535676956 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535722971 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535765886 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535815001 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535821915 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535857916 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535871983 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.535928965 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535957098 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.535960913 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536001921 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536077023 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536134958 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536142111 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536179066 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536186934 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536194086 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536228895 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536246061 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536251068 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536293983 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536345005 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536396027 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536402941 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536448956 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536541939 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536628008 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536654949 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536662102 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536676884 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536712885 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536853075 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536899090 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536901951 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536909103 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536947966 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536956072 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.536993027 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.536998987 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.537009954 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.537038088 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.537060022 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.537532091 CET	50209	443	192.168.2.6	150.171.28.10
Jan 15, 2025 02:52:50.537540913 CET	443	50209	150.171.28.10	192.168.2.6
Jan 15, 2025 02:52:50.621849060 CET	445	49863	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:50.623044014 CET	49863	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:50.623111010 CET	49863	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:50.623167038 CET	49863	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:50.627871037 CET	445	49863	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:50.627926111 CET	445	49863	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:51.444425106 CET	50239	445	192.168.2.6	2.190.128.67
Jan 15, 2025 02:52:51.449438095 CET	445	50239	2.190.128.67	192.168.2.6
Jan 15, 2025 02:52:51.449513912 CET	50239	445	192.168.2.6	2.190.128.67
Jan 15, 2025 02:52:51.449812889 CET	50239	445	192.168.2.6	2.190.128.67
Jan 15, 2025 02:52:51.449989080 CET	50240	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:51.454751968 CET	445	50239	2.190.128.67	192.168.2.6
Jan 15, 2025 02:52:51.454812050 CET	50239	445	192.168.2.6	2.190.128.67
Jan 15, 2025 02:52:51.454823971 CET	445	50240	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:51.454942942 CET	50240	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:51.455046892 CET	50240	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:51.459459066 CET	50241	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:51.459897995 CET	445	50240	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:51.459954977 CET	50240	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:51.464448929 CET	445	50241	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:51.465898037 CET	50241	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:51.466011047 CET	50241	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:51.470837116 CET	445	50241	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:51.625024080 CET	50244	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:51.630002975 CET	445	50244	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:51.630064011 CET	50244	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:51.630129099 CET	50244	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:52:51.634910107 CET	445	50244	117.78.75.1	192.168.2.6
Jan 15, 2025 02:52:52.641238928 CET	445	49895	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:52.641344070 CET	49895	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:52.641344070 CET	49895	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:52.641398907 CET	49895	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:52.646187067 CET	445	49895	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:52.646200895 CET	445	49895	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:53.334610939 CET	445	50241	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:53.337347031 CET	50241	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:53.337347031 CET	50241	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:53.337867975 CET	50241	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:53.342209101 CET	445	50241	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:53.342598915 CET	445	50241	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:53.437421083 CET	50254	445	192.168.2.6	30.7.203.119
Jan 15, 2025 02:52:53.442301989 CET	445	50254	30.7.203.119	192.168.2.6
Jan 15, 2025 02:52:53.442401886 CET	50254	445	192.168.2.6	30.7.203.119
Jan 15, 2025 02:52:53.442401886 CET	50254	445	192.168.2.6	30.7.203.119
Jan 15, 2025 02:52:53.442537069 CET	50255	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:52:53.447273016 CET	445	50255	30.7.203.1	192.168.2.6
Jan 15, 2025 02:52:53.447330952 CET	445	50254	30.7.203.119	192.168.2.6
Jan 15, 2025 02:52:53.447357893 CET	50255	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:52:53.447357893 CET	50255	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:52:53.447510958 CET	50254	445	192.168.2.6	30.7.203.119
Jan 15, 2025 02:52:53.447649002 CET	50256	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:52:53.454602003 CET	445	50255	30.7.203.1	192.168.2.6
Jan 15, 2025 02:52:53.454617977 CET	445	50256	30.7.203.1	192.168.2.6
Jan 15, 2025 02:52:53.454693079 CET	50256	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:52:53.454698086 CET	50255	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:52:53.454724073 CET	50256	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:52:53.460592985 CET	445	50256	30.7.203.1	192.168.2.6
Jan 15, 2025 02:52:53.624893904 CET	50259	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:53.630028963 CET	445	50259	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:53.630094051 CET	50259	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:53.630142927 CET	50259	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:52:53.635305882 CET	445	50259	48.84.84.1	192.168.2.6
Jan 15, 2025 02:52:54.653121948 CET	445	49929	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:54.653964996 CET	49929	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:54.653964996 CET	49929	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:54.654126883 CET	49929	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:54.658864975 CET	445	49929	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:54.658920050 CET	445	49929	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:55.454929113 CET	50268	445	192.168.2.6	112.113.202.222
Jan 15, 2025 02:52:55.459892988 CET	445	50268	112.113.202.222	192.168.2.6
Jan 15, 2025 02:52:55.461987972 CET	50268	445	192.168.2.6	112.113.202.222
Jan 15, 2025 02:52:55.461987972 CET	50268	445	192.168.2.6	112.113.202.222
Jan 15, 2025 02:52:55.466047049 CET	50269	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:52:55.468307972 CET	445	50268	112.113.202.222	192.168.2.6
Jan 15, 2025 02:52:55.471000910 CET	445	50269	112.113.202.1	192.168.2.6
Jan 15, 2025 02:52:55.471752882 CET	445	50268	112.113.202.222	192.168.2.6
Jan 15, 2025 02:52:55.474013090 CET	50268	445	192.168.2.6	112.113.202.222
Jan 15, 2025 02:52:55.474016905 CET	50269	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:52:55.474016905 CET	50269	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:52:55.474319935 CET	50270	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:52:55.479053020 CET	445	50269	112.113.202.1	192.168.2.6
Jan 15, 2025 02:52:55.479161978 CET	445	50270	112.113.202.1	192.168.2.6
Jan 15, 2025 02:52:55.480381012 CET	50270	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:52:55.480443001 CET	50270	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:52:55.480473042 CET	50269	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:52:55.485282898 CET	445	50270	112.113.202.1	192.168.2.6
Jan 15, 2025 02:52:55.656100988 CET	50273	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:55.660984039 CET	445	50273	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:55.661060095 CET	50273	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:55.661108017 CET	50273	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:52:55.665935040 CET	445	50273	70.83.190.1	192.168.2.6
Jan 15, 2025 02:52:56.343446970 CET	50279	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:56.348316908 CET	445	50279	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:56.348407030 CET	50279	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:56.348436117 CET	50279	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:56.353281021 CET	445	50279	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:56.848743916 CET	445	49966	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:56.848828077 CET	49966	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:56.848881960 CET	49966	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:56.848942041 CET	49966	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:56.853722095 CET	445	49966	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:56.853801966 CET	445	49966	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:57.468808889 CET	50286	445	192.168.2.6	46.223.3.186
Jan 15, 2025 02:52:57.473762989 CET	445	50286	46.223.3.186	192.168.2.6
Jan 15, 2025 02:52:57.473891020 CET	50286	445	192.168.2.6	46.223.3.186
Jan 15, 2025 02:52:57.473979950 CET	50286	445	192.168.2.6	46.223.3.186
Jan 15, 2025 02:52:57.474134922 CET	50287	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:52:57.478956938 CET	445	50286	46.223.3.186	192.168.2.6
Jan 15, 2025 02:52:57.479022026 CET	50286	445	192.168.2.6	46.223.3.186
Jan 15, 2025 02:52:57.479123116 CET	445	50287	46.223.3.1	192.168.2.6
Jan 15, 2025 02:52:57.479196072 CET	50287	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:52:57.479231119 CET	50287	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:52:57.479542017 CET	50290	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:52:57.484193087 CET	445	50287	46.223.3.1	192.168.2.6
Jan 15, 2025 02:52:57.484261036 CET	50287	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:52:57.484314919 CET	445	50290	46.223.3.1	192.168.2.6
Jan 15, 2025 02:52:57.484376907 CET	50290	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:52:57.484426975 CET	50290	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:52:57.489177942 CET	445	50290	46.223.3.1	192.168.2.6
Jan 15, 2025 02:52:57.656872988 CET	50291	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:57.661720991 CET	445	50291	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:57.661797047 CET	50291	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:57.661839008 CET	50291	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:52:57.666630983 CET	445	50291	88.17.75.1	192.168.2.6
Jan 15, 2025 02:52:58.251377106 CET	445	50279	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:58.251441956 CET	50279	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:58.251470089 CET	50279	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:58.251504898 CET	50279	445	192.168.2.6	2.190.128.1
Jan 15, 2025 02:52:58.256388903 CET	445	50279	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:58.256400108 CET	445	50279	2.190.128.1	192.168.2.6
Jan 15, 2025 02:52:58.312274933 CET	50297	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:52:58.317048073 CET	445	50297	2.190.128.2	192.168.2.6
Jan 15, 2025 02:52:58.317131042 CET	50297	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:52:58.317197084 CET	50297	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:52:58.317466021 CET	50298	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:52:58.322122097 CET	445	50297	2.190.128.2	192.168.2.6
Jan 15, 2025 02:52:58.322212934 CET	50297	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:52:58.322354078 CET	445	50298	2.190.128.2	192.168.2.6
Jan 15, 2025 02:52:58.322415113 CET	50298	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:52:58.322454929 CET	50298	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:52:58.327301979 CET	445	50298	2.190.128.2	192.168.2.6
Jan 15, 2025 02:52:58.686355114 CET	445	49998	134.252.241.1	192.168.2.6
Jan 15, 2025 02:52:58.686431885 CET	49998	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:58.686485052 CET	49998	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:58.686532021 CET	49998	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:52:58.691369057 CET	445	49998	134.252.241.1	192.168.2.6
Jan 15, 2025 02:52:58.691380024 CET	445	49998	134.252.241.1	192.168.2.6
Jan 15, 2025 02:52:59.484479904 CET	50305	445	192.168.2.6	223.2.101.10
Jan 15, 2025 02:52:59.489384890 CET	445	50305	223.2.101.10	192.168.2.6
Jan 15, 2025 02:52:59.489459991 CET	50305	445	192.168.2.6	223.2.101.10
Jan 15, 2025 02:52:59.489500046 CET	50305	445	192.168.2.6	223.2.101.10
Jan 15, 2025 02:52:59.489645004 CET	50306	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:52:59.494432926 CET	445	50306	223.2.101.1	192.168.2.6
Jan 15, 2025 02:52:59.494446993 CET	445	50305	223.2.101.10	192.168.2.6
Jan 15, 2025 02:52:59.494509935 CET	50306	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:52:59.494538069 CET	50305	445	192.168.2.6	223.2.101.10
Jan 15, 2025 02:52:59.494602919 CET	50306	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:52:59.494894028 CET	50307	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:52:59.499464989 CET	445	50306	223.2.101.1	192.168.2.6
Jan 15, 2025 02:52:59.499577045 CET	50306	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:52:59.499661922 CET	445	50307	223.2.101.1	192.168.2.6
Jan 15, 2025 02:52:59.500003099 CET	50307	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:52:59.500027895 CET	50307	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:52:59.505001068 CET	445	50307	223.2.101.1	192.168.2.6
Jan 15, 2025 02:52:59.859177113 CET	50311	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:59.876719952 CET	445	50311	113.99.161.1	192.168.2.6
Jan 15, 2025 02:52:59.876846075 CET	50311	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:59.876899004 CET	50311	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:52:59.881623983 CET	445	50311	113.99.161.1	192.168.2.6
Jan 15, 2025 02:53:00.684516907 CET	445	50038	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:00.684638023 CET	50038	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:00.684679031 CET	50038	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:00.684724092 CET	50038	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:00.689527988 CET	445	50038	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:00.689543009 CET	445	50038	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:01.359508991 CET	50322	445	192.168.2.6	185.149.203.183
Jan 15, 2025 02:53:01.364453077 CET	445	50322	185.149.203.183	192.168.2.6
Jan 15, 2025 02:53:01.364535093 CET	50322	445	192.168.2.6	185.149.203.183
Jan 15, 2025 02:53:01.364577055 CET	50322	445	192.168.2.6	185.149.203.183
Jan 15, 2025 02:53:01.364703894 CET	50323	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:01.369508028 CET	445	50322	185.149.203.183	192.168.2.6
Jan 15, 2025 02:53:01.369544029 CET	445	50323	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:01.369571924 CET	50322	445	192.168.2.6	185.149.203.183
Jan 15, 2025 02:53:01.369609118 CET	50323	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:01.369694948 CET	50323	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:01.369985104 CET	50324	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:01.374660969 CET	445	50323	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:01.374718904 CET	50323	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:01.374862909 CET	445	50324	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:01.374949932 CET	50324	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:01.374973059 CET	50324	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:01.379878998 CET	445	50324	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:01.687330008 CET	50325	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:53:01.692138910 CET	445	50325	134.252.241.1	192.168.2.6
Jan 15, 2025 02:53:01.692210913 CET	50325	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:53:01.692238092 CET	50325	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:53:01.697694063 CET	445	50325	134.252.241.1	192.168.2.6
Jan 15, 2025 02:53:02.762547016 CET	445	50070	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:02.764672995 CET	50070	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:02.767147064 CET	50070	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:02.767196894 CET	50070	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:02.772010088 CET	445	50070	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:02.772021055 CET	445	50070	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:03.110481024 CET	50326	445	192.168.2.6	27.13.195.153
Jan 15, 2025 02:53:03.115360975 CET	445	50326	27.13.195.153	192.168.2.6
Jan 15, 2025 02:53:03.115433931 CET	50326	445	192.168.2.6	27.13.195.153
Jan 15, 2025 02:53:03.115559101 CET	50326	445	192.168.2.6	27.13.195.153
Jan 15, 2025 02:53:03.115756989 CET	50327	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:03.117425919 CET	445	50324	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:03.117496014 CET	50324	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:03.117539883 CET	50324	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:03.117549896 CET	50324	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:03.120548964 CET	445	50326	27.13.195.153	192.168.2.6
Jan 15, 2025 02:53:03.120568037 CET	445	50327	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:03.120608091 CET	50326	445	192.168.2.6	27.13.195.153
Jan 15, 2025 02:53:03.120666027 CET	50327	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:03.120731115 CET	50327	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:03.121412992 CET	50328	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:03.122328043 CET	445	50324	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:03.122338057 CET	445	50324	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:03.125602007 CET	445	50327	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:03.125693083 CET	50327	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:03.126311064 CET	445	50328	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:03.126369953 CET	50328	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:03.126410961 CET	50328	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:03.131293058 CET	445	50328	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:03.687212944 CET	50329	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:03.692157984 CET	445	50329	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:03.692222118 CET	50329	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:03.692249060 CET	50329	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:03.697052002 CET	445	50329	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:04.748869896 CET	445	50102	8.114.55.1	192.168.2.6
Jan 15, 2025 02:53:04.748951912 CET	50102	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:04.748992920 CET	50102	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:04.748999119 CET	50102	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:04.751399994 CET	50330	445	192.168.2.6	16.6.71.174
Jan 15, 2025 02:53:04.753865957 CET	445	50102	8.114.55.1	192.168.2.6
Jan 15, 2025 02:53:04.753910065 CET	445	50102	8.114.55.1	192.168.2.6
Jan 15, 2025 02:53:04.756228924 CET	445	50330	16.6.71.174	192.168.2.6
Jan 15, 2025 02:53:04.756304979 CET	50330	445	192.168.2.6	16.6.71.174
Jan 15, 2025 02:53:04.756334066 CET	50330	445	192.168.2.6	16.6.71.174
Jan 15, 2025 02:53:04.756496906 CET	50331	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:04.761370897 CET	445	50331	16.6.71.1	192.168.2.6
Jan 15, 2025 02:53:04.761414051 CET	445	50330	16.6.71.174	192.168.2.6
Jan 15, 2025 02:53:04.761445045 CET	50331	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:04.761445045 CET	50331	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:04.761460066 CET	50330	445	192.168.2.6	16.6.71.174
Jan 15, 2025 02:53:04.761689901 CET	50332	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:04.766472101 CET	445	50331	16.6.71.1	192.168.2.6
Jan 15, 2025 02:53:04.766532898 CET	50331	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:04.766535044 CET	445	50332	16.6.71.1	192.168.2.6
Jan 15, 2025 02:53:04.766613960 CET	50332	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:04.766654968 CET	50332	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:04.771486998 CET	445	50332	16.6.71.1	192.168.2.6
Jan 15, 2025 02:53:05.781017065 CET	50333	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:05.785865068 CET	445	50333	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:05.785948038 CET	50333	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:05.786031961 CET	50333	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:05.790783882 CET	445	50333	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:06.124681950 CET	50334	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:06.129553080 CET	445	50334	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:06.129633904 CET	50334	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:06.129656076 CET	50334	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:06.134490967 CET	445	50334	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:06.281212091 CET	50335	445	192.168.2.6	68.173.107.122
Jan 15, 2025 02:53:06.286078930 CET	445	50335	68.173.107.122	192.168.2.6
Jan 15, 2025 02:53:06.286135912 CET	50335	445	192.168.2.6	68.173.107.122
Jan 15, 2025 02:53:06.286336899 CET	50335	445	192.168.2.6	68.173.107.122
Jan 15, 2025 02:53:06.286339045 CET	50336	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:06.291119099 CET	445	50336	68.173.107.1	192.168.2.6
Jan 15, 2025 02:53:06.291127920 CET	445	50335	68.173.107.122	192.168.2.6
Jan 15, 2025 02:53:06.291172028 CET	50335	445	192.168.2.6	68.173.107.122
Jan 15, 2025 02:53:06.291188955 CET	50336	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:06.291271925 CET	50336	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:06.291491985 CET	50337	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:06.296158075 CET	445	50336	68.173.107.1	192.168.2.6
Jan 15, 2025 02:53:06.296195030 CET	50336	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:06.296263933 CET	445	50337	68.173.107.1	192.168.2.6
Jan 15, 2025 02:53:06.296319008 CET	50337	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:06.296358109 CET	50337	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:06.301181078 CET	445	50337	68.173.107.1	192.168.2.6
Jan 15, 2025 02:53:06.780205011 CET	445	50134	102.114.25.1	192.168.2.6
Jan 15, 2025 02:53:06.780289888 CET	50134	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:53:06.780289888 CET	50134	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:53:06.780332088 CET	50134	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:53:06.785159111 CET	445	50134	102.114.25.1	192.168.2.6
Jan 15, 2025 02:53:06.785171986 CET	445	50134	102.114.25.1	192.168.2.6
Jan 15, 2025 02:53:07.703169107 CET	50338	445	192.168.2.6	90.101.167.239
Jan 15, 2025 02:53:07.708029032 CET	445	50338	90.101.167.239	192.168.2.6
Jan 15, 2025 02:53:07.708188057 CET	50338	445	192.168.2.6	90.101.167.239
Jan 15, 2025 02:53:07.708188057 CET	50338	445	192.168.2.6	90.101.167.239
Jan 15, 2025 02:53:07.708434105 CET	50339	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:07.713112116 CET	445	50338	90.101.167.239	192.168.2.6
Jan 15, 2025 02:53:07.713171005 CET	445	50339	90.101.167.1	192.168.2.6
Jan 15, 2025 02:53:07.713200092 CET	50338	445	192.168.2.6	90.101.167.239
Jan 15, 2025 02:53:07.713294029 CET	50339	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:07.713294983 CET	50339	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:07.713635921 CET	50340	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:07.718226910 CET	445	50339	90.101.167.1	192.168.2.6
Jan 15, 2025 02:53:07.718497992 CET	445	50340	90.101.167.1	192.168.2.6
Jan 15, 2025 02:53:07.718528986 CET	50339	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:07.718590021 CET	50340	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:07.718656063 CET	50340	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:07.723478079 CET	445	50340	90.101.167.1	192.168.2.6
Jan 15, 2025 02:53:07.749989986 CET	50341	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:07.754740000 CET	445	50341	8.114.55.1	192.168.2.6
Jan 15, 2025 02:53:07.754834890 CET	50341	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:07.754834890 CET	50341	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:07.759624958 CET	445	50341	8.114.55.1	192.168.2.6
Jan 15, 2025 02:53:07.884303093 CET	445	50334	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:07.884398937 CET	50334	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:07.884398937 CET	50334	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:07.884526014 CET	50334	445	192.168.2.6	185.149.203.1
Jan 15, 2025 02:53:07.889194965 CET	445	50334	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:07.889242887 CET	445	50334	185.149.203.1	192.168.2.6
Jan 15, 2025 02:53:07.937522888 CET	50342	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:07.942873955 CET	445	50342	185.149.203.2	192.168.2.6
Jan 15, 2025 02:53:07.943075895 CET	50342	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:07.943075895 CET	50342	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:07.943408966 CET	50343	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:07.949018002 CET	445	50343	185.149.203.2	192.168.2.6
Jan 15, 2025 02:53:07.949084044 CET	50343	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:07.949124098 CET	50343	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:07.949327946 CET	445	50342	185.149.203.2	192.168.2.6
Jan 15, 2025 02:53:07.949556112 CET	50342	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:07.954405069 CET	445	50343	185.149.203.2	192.168.2.6
Jan 15, 2025 02:53:08.780376911 CET	445	50171	114.249.64.1	192.168.2.6
Jan 15, 2025 02:53:08.780491114 CET	50171	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:53:08.780491114 CET	50171	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:53:08.780580997 CET	50171	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:53:08.786294937 CET	445	50171	114.249.64.1	192.168.2.6
Jan 15, 2025 02:53:08.786309958 CET	445	50171	114.249.64.1	192.168.2.6
Jan 15, 2025 02:53:09.031651974 CET	50344	445	192.168.2.6	76.187.63.164
Jan 15, 2025 02:53:09.036900997 CET	445	50344	76.187.63.164	192.168.2.6
Jan 15, 2025 02:53:09.036994934 CET	50344	445	192.168.2.6	76.187.63.164
Jan 15, 2025 02:53:09.037069082 CET	50344	445	192.168.2.6	76.187.63.164
Jan 15, 2025 02:53:09.037200928 CET	50345	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:09.042102098 CET	445	50344	76.187.63.164	192.168.2.6
Jan 15, 2025 02:53:09.042135954 CET	445	50345	76.187.63.1	192.168.2.6
Jan 15, 2025 02:53:09.042165995 CET	50344	445	192.168.2.6	76.187.63.164
Jan 15, 2025 02:53:09.042226076 CET	50345	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:09.042315960 CET	50345	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:09.042700052 CET	50346	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:09.047507048 CET	445	50345	76.187.63.1	192.168.2.6
Jan 15, 2025 02:53:09.047569990 CET	50345	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:09.047947884 CET	445	50346	76.187.63.1	192.168.2.6
Jan 15, 2025 02:53:09.048070908 CET	50346	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:09.048124075 CET	50346	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:09.052947998 CET	445	50346	76.187.63.1	192.168.2.6
Jan 15, 2025 02:53:09.781078100 CET	50347	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:53:09.786020041 CET	445	50347	102.114.25.1	192.168.2.6
Jan 15, 2025 02:53:09.786113024 CET	50347	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:53:09.786153078 CET	50347	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:53:09.790927887 CET	445	50347	102.114.25.1	192.168.2.6
Jan 15, 2025 02:53:10.265649080 CET	50348	445	192.168.2.6	36.227.128.128
Jan 15, 2025 02:53:10.270486116 CET	445	50348	36.227.128.128	192.168.2.6
Jan 15, 2025 02:53:10.270586967 CET	50348	445	192.168.2.6	36.227.128.128
Jan 15, 2025 02:53:10.270586967 CET	50348	445	192.168.2.6	36.227.128.128
Jan 15, 2025 02:53:10.270771027 CET	50349	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:10.275561094 CET	445	50348	36.227.128.128	192.168.2.6
Jan 15, 2025 02:53:10.275612116 CET	445	50349	36.227.128.1	192.168.2.6
Jan 15, 2025 02:53:10.275645971 CET	50348	445	192.168.2.6	36.227.128.128
Jan 15, 2025 02:53:10.275665045 CET	50349	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:10.275759935 CET	50349	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:10.276083946 CET	50350	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:10.280720949 CET	445	50349	36.227.128.1	192.168.2.6
Jan 15, 2025 02:53:10.280813932 CET	50349	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:10.280915022 CET	445	50350	36.227.128.1	192.168.2.6
Jan 15, 2025 02:53:10.280971050 CET	50350	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:10.280991077 CET	50350	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:10.286628008 CET	445	50350	36.227.128.1	192.168.2.6
Jan 15, 2025 02:53:10.802623987 CET	445	50216	222.133.228.1	192.168.2.6
Jan 15, 2025 02:53:10.802737951 CET	50216	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:53:10.802814007 CET	50216	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:53:10.802814007 CET	50216	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:53:10.807673931 CET	445	50216	222.133.228.1	192.168.2.6
Jan 15, 2025 02:53:10.807692051 CET	445	50216	222.133.228.1	192.168.2.6
Jan 15, 2025 02:53:11.001357079 CET	445	50220	147.174.249.1	192.168.2.6
Jan 15, 2025 02:53:11.001465082 CET	50220	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:53:11.001465082 CET	50220	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:53:11.001877069 CET	50220	445	192.168.2.6	147.174.249.1
Jan 15, 2025 02:53:11.006346941 CET	445	50220	147.174.249.1	192.168.2.6
Jan 15, 2025 02:53:11.006716013 CET	445	50220	147.174.249.1	192.168.2.6
Jan 15, 2025 02:53:11.062331915 CET	50351	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:11.067198038 CET	445	50351	147.174.249.2	192.168.2.6
Jan 15, 2025 02:53:11.067276001 CET	50351	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:11.067311049 CET	50351	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:11.067697048 CET	50352	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:11.072314978 CET	445	50351	147.174.249.2	192.168.2.6
Jan 15, 2025 02:53:11.072329998 CET	445	50351	147.174.249.2	192.168.2.6
Jan 15, 2025 02:53:11.072380066 CET	50351	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:11.072531939 CET	445	50352	147.174.249.2	192.168.2.6
Jan 15, 2025 02:53:11.072597027 CET	50352	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:11.072629929 CET	50352	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:11.077440023 CET	445	50352	147.174.249.2	192.168.2.6
Jan 15, 2025 02:53:11.421894073 CET	50353	445	192.168.2.6	56.148.232.23
Jan 15, 2025 02:53:11.426721096 CET	445	50353	56.148.232.23	192.168.2.6
Jan 15, 2025 02:53:11.426831007 CET	50353	445	192.168.2.6	56.148.232.23
Jan 15, 2025 02:53:11.426876068 CET	50353	445	192.168.2.6	56.148.232.23
Jan 15, 2025 02:53:11.426991940 CET	50354	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:11.431796074 CET	445	50354	56.148.232.1	192.168.2.6
Jan 15, 2025 02:53:11.431864023 CET	50354	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:11.431952000 CET	50354	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:11.432055950 CET	445	50353	56.148.232.23	192.168.2.6
Jan 15, 2025 02:53:11.432112932 CET	50353	445	192.168.2.6	56.148.232.23
Jan 15, 2025 02:53:11.432280064 CET	50355	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:11.436791897 CET	445	50354	56.148.232.1	192.168.2.6
Jan 15, 2025 02:53:11.436853886 CET	50354	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:11.437119961 CET	445	50355	56.148.232.1	192.168.2.6
Jan 15, 2025 02:53:11.437179089 CET	50355	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:11.437232018 CET	50355	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:11.442001104 CET	445	50355	56.148.232.1	192.168.2.6
Jan 15, 2025 02:53:11.781122923 CET	50357	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:53:11.786094904 CET	445	50357	114.249.64.1	192.168.2.6
Jan 15, 2025 02:53:11.789942026 CET	50357	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:53:11.792083025 CET	50357	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:53:11.796876907 CET	445	50357	114.249.64.1	192.168.2.6
Jan 15, 2025 02:53:12.500153065 CET	50358	445	192.168.2.6	188.217.194.229
Jan 15, 2025 02:53:12.505057096 CET	445	50358	188.217.194.229	192.168.2.6
Jan 15, 2025 02:53:12.505143881 CET	50358	445	192.168.2.6	188.217.194.229
Jan 15, 2025 02:53:12.505239964 CET	50358	445	192.168.2.6	188.217.194.229
Jan 15, 2025 02:53:12.505424023 CET	50359	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:12.510113001 CET	445	50358	188.217.194.229	192.168.2.6
Jan 15, 2025 02:53:12.510168076 CET	50358	445	192.168.2.6	188.217.194.229
Jan 15, 2025 02:53:12.510277033 CET	445	50359	188.217.194.1	192.168.2.6
Jan 15, 2025 02:53:12.510349035 CET	50359	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:12.510394096 CET	50359	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:12.510642052 CET	50360	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:12.515341997 CET	445	50359	188.217.194.1	192.168.2.6
Jan 15, 2025 02:53:12.515408039 CET	50359	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:12.515409946 CET	445	50360	188.217.194.1	192.168.2.6
Jan 15, 2025 02:53:12.515460968 CET	50360	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:12.515503883 CET	50360	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:12.520287037 CET	445	50360	188.217.194.1	192.168.2.6
Jan 15, 2025 02:53:13.019294977 CET	445	50244	117.78.75.1	192.168.2.6
Jan 15, 2025 02:53:13.019357920 CET	50244	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:53:13.019397020 CET	50244	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:53:13.019469023 CET	50244	445	192.168.2.6	117.78.75.1
Jan 15, 2025 02:53:13.024215937 CET	445	50244	117.78.75.1	192.168.2.6
Jan 15, 2025 02:53:13.024256945 CET	445	50244	117.78.75.1	192.168.2.6
Jan 15, 2025 02:53:13.077965021 CET	50362	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:13.082767010 CET	445	50362	117.78.75.2	192.168.2.6
Jan 15, 2025 02:53:13.082911968 CET	50362	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:13.082911968 CET	50362	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:13.083216906 CET	50363	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:13.087830067 CET	445	50362	117.78.75.2	192.168.2.6
Jan 15, 2025 02:53:13.087981939 CET	445	50363	117.78.75.2	192.168.2.6
Jan 15, 2025 02:53:13.087987900 CET	50362	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:13.088042974 CET	50363	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:13.088068962 CET	50363	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:13.092854023 CET	445	50363	117.78.75.2	192.168.2.6
Jan 15, 2025 02:53:13.516195059 CET	50364	445	192.168.2.6	131.21.241.12
Jan 15, 2025 02:53:13.521076918 CET	445	50364	131.21.241.12	192.168.2.6
Jan 15, 2025 02:53:13.521179914 CET	50364	445	192.168.2.6	131.21.241.12
Jan 15, 2025 02:53:13.521198034 CET	50364	445	192.168.2.6	131.21.241.12
Jan 15, 2025 02:53:13.521409988 CET	50365	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:13.526187897 CET	445	50364	131.21.241.12	192.168.2.6
Jan 15, 2025 02:53:13.526199102 CET	445	50365	131.21.241.1	192.168.2.6
Jan 15, 2025 02:53:13.526246071 CET	50364	445	192.168.2.6	131.21.241.12
Jan 15, 2025 02:53:13.526287079 CET	50365	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:13.526341915 CET	50365	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:13.526772976 CET	50366	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:13.531203032 CET	445	50365	131.21.241.1	192.168.2.6
Jan 15, 2025 02:53:13.531259060 CET	50365	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:13.531538010 CET	445	50366	131.21.241.1	192.168.2.6
Jan 15, 2025 02:53:13.531606913 CET	50366	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:13.531627893 CET	50366	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:13.536415100 CET	445	50366	131.21.241.1	192.168.2.6
Jan 15, 2025 02:53:13.814341068 CET	50367	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:53:13.819118977 CET	445	50367	222.133.228.1	192.168.2.6
Jan 15, 2025 02:53:13.819211006 CET	50367	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:53:13.819566965 CET	50367	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:53:13.824352026 CET	445	50367	222.133.228.1	192.168.2.6
Jan 15, 2025 02:53:14.453159094 CET	50368	445	192.168.2.6	108.114.73.227
Jan 15, 2025 02:53:14.457916021 CET	445	50368	108.114.73.227	192.168.2.6
Jan 15, 2025 02:53:14.458935976 CET	50368	445	192.168.2.6	108.114.73.227
Jan 15, 2025 02:53:14.458990097 CET	50368	445	192.168.2.6	108.114.73.227
Jan 15, 2025 02:53:14.459158897 CET	50369	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:14.463977098 CET	445	50369	108.114.73.1	192.168.2.6
Jan 15, 2025 02:53:14.464091063 CET	50369	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:14.464147091 CET	50369	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:14.464276075 CET	445	50368	108.114.73.227	192.168.2.6
Jan 15, 2025 02:53:14.464406967 CET	50370	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:14.469202995 CET	445	50370	108.114.73.1	192.168.2.6
Jan 15, 2025 02:53:14.469271898 CET	50370	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:14.469304085 CET	50370	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:14.472259998 CET	445	50369	108.114.73.1	192.168.2.6
Jan 15, 2025 02:53:14.472543955 CET	445	50368	108.114.73.227	192.168.2.6
Jan 15, 2025 02:53:14.472743988 CET	445	50369	108.114.73.1	192.168.2.6
Jan 15, 2025 02:53:14.472800970 CET	50368	445	192.168.2.6	108.114.73.227
Jan 15, 2025 02:53:14.472858906 CET	50369	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:14.474045992 CET	445	50370	108.114.73.1	192.168.2.6
Jan 15, 2025 02:53:14.809667110 CET	445	50256	30.7.203.1	192.168.2.6
Jan 15, 2025 02:53:14.809794903 CET	50256	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:53:14.809868097 CET	50256	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:53:14.809901953 CET	50256	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:53:14.814645052 CET	445	50256	30.7.203.1	192.168.2.6
Jan 15, 2025 02:53:14.814654112 CET	445	50256	30.7.203.1	192.168.2.6
Jan 15, 2025 02:53:15.014046907 CET	445	50259	48.84.84.1	192.168.2.6
Jan 15, 2025 02:53:15.014144897 CET	50259	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:53:15.014184952 CET	50259	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:53:15.014236927 CET	50259	445	192.168.2.6	48.84.84.1
Jan 15, 2025 02:53:15.019500017 CET	445	50259	48.84.84.1	192.168.2.6
Jan 15, 2025 02:53:15.019507885 CET	445	50259	48.84.84.1	192.168.2.6
Jan 15, 2025 02:53:15.077996969 CET	50371	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:15.082870007 CET	445	50371	48.84.84.2	192.168.2.6
Jan 15, 2025 02:53:15.082938910 CET	50371	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:15.082952976 CET	50371	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:15.083223104 CET	50372	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:15.091938019 CET	445	50371	48.84.84.2	192.168.2.6
Jan 15, 2025 02:53:15.091986895 CET	50371	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:15.092103004 CET	445	50372	48.84.84.2	192.168.2.6
Jan 15, 2025 02:53:15.092176914 CET	50372	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:15.092238903 CET	50372	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:15.100939035 CET	445	50372	48.84.84.2	192.168.2.6
Jan 15, 2025 02:53:15.328037977 CET	50373	445	192.168.2.6	4.244.95.82
Jan 15, 2025 02:53:15.332873106 CET	445	50373	4.244.95.82	192.168.2.6
Jan 15, 2025 02:53:15.332947969 CET	50373	445	192.168.2.6	4.244.95.82
Jan 15, 2025 02:53:15.332994938 CET	50373	445	192.168.2.6	4.244.95.82
Jan 15, 2025 02:53:15.333894014 CET	50374	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:15.337883949 CET	445	50373	4.244.95.82	192.168.2.6
Jan 15, 2025 02:53:15.338402033 CET	50373	445	192.168.2.6	4.244.95.82
Jan 15, 2025 02:53:15.338696003 CET	445	50374	4.244.95.1	192.168.2.6
Jan 15, 2025 02:53:15.338747978 CET	50374	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:15.338771105 CET	50374	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:15.338977098 CET	50375	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:15.343692064 CET	445	50374	4.244.95.1	192.168.2.6
Jan 15, 2025 02:53:15.343744993 CET	50374	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:15.343772888 CET	445	50375	4.244.95.1	192.168.2.6
Jan 15, 2025 02:53:15.343823910 CET	50375	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:15.343924999 CET	50375	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:15.348704100 CET	445	50375	4.244.95.1	192.168.2.6
Jan 15, 2025 02:53:16.156877041 CET	50376	445	192.168.2.6	47.75.20.232
Jan 15, 2025 02:53:16.161851883 CET	445	50376	47.75.20.232	192.168.2.6
Jan 15, 2025 02:53:16.161931038 CET	50376	445	192.168.2.6	47.75.20.232
Jan 15, 2025 02:53:16.162041903 CET	50376	445	192.168.2.6	47.75.20.232
Jan 15, 2025 02:53:16.162127972 CET	50377	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:16.166919947 CET	445	50377	47.75.20.1	192.168.2.6
Jan 15, 2025 02:53:16.166968107 CET	445	50376	47.75.20.232	192.168.2.6
Jan 15, 2025 02:53:16.166977882 CET	50377	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:16.167058945 CET	50377	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:16.167093039 CET	50376	445	192.168.2.6	47.75.20.232
Jan 15, 2025 02:53:16.167370081 CET	50378	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:16.171900034 CET	445	50377	47.75.20.1	192.168.2.6
Jan 15, 2025 02:53:16.172008991 CET	50377	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:16.172146082 CET	445	50378	47.75.20.1	192.168.2.6
Jan 15, 2025 02:53:16.172204018 CET	50378	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:16.172226906 CET	50378	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:16.176978111 CET	445	50378	47.75.20.1	192.168.2.6
Jan 15, 2025 02:53:16.856077909 CET	445	50270	112.113.202.1	192.168.2.6
Jan 15, 2025 02:53:16.856147051 CET	50270	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:53:16.856178999 CET	50270	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:53:16.856235981 CET	50270	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:53:16.860995054 CET	445	50270	112.113.202.1	192.168.2.6
Jan 15, 2025 02:53:16.861025095 CET	445	50270	112.113.202.1	192.168.2.6
Jan 15, 2025 02:53:16.922471046 CET	50379	445	192.168.2.6	119.135.172.9
Jan 15, 2025 02:53:16.927267075 CET	445	50379	119.135.172.9	192.168.2.6
Jan 15, 2025 02:53:16.927340031 CET	50379	445	192.168.2.6	119.135.172.9
Jan 15, 2025 02:53:16.927397966 CET	50379	445	192.168.2.6	119.135.172.9
Jan 15, 2025 02:53:16.927519083 CET	50380	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:16.932271004 CET	445	50379	119.135.172.9	192.168.2.6
Jan 15, 2025 02:53:16.932337999 CET	445	50379	119.135.172.9	192.168.2.6
Jan 15, 2025 02:53:16.932349920 CET	445	50380	119.135.172.1	192.168.2.6
Jan 15, 2025 02:53:16.932394028 CET	50379	445	192.168.2.6	119.135.172.9
Jan 15, 2025 02:53:16.932418108 CET	50380	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:16.932552099 CET	50380	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:16.932862043 CET	50381	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:16.937315941 CET	445	50380	119.135.172.1	192.168.2.6
Jan 15, 2025 02:53:16.937438965 CET	50380	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:16.937706947 CET	445	50381	119.135.172.1	192.168.2.6
Jan 15, 2025 02:53:16.937803984 CET	50381	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:16.937803984 CET	50381	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:16.942660093 CET	445	50381	119.135.172.1	192.168.2.6
Jan 15, 2025 02:53:17.029213905 CET	445	50273	70.83.190.1	192.168.2.6
Jan 15, 2025 02:53:17.029320955 CET	50273	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:53:17.029405117 CET	50273	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:53:17.029438972 CET	50273	445	192.168.2.6	70.83.190.1
Jan 15, 2025 02:53:17.034326077 CET	445	50273	70.83.190.1	192.168.2.6
Jan 15, 2025 02:53:17.034356117 CET	445	50273	70.83.190.1	192.168.2.6
Jan 15, 2025 02:53:17.093596935 CET	50382	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:17.098520041 CET	445	50382	70.83.190.2	192.168.2.6
Jan 15, 2025 02:53:17.098627090 CET	50382	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:17.098627090 CET	50382	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:17.098965883 CET	50383	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:17.103627920 CET	445	50382	70.83.190.2	192.168.2.6
Jan 15, 2025 02:53:17.103677034 CET	50382	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:17.103858948 CET	445	50383	70.83.190.2	192.168.2.6
Jan 15, 2025 02:53:17.103914976 CET	50383	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:17.103944063 CET	50383	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:17.108756065 CET	445	50383	70.83.190.2	192.168.2.6
Jan 15, 2025 02:53:17.812263012 CET	50385	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:53:17.817109108 CET	445	50385	30.7.203.1	192.168.2.6
Jan 15, 2025 02:53:17.817184925 CET	50385	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:53:17.817213058 CET	50385	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:53:17.822002888 CET	445	50385	30.7.203.1	192.168.2.6
Jan 15, 2025 02:53:18.841022015 CET	445	50290	46.223.3.1	192.168.2.6
Jan 15, 2025 02:53:18.841093063 CET	50290	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:53:18.841126919 CET	50290	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:53:18.841155052 CET	50290	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:53:18.846008062 CET	445	50290	46.223.3.1	192.168.2.6
Jan 15, 2025 02:53:18.846038103 CET	445	50290	46.223.3.1	192.168.2.6
Jan 15, 2025 02:53:19.033607960 CET	445	50291	88.17.75.1	192.168.2.6
Jan 15, 2025 02:53:19.034168959 CET	50291	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:53:19.034240007 CET	50291	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:53:19.034307957 CET	50291	445	192.168.2.6	88.17.75.1
Jan 15, 2025 02:53:19.039125919 CET	445	50291	88.17.75.1	192.168.2.6
Jan 15, 2025 02:53:19.039154053 CET	445	50291	88.17.75.1	192.168.2.6
Jan 15, 2025 02:53:19.094120979 CET	50390	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:19.098953962 CET	445	50390	88.17.75.2	192.168.2.6
Jan 15, 2025 02:53:19.099030018 CET	50390	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:19.099163055 CET	50390	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:19.099581957 CET	50391	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:19.104098082 CET	445	50390	88.17.75.2	192.168.2.6
Jan 15, 2025 02:53:19.104149103 CET	50390	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:19.104545116 CET	445	50391	88.17.75.2	192.168.2.6
Jan 15, 2025 02:53:19.104633093 CET	50391	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:19.104679108 CET	50391	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:19.109533072 CET	445	50391	88.17.75.2	192.168.2.6
Jan 15, 2025 02:53:19.700387001 CET	445	50298	2.190.128.2	192.168.2.6
Jan 15, 2025 02:53:19.700459957 CET	50298	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:53:19.700501919 CET	50298	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:53:19.700535059 CET	50298	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:53:19.705420017 CET	445	50298	2.190.128.2	192.168.2.6
Jan 15, 2025 02:53:19.705450058 CET	445	50298	2.190.128.2	192.168.2.6
Jan 15, 2025 02:53:19.859338045 CET	50398	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:53:19.864588022 CET	445	50398	112.113.202.1	192.168.2.6
Jan 15, 2025 02:53:19.864733934 CET	50398	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:53:19.864733934 CET	50398	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:53:19.869573116 CET	445	50398	112.113.202.1	192.168.2.6
Jan 15, 2025 02:53:20.877939939 CET	445	50307	223.2.101.1	192.168.2.6
Jan 15, 2025 02:53:20.878062010 CET	50307	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:53:20.878062010 CET	50307	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:53:20.878106117 CET	50307	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:53:20.882939100 CET	445	50307	223.2.101.1	192.168.2.6
Jan 15, 2025 02:53:20.882968903 CET	445	50307	223.2.101.1	192.168.2.6
Jan 15, 2025 02:53:21.257117033 CET	445	50311	113.99.161.1	192.168.2.6
Jan 15, 2025 02:53:21.257200003 CET	50311	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:53:21.257280111 CET	50311	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:53:21.257399082 CET	50311	445	192.168.2.6	113.99.161.1
Jan 15, 2025 02:53:21.262099028 CET	445	50311	113.99.161.1	192.168.2.6
Jan 15, 2025 02:53:21.262109995 CET	445	50311	113.99.161.1	192.168.2.6
Jan 15, 2025 02:53:21.312707901 CET	50410	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:21.319130898 CET	445	50410	113.99.161.2	192.168.2.6
Jan 15, 2025 02:53:21.319231987 CET	50410	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:21.319231987 CET	50410	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:21.319600105 CET	50411	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:21.326009989 CET	445	50410	113.99.161.2	192.168.2.6
Jan 15, 2025 02:53:21.326093912 CET	50410	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:21.326349974 CET	445	50411	113.99.161.2	192.168.2.6
Jan 15, 2025 02:53:21.326426983 CET	50411	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:21.326472998 CET	50411	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:21.333072901 CET	445	50411	113.99.161.2	192.168.2.6
Jan 15, 2025 02:53:21.855875969 CET	50417	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:53:21.860733986 CET	445	50417	46.223.3.1	192.168.2.6
Jan 15, 2025 02:53:21.865051031 CET	50417	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:53:21.871093988 CET	50417	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:53:21.875965118 CET	445	50417	46.223.3.1	192.168.2.6
Jan 15, 2025 02:53:22.702961922 CET	50425	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:53:22.708127975 CET	445	50425	2.190.128.2	192.168.2.6
Jan 15, 2025 02:53:22.708236933 CET	50425	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:53:22.708276987 CET	50425	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:53:22.713160992 CET	445	50425	2.190.128.2	192.168.2.6
Jan 15, 2025 02:53:23.064412117 CET	445	50325	134.252.241.1	192.168.2.6
Jan 15, 2025 02:53:23.064517975 CET	50325	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:53:23.064572096 CET	50325	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:53:23.064585924 CET	50325	445	192.168.2.6	134.252.241.1
Jan 15, 2025 02:53:23.069418907 CET	445	50325	134.252.241.1	192.168.2.6
Jan 15, 2025 02:53:23.069468975 CET	445	50325	134.252.241.1	192.168.2.6
Jan 15, 2025 02:53:23.125119925 CET	50432	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:23.129973888 CET	445	50432	134.252.241.2	192.168.2.6
Jan 15, 2025 02:53:23.132281065 CET	50432	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:23.133022070 CET	50432	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:23.133384943 CET	50433	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:23.138581991 CET	445	50432	134.252.241.2	192.168.2.6
Jan 15, 2025 02:53:23.138642073 CET	50432	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:23.138928890 CET	445	50433	134.252.241.2	192.168.2.6
Jan 15, 2025 02:53:23.139043093 CET	50433	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:23.139059067 CET	50433	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:23.143812895 CET	445	50433	134.252.241.2	192.168.2.6
Jan 15, 2025 02:53:23.890391111 CET	50444	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:53:23.895379066 CET	445	50444	223.2.101.1	192.168.2.6
Jan 15, 2025 02:53:23.896182060 CET	50444	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:53:23.896182060 CET	50444	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:53:23.901062012 CET	445	50444	223.2.101.1	192.168.2.6
Jan 15, 2025 02:53:24.494690895 CET	445	50328	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:24.494765043 CET	50328	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:24.494839907 CET	50328	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:24.494883060 CET	50328	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:24.499646902 CET	445	50328	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:24.499660969 CET	445	50328	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:25.158046007 CET	445	50329	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:25.158181906 CET	50329	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:25.158256054 CET	50329	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:25.158256054 CET	50329	445	192.168.2.6	44.142.202.1
Jan 15, 2025 02:53:25.163114071 CET	445	50329	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:25.163126945 CET	445	50329	44.142.202.1	192.168.2.6
Jan 15, 2025 02:53:25.218581915 CET	50470	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:25.223392010 CET	445	50470	44.142.202.2	192.168.2.6
Jan 15, 2025 02:53:25.223464012 CET	50470	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:25.223500967 CET	50470	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:25.223845959 CET	50471	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:25.228562117 CET	445	50470	44.142.202.2	192.168.2.6
Jan 15, 2025 02:53:25.228662014 CET	50470	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:25.228710890 CET	445	50471	44.142.202.2	192.168.2.6
Jan 15, 2025 02:53:25.228770018 CET	50471	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:25.228792906 CET	50471	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:25.234286070 CET	445	50471	44.142.202.2	192.168.2.6
Jan 15, 2025 02:53:26.173055887 CET	445	50332	16.6.71.1	192.168.2.6
Jan 15, 2025 02:53:26.173137903 CET	50332	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:26.173178911 CET	50332	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:26.173191071 CET	50332	445	192.168.2.6	16.6.71.1
Jan 15, 2025 02:53:26.178073883 CET	445	50332	16.6.71.1	192.168.2.6
Jan 15, 2025 02:53:26.178106070 CET	445	50332	16.6.71.1	192.168.2.6
Jan 15, 2025 02:53:27.186989069 CET	445	50333	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:27.187078953 CET	50333	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:27.187112093 CET	50333	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:27.187199116 CET	50333	445	192.168.2.6	79.149.62.1
Jan 15, 2025 02:53:27.192033052 CET	445	50333	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:27.192049026 CET	445	50333	79.149.62.1	192.168.2.6
Jan 15, 2025 02:53:27.250041008 CET	50531	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:27.255502939 CET	445	50531	79.149.62.2	192.168.2.6
Jan 15, 2025 02:53:27.255584955 CET	50531	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:27.255789042 CET	50531	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:27.256072044 CET	50533	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:27.261109114 CET	445	50531	79.149.62.2	192.168.2.6
Jan 15, 2025 02:53:27.261173964 CET	50531	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:27.261301041 CET	445	50533	79.149.62.2	192.168.2.6
Jan 15, 2025 02:53:27.261372089 CET	50533	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:27.261406898 CET	50533	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:27.266206980 CET	445	50533	79.149.62.2	192.168.2.6
Jan 15, 2025 02:53:27.499861956 CET	50545	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:27.504777908 CET	445	50545	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:27.504849911 CET	50545	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:27.504870892 CET	50545	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:27.509762049 CET	445	50545	27.13.195.1	192.168.2.6
Jan 15, 2025 02:53:27.655459881 CET	445	50337	68.173.107.1	192.168.2.6
Jan 15, 2025 02:53:27.655692101 CET	50337	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:27.655692101 CET	50337	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:27.655692101 CET	50337	445	192.168.2.6	68.173.107.1
Jan 15, 2025 02:53:27.660660028 CET	445	50337	68.173.107.1	192.168.2.6
Jan 15, 2025 02:53:27.660690069 CET	445	50337	68.173.107.1	192.168.2.6
Jan 15, 2025 02:53:29.077370882 CET	445	50340	90.101.167.1	192.168.2.6
Jan 15, 2025 02:53:29.077454090 CET	50340	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:29.108838081 CET	445	50341	8.114.55.1	192.168.2.6
Jan 15, 2025 02:53:29.108897924 CET	50341	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:29.329385996 CET	445	50343	185.149.203.2	192.168.2.6
Jan 15, 2025 02:53:29.329485893 CET	50343	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:30.142754078 CET	50347	445	192.168.2.6	102.114.25.1
Jan 15, 2025 02:53:30.142786026 CET	50383	445	192.168.2.6	70.83.190.2
Jan 15, 2025 02:53:30.142869949 CET	50346	445	192.168.2.6	76.187.63.1
Jan 15, 2025 02:53:30.142923117 CET	50417	445	192.168.2.6	46.223.3.1
Jan 15, 2025 02:53:30.143151045 CET	50471	445	192.168.2.6	44.142.202.2
Jan 15, 2025 02:53:30.143151045 CET	50372	445	192.168.2.6	48.84.84.2
Jan 15, 2025 02:53:30.143151045 CET	50391	445	192.168.2.6	88.17.75.2
Jan 15, 2025 02:53:30.143157005 CET	50340	445	192.168.2.6	90.101.167.1
Jan 15, 2025 02:53:30.143157959 CET	50341	445	192.168.2.6	8.114.55.1
Jan 15, 2025 02:53:30.143177032 CET	50343	445	192.168.2.6	185.149.203.2
Jan 15, 2025 02:53:30.143203020 CET	50350	445	192.168.2.6	36.227.128.1
Jan 15, 2025 02:53:30.143232107 CET	50352	445	192.168.2.6	147.174.249.2
Jan 15, 2025 02:53:30.143255949 CET	50355	445	192.168.2.6	56.148.232.1
Jan 15, 2025 02:53:30.143342972 CET	50357	445	192.168.2.6	114.249.64.1
Jan 15, 2025 02:53:30.143368959 CET	50360	445	192.168.2.6	188.217.194.1
Jan 15, 2025 02:53:30.143408060 CET	50363	445	192.168.2.6	117.78.75.2
Jan 15, 2025 02:53:30.143419981 CET	50366	445	192.168.2.6	131.21.241.1
Jan 15, 2025 02:53:30.143451929 CET	50367	445	192.168.2.6	222.133.228.1
Jan 15, 2025 02:53:30.143491983 CET	50370	445	192.168.2.6	108.114.73.1
Jan 15, 2025 02:53:30.143512964 CET	50375	445	192.168.2.6	4.244.95.1
Jan 15, 2025 02:53:30.143531084 CET	50378	445	192.168.2.6	47.75.20.1
Jan 15, 2025 02:53:30.143553972 CET	50381	445	192.168.2.6	119.135.172.1
Jan 15, 2025 02:53:30.143568039 CET	50385	445	192.168.2.6	30.7.203.1
Jan 15, 2025 02:53:30.143620968 CET	50425	445	192.168.2.6	2.190.128.2
Jan 15, 2025 02:53:30.143650055 CET	50411	445	192.168.2.6	113.99.161.2
Jan 15, 2025 02:53:30.143676043 CET	50398	445	192.168.2.6	112.113.202.1
Jan 15, 2025 02:53:30.143676043 CET	50444	445	192.168.2.6	223.2.101.1
Jan 15, 2025 02:53:30.143735886 CET	50433	445	192.168.2.6	134.252.241.2
Jan 15, 2025 02:53:30.143748045 CET	50545	445	192.168.2.6	27.13.195.1
Jan 15, 2025 02:53:30.143943071 CET	50533	445	192.168.2.6	79.149.62.2
Jan 15, 2025 02:53:54.593549013 CET	49706	80	192.168.2.6	2.17.190.73
Jan 15, 2025 02:53:54.593549013 CET	49704	443	192.168.2.6	40.126.32.136
Jan 15, 2025 02:53:54.598756075 CET	80	49706	2.17.190.73	192.168.2.6
Jan 15, 2025 02:53:54.598824978 CET	49706	80	192.168.2.6	2.17.190.73
Jan 15, 2025 02:53:54.599165916 CET	443	49704	40.126.32.136	192.168.2.6
Jan 15, 2025 02:53:54.599215031 CET	49704	443	192.168.2.6	40.126.32.136
Jan 15, 2025 02:53:57.112935066 CET	49707	443	192.168.2.6	40.126.32.136
Jan 15, 2025 02:53:57.113190889 CET	49710	443	192.168.2.6	40.126.32.136
Jan 15, 2025 02:53:57.120621920 CET	443	49707	40.126.32.136	192.168.2.6
Jan 15, 2025 02:53:57.120663881 CET	49707	443	192.168.2.6	40.126.32.136
Jan 15, 2025 02:53:57.121212006 CET	443	49710	40.126.32.136	192.168.2.6
Jan 15, 2025 02:53:57.121244907 CET	49710	443	192.168.2.6	40.126.32.136
Jan 15, 2025 02:54:00.577982903 CET	49714	80	192.168.2.6	2.17.190.73
Jan 15, 2025 02:54:00.583096027 CET	80	49714	2.17.190.73	192.168.2.6
Jan 15, 2025 02:54:00.583141088 CET	49714	80	192.168.2.6	2.17.190.73
Jan 15, 2025 02:54:30.190618992 CET	50650	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:54:30.195552111 CET	80	50650	103.224.212.215	192.168.2.6
Jan 15, 2025 02:54:30.195661068 CET	50650	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:54:30.195780993 CET	50650	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:54:30.200613976 CET	80	50650	103.224.212.215	192.168.2.6
Jan 15, 2025 02:54:30.791536093 CET	80	50650	103.224.212.215	192.168.2.6
Jan 15, 2025 02:54:30.791600943 CET	80	50650	103.224.212.215	192.168.2.6
Jan 15, 2025 02:54:30.791605949 CET	50650	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:54:30.791651964 CET	50650	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:54:30.794327021 CET	50650	80	192.168.2.6	103.224.212.215
Jan 15, 2025 02:54:30.795269966 CET	50651	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:54:30.799124002 CET	80	50650	103.224.212.215	192.168.2.6
Jan 15, 2025 02:54:30.800127983 CET	80	50651	199.59.243.228	192.168.2.6
Jan 15, 2025 02:54:30.800271988 CET	50651	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:54:30.800271988 CET	50651	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:54:30.805074930 CET	80	50651	199.59.243.228	192.168.2.6
Jan 15, 2025 02:54:31.255026102 CET	80	50651	199.59.243.228	192.168.2.6
Jan 15, 2025 02:54:31.255047083 CET	80	50651	199.59.243.228	192.168.2.6
Jan 15, 2025 02:54:31.255331039 CET	50651	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:54:31.259155035 CET	50651	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:54:31.259155035 CET	50651	80	192.168.2.6	199.59.243.228
Jan 15, 2025 02:54:31.265486002 CET	50652	445	192.168.2.6	85.142.34.175
Jan 15, 2025 02:54:31.270319939 CET	445	50652	85.142.34.175	192.168.2.6
Jan 15, 2025 02:54:31.270564079 CET	50654	445	192.168.2.6	85.142.34.1
Jan 15, 2025 02:54:31.270664930 CET	50652	445	192.168.2.6	85.142.34.175
Jan 15, 2025 02:54:31.270664930 CET	50652	445	192.168.2.6	85.142.34.175
Jan 15, 2025 02:54:31.275341988 CET	445	50654	85.142.34.1	192.168.2.6
Jan 15, 2025 02:54:31.275496006 CET	50654	445	192.168.2.6	85.142.34.1
Jan 15, 2025 02:54:31.275547028 CET	50654	445	192.168.2.6	85.142.34.1
Jan 15, 2025 02:54:31.275691986 CET	445	50652	85.142.34.175	192.168.2.6
Jan 15, 2025 02:54:31.275744915 CET	50652	445	192.168.2.6	85.142.34.175
Jan 15, 2025 02:54:31.277453899 CET	50656	445	192.168.2.6	85.142.34.1
Jan 15, 2025 02:54:31.280435085 CET	445	50654	85.142.34.1	192.168.2.6
Jan 15, 2025 02:54:31.280955076 CET	50654	445	192.168.2.6	85.142.34.1
Jan 15, 2025 02:54:31.282212973 CET	445	50656	85.142.34.1	192.168.2.6
Jan 15, 2025 02:54:31.282280922 CET	50656	445	192.168.2.6	85.142.34.1
Jan 15, 2025 02:54:31.282362938 CET	50656	445	192.168.2.6	85.142.34.1
Jan 15, 2025 02:54:31.287205935 CET	445	50656	85.142.34.1	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 02:52:21.806843042 CET	53119	53	192.168.2.6	1.1.1.1
Jan 15, 2025 02:52:22.112925053 CET	53	53119	1.1.1.1	192.168.2.6
Jan 15, 2025 02:52:22.722351074 CET	62331	53	192.168.2.6	1.1.1.1
Jan 15, 2025 02:52:23.050756931 CET	53	62331	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 02:52:21.806843042 CET	192.168.2.6	1.1.1.1	0x61ae	Standard query (0)	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 02:52:22.722351074 CET	192.168.2.6	1.1.1.1	0x9e16	Standard query (0)	ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 02:52:15.239187002 CET	1.1.1.1	192.168.2.6	0xc4ec	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 02:52:15.239187002 CET	1.1.1.1	192.168.2.6	0xc4ec	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 15, 2025 02:52:22.112925053 CET	1.1.1.1	192.168.2.6	0x61ae	No error (0)	www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com		103.224.212.215	A (IP address)	IN (0x0001)	false
Jan 15, 2025 02:52:23.050756931 CET	1.1.1.1	192.168.2.6	0x9e16	No error (0)	ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com	77026.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 02:52:23.050756931 CET	1.1.1.1	192.168.2.6	0x9e16	No error (0)	77026.bodis.com		199.59.243.228	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

tse1.mm.bing.net

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49760	103.224.212.215	80	5072	C:\Windows\mssecsvr.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:52:22.123343945 CET	100	OUT	GET / HTTP/1.1 Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Cache-Control: no-cache
Jan 15, 2025 02:52:22.716481924 CET	365	IN	HTTP/1.1 302 Found date: Wed, 15 Jan 2025 01:52:22 GMT server: Apache set-cookie: __tad=1736905942.8520710; expires=Sat, 13-Jan-2035 01:52:22 GMT; Max-Age=315360000 location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-223d-bfe5-eafa75e00aa0 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49766	199.59.243.228	80	5072	C:\Windows\mssecsvr.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:52:23.064048052 CET	169	OUT	GET /?subid1=20250115-1252-223d-bfe5-eafa75e00aa0 HTTP/1.1 Cache-Control: no-cache Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Connection: Keep-Alive
Jan 15, 2025 02:52:23.547317982 CET	1236	IN	HTTP/1.1 200 OK date: Wed, 15 Jan 2025 01:52:23 GMT content-type: text/html; charset=utf-8 content-length: 1262 x-request-id: 02f4a5e1-bc9e-499a-b87f-cbca01081703 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_mVGaEL5DZE3DUfHi2cNxLH3Ak02GVS/+uGDrxI0bYCBePYo614uCpbUhFdMPK1da6RLfRmUSI9a39Lr66W+sKQ== set-cookie: parking_session=02f4a5e1-bc9e-499a-b87f-cbca01081703; expires=Wed, 15 Jan 2025 02:07:23 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6d 56 47 61 45 4c 35 44 5a 45 33 44 55 66 48 69 32 63 4e 78 4c 48 33 41 6b 30 32 47 56 53 2f 2b 75 47 44 72 78 49 30 62 59 43 42 65 50 59 6f 36 31 34 75 43 70 62 55 68 46 64 4d 50 4b 31 64 61 36 52 4c 66 52 6d 55 53 49 39 61 33 39 4c 72 36 36 57 2b 73 4b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_mVGaEL5DZE3DUfHi2cNxLH3Ak02GVS/+uGDrxI0bYCBePYo614uCpbUhFdMPK1da6RLfRmUSI9a39Lr66W+sKQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Jan 15, 2025 02:52:23.547334909 CET	696	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDJmNGE1ZTEtYmM5ZS00OTlhLWI4N2YtY2JjYTAxMDgxNzAzIiwicGFnZV90aW1lIjoxNzM2OTA1OTQzLCJwYWdlX3VybCI6I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49772	103.224.212.215	80	2820	C:\Windows\mssecsvr.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:52:23.706012011 CET	100	OUT	GET / HTTP/1.1 Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Cache-Control: no-cache
Jan 15, 2025 02:52:24.330926895 CET	365	IN	HTTP/1.1 302 Found date: Wed, 15 Jan 2025 01:52:24 GMT server: Apache set-cookie: __tad=1736905944.7871305; expires=Sat, 13-Jan-2035 01:52:24 GMT; Max-Age=315360000 location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-2445-b94c-0396d6dca6c3 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49777	199.59.243.228	80	2820	C:\Windows\mssecsvr.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:52:24.341330051 CET	169	OUT	GET /?subid1=20250115-1252-2445-b94c-0396d6dca6c3 HTTP/1.1 Cache-Control: no-cache Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Connection: Keep-Alive
Jan 15, 2025 02:52:24.845679998 CET	1236	IN	HTTP/1.1 200 OK date: Wed, 15 Jan 2025 01:52:24 GMT content-type: text/html; charset=utf-8 content-length: 1262 x-request-id: c8070003-33c9-4ee9-a192-3668db21c367 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rTWM1gg7yIje1hAzGxSIdFUNjANfXOmDXzDvvlLw7W/haFczzSPvLh89z4HhLccP+zwQhhprVrbox0saJYetCA== set-cookie: parking_session=c8070003-33c9-4ee9-a192-3668db21c367; expires=Wed, 15 Jan 2025 02:07:24 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 72 54 57 4d 31 67 67 37 79 49 6a 65 31 68 41 7a 47 78 53 49 64 46 55 4e 6a 41 4e 66 58 4f 6d 44 58 7a 44 76 76 6c 4c 77 37 57 2f 68 61 46 63 7a 7a 53 50 76 4c 68 38 39 7a 34 48 68 4c 63 63 50 2b 7a 77 51 68 68 70 72 56 72 62 6f 78 30 73 61 4a 59 65 74 43 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_rTWM1gg7yIje1hAzGxSIdFUNjANfXOmDXzDvvlLw7W/haFczzSPvLh89z4HhLccP+zwQhhprVrbox0saJYetCA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Jan 15, 2025 02:52:24.845716000 CET	696	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzgwNzAwMDMtMzNjOS00ZWU5LWExOTItMzY2OGRiMjFjMzY3IiwicGFnZV90aW1lIjoxNzM2OTA1OTQ0LCJwYWdlX3VybCI6I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49779	103.224.212.215	80	5536	C:\Windows\mssecsvr.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:52:24.836139917 CET	134	OUT	GET / HTTP/1.1 Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Cache-Control: no-cache Cookie: __tad=1736905942.8520710
Jan 15, 2025 02:52:25.425900936 CET	269	IN	HTTP/1.1 302 Found date: Wed, 15 Jan 2025 01:52:25 GMT server: Apache location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1252-25c1-9452-126911d13e91 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49791	199.59.243.228	80	5536	C:\Windows\mssecsvr.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:52:25.439827919 CET	231	OUT	GET /?subid1=20250115-1252-25c1-9452-126911d13e91 HTTP/1.1 Cache-Control: no-cache Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Connection: Keep-Alive Cookie: parking_session=02f4a5e1-bc9e-499a-b87f-cbca01081703
Jan 15, 2025 02:52:25.902156115 CET	1236	IN	HTTP/1.1 200 OK date: Wed, 15 Jan 2025 01:52:25 GMT content-type: text/html; charset=utf-8 content-length: 1262 x-request-id: 6ca53e8a-fbd6-47ba-a9b0-d1da62cc8320 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sbPr5BgYK8Vc9r/E33oSoV6JKIErSil4k0i8ZIyFdbLvhVN2uXPWh7HtVjY7q5CZOF7ttCxL3ZiZMU555vAekg== set-cookie: parking_session=02f4a5e1-bc9e-499a-b87f-cbca01081703; expires=Wed, 15 Jan 2025 02:07:25 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 73 62 50 72 35 42 67 59 4b 38 56 63 39 72 2f 45 33 33 6f 53 6f 56 36 4a 4b 49 45 72 53 69 6c 34 6b 30 69 38 5a 49 79 46 64 62 4c 76 68 56 4e 32 75 58 50 57 68 37 48 74 56 6a 59 37 71 35 43 5a 4f 46 37 74 74 43 78 4c 33 5a 69 5a 4d 55 35 35 35 76 41 65 6b 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sbPr5BgYK8Vc9r/E33oSoV6JKIErSil4k0i8ZIyFdbLvhVN2uXPWh7HtVjY7q5CZOF7ttCxL3ZiZMU555vAekg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
Jan 15, 2025 02:52:25.902173042 CET	688	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDJmNGE1ZTEtYmM5ZS00OTlhLWI4N2YtY2JjYTAxMDgxNzAzIiwicGFnZV90aW1lIjoxNzM2OTA1OTQ1LCJwYWdlX3VybCI6Imh0dHA6L

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	50650	103.224.212.215	80

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:54:30.195780993 CET	100	OUT	GET / HTTP/1.1 Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Cache-Control: no-cache
Jan 15, 2025 02:54:30.791536093 CET	365	IN	HTTP/1.1 302 Found date: Wed, 15 Jan 2025 01:54:30 GMT server: Apache set-cookie: __tad=1736906070.8013298; expires=Sat, 13-Jan-2035 01:54:30 GMT; Max-Age=315360000 location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-1254-3084-96ca-8a185b1cc780 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	50651	199.59.243.228	80

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 02:54:30.800271988 CET	169	OUT	GET /?subid1=20250115-1254-3084-96ca-8a185b1cc780 HTTP/1.1 Cache-Control: no-cache Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com Connection: Keep-Alive
Jan 15, 2025 02:54:31.255026102 CET	1236	IN	HTTP/1.1 200 OK date: Wed, 15 Jan 2025 01:54:31 GMT content-type: text/html; charset=utf-8 content-length: 1262 x-request-id: 8b3fd1b1-a325-429a-bc37-b3b9459a50f2 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IvDjXPVTk3zGl1dTmF7ar0fiEDQ2ZJl3gc8a6PuuS47p+/RGNPZ6m0/q69a1E+63Mu7dKrHYydtCBEMevra/Ug== set-cookie: parking_session=8b3fd1b1-a325-429a-bc37-b3b9459a50f2; expires=Wed, 15 Jan 2025 02:09:31 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 49 76 44 6a 58 50 56 54 6b 33 7a 47 6c 31 64 54 6d 46 37 61 72 30 66 69 45 44 51 32 5a 4a 6c 33 67 63 38 61 36 50 75 75 53 34 37 70 2b 2f 52 47 4e 50 5a 36 6d 30 2f 71 36 39 61 31 45 2b 36 33 4d 75 37 64 4b 72 48 59 79 64 74 43 42 45 4d 65 76 72 61 2f 55 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IvDjXPVTk3zGl1dTmF7ar0fiEDQ2ZJl3gc8a6PuuS47p+/RGNPZ6m0/q69a1E+63Mu7dKrHYydtCBEMevra/Ug==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Jan 15, 2025 02:54:31.255047083 CET	696	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOGIzZmQxYjEtYTMyNS00MjlhLWJjMzctYjNiOTQ1OWE1MGYyIiwicGFnZV90aW1lIjoxNzM2OTA2MDcxLCJwYWdlX3VybCI6I

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	50177	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 01:52:48 UTC	375	OUT	GET /th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-15 01:52:48 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 380972 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 75C3DD146A5C4B9DB0CF372013B8D4CD Ref B: EWR311000107017 Ref C: 2025-01-15T01:52:48Z Date: Wed, 15 Jan 2025 01:52:47 GMT Connection: close
2025-01-15 01:52:48 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 32 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 32 34 20 31 31 3a 30 33 3a 30 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.12 (Windows)2024:10:24 11:03:058C
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: a6 f9 3c c1 8e a3 a7 43 d3 d6 bd 1c 05 2a 75 6a 72 4d 1c b9 95 4a d4 28 fb 5a 4d 69 ba 6b 73 a9 b1 d4 62 97 e7 0d 56 e7 94 49 0d 78 dd ae b9 aa e9 77 8d 0c be 64 52 c7 f7 a2 99 7e 65 ad 68 fc 71 a8 85 c1 8a 06 fc eb d1 a9 93 d5 52 f7 0f 2a 97 11 d0 69 7b 54 d3 3d 1d 25 1d 0d 6b 59 e8 37 77 36 ad 7f 6e cb 2c 50 ae 5b 6f cd 5e 6b a5 f8 ca da 56 5f b4 ab 44 7f 8b f8 85 7a 2f c2 6f 1e 69 1a 65 e5 d4 52 af da a1 ba 51 e6 47 1b 0e df 5e d5 c9 53 07 56 9f c4 8e c9 66 b4 ea d3 e6 c3 c9 37 db bf de 75 1e 1f bb d1 bc 21 a7 cf 16 b7 12 c5 1e a0 a5 be d6 d1 96 49 03 26 70 0f b7 b5 79 7f 89 b4 e4 9f 47 d4 35 27 55 95 77 34 96 ca 8a 55 d4 7b f7 35 d2 fc 41 d6 07 89 3c ab 72 ab 1d a4 12 19 62 8d a4 dd b7 27 f2 1e 94 78 5e 44 9e df fd 1b 6c f3 7c c1 63 5c 32 e4 74 06 a6 Data Ascii: <CujrMJ(ZMiksbVIxwdR~ehqRi{T=%kY7w6n,P[o^kV_Dz/oieRQG^SVf7u!I&pyG5'Uw4U{5A<rb'x^Dl\|c\2t
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: db f9 72 6c 35 f7 59 76 29 56 a2 af ba 3f 1d cf b2 e7 84 c4 b7 1d 9e a7 49 a6 df 5a 6a b0 c7 6d aa ca d1 79 7b 45 b4 b6 d1 a2 a4 23 a3 19 06 32 dc 7b d4 77 56 90 db ea 0d 15 bd e4 77 51 2b 63 cf 6f 91 5b f3 ed 59 9e 1d bd 1a 75 e7 9e 60 5b 9d aa 47 97 23 1d 99 3c 64 e3 d2 b5 af e7 d2 e4 ba 69 6c ad a4 82 de 48 c7 97 1c b7 3e 63 c6 ff 00 c4 78 03 82 7b 1e 95 dd 24 ac 78 31 72 4f c8 4b 93 68 ca d2 48 ad 24 d2 37 cc b0 e1 11 7e 9c 54 77 16 fa 74 f6 72 ba 4b 3c 17 51 b0 f2 e0 92 3d eb 20 ee 77 f1 b4 fe 15 a9 a5 7f 65 dd aa c0 fa 54 f3 cd 24 65 15 6d a7 3b 9a 43 d1 b1 cf 4f 41 55 f5 49 f5 03 71 15 cc f2 34 13 5b 30 10 33 47 b5 b2 87 8c b6 3e 66 1e f5 3c a5 3a 9d 0c 89 b4 db 8b 66 d9 3c 13 c5 27 f0 ac 91 15 eb 51 a2 9d d8 35 d5 f8 93 c7 3a fe bd 66 91 f8 8e 2b Data Ascii: rl5Yv)V?IZjmy{E#2{wVwQ+co[Yu`[G#<dilH>cx{$x1rOKhH$7~TwtrK<Q= weT$em;COAUIq4[03G>f<:f<'Q5:f+
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: c4 6d 3f ed 3e 13 f1 05 b5 d3 2f 12 da 3f ee e7 84 fa 34 6d 83 fd 2b f3 51 ac fc be 63 dc df ec d3 24 28 b3 2c b0 45 24 57 51 36 e8 e5 8a 42 ae a3 d9 86 08 fa e6 b3 9c 23 3d d6 a7 34 f0 3f c8 ec 7e af b2 e5 b9 eb 49 b7 da be 12 f8 23 fb 50 7c 40 f0 ad ac 5a 3e b3 6d ff 00 09 6d 9c 0a 15 12 ee 61 1d dc 60 7a 4d d1 ff 00 e0 43 3e f5 ef 9e 03 fd ab 3e 1a 6b 5a 94 5a 67 88 62 d5 3c 25 7d 2e 36 ff 00 6b c2 16 0c 9e de 72 92 bf 89 c5 73 cb 0f 35 aa d5 1c 92 84 e1 f1 23 dc 71 4b b6 a3 b1 ba b5 bd b3 4b ab 1b 98 6e 6d a5 5c c7 2c 12 07 46 1e c4 71 53 57 2c 9b 4e cc 9d c6 6d a3 6d 49 8a 31 4a f7 02 3d b4 6d a7 e3 da 95 56 8e 60 b0 cd b4 6d a7 e3 de 8c 51 71 d8 66 da 36 d3 b3 4b 8f 7a 2e 85 66 47 b6 97 6d 39 85 18 f6 a0 6d 58 6e d3 46 da 7e 28 c5 2b 88 63 2d 1b 69 Data Ascii: m?>/?4m+Qc$(,E$WQ6B#=4?~I#P\|@Z>mma`zMC>>kZZgb<%}.6krs5#qKKnm\,FqSW,NmmI1J=mV`mQqf6Kz.fGm9mXnF~(+c-i
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: 64 e7 d7 91 53 3a 6f 6b 1a 53 c4 47 ab b2 38 19 a3 31 36 c7 ea bf dd a1 00 3c 96 ae 97 5c f0 bf 88 2c 26 8c ea 9a 53 5b c8 ca 04 70 49 84 79 87 41 b5 7a b7 bd 55 4d 32 da 69 23 cf ee 2e 37 61 a0 e5 99 8f b2 75 ac 1c 5a 3a e9 ce 12 5a 3b 98 6a ae 5b 0a dc d6 9e 9b a4 6a 17 11 ac 90 59 c9 2c 4d 26 cf 35 63 2e 99 f4 ca 8a e8 34 5f 09 cf 79 75 bf ec aa d1 b4 9b 62 dd 1b c7 1b 11 d3 39 c1 00 9f 5a f5 0f 0e f8 12 f7 40 f0 ed cb dd df 47 a6 c5 1e d9 27 59 6e cc 8c c4 ff 00 0a db c3 93 c6 78 2c 73 58 4a bd 18 7c 52 3b 63 85 c5 4d 7e ee 1b f7 d1 1e 55 a5 68 ba 74 52 2c 97 92 fd a6 48 db 12 d9 43 3f 97 33 67 a1 4f 94 f0 3d c5 6d e8 b6 96 ed 7c a5 34 e5 b6 54 63 b6 39 18 b3 7d 5d 9b a9 f7 c5 7a 1d c6 93 61 6b 66 d3 d9 c9 76 d6 d1 4a a6 36 6b 21 6f 73 24 84 60 ff 00 Data Ascii: dS:okSG816<\,&S[pIyAzUM2i#.7auZ:Z;j[jY,M&5c.4_yub9Z@G'Ynx,sXJ\|R;cM~UhtR,HC?3gO=m\|4Tc9}]zakfvJ6k!os$`
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: b6 ec 55 42 ab fc 3f 75 bf 3a b2 da 6a 4b 0e fb 4b 98 a7 ff 00 c7 76 8f 7a a7 25 bc 90 73 22 ed 0d fc 55 7a 93 1d 36 37 34 3f 13 dc 69 fe 63 ee 99 8b 60 2c 6b 8d 98 ef 9f fe b5 75 7a 67 89 f4 bb f5 54 92 29 e3 6d bf 7b 8f 99 ff 00 c2 bc cd c6 7a 75 a9 2d a7 96 09 15 d6 b8 b1 18 38 55 d6 da 9e c6 07 35 ad 86 69 37 78 f6 3d 26 49 11 9b 21 b7 0a 6c ed b9 70 5b cc 35 8d a0 df 79 d6 eb bf ef 2a fc d5 a0 a4 9a f1 27 4e 50 93 47 d9 d2 ad 4e b5 35 35 d4 8a e6 1c f4 aa cd 19 11 b2 0e 8d f7 be 5f bd 57 18 e7 8a 16 35 1f ed 56 91 a8 d2 39 ea d1 8c fa 19 73 58 fc ac 42 d5 2b 9b 00 63 f9 62 db fd ef 9a ba 16 40 7a ad 43 24 01 9b da ba 29 e2 1a 7b 9c 35 b0 10 9a d1 1c db 59 63 90 db 4d 57 b8 b6 90 f5 dc df ef 57 4b 2d ba f4 db 55 a6 b6 25 b1 b6 ba a1 8a ee cf 2e b6 5a Data Ascii: UB?u:jKKvz%s"Uz674?ic`,kuzgT)m{zu-8U5i7x=&I!lp[5y*'NPGN55_W5V9sXB+cb@zC$){5YcMWWK-U%.Z
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: fb 41 8e ab a4 5b 5f 43 1f 2c ad bf e5 1e b8 56 19 ae be c7 5d d1 35 4d 72 4b b8 9a 08 a1 56 fd d2 32 94 5f f8 08 27 3f a9 ae 0c 46 12 b5 1a 7c d2 8e 87 b5 82 ce b0 98 ba ea 9d 39 d9 be e3 9a d1 e2 69 9f f8 63 6c 6e 6c 2e e3 ec 3a fe 95 13 9f 4a bf aa f9 57 13 2b c0 d1 e3 6f f0 fd ea a7 e4 b9 55 27 a5 79 0a 77 d5 9f 5c a1 ca ac b5 20 27 d6 9a c4 0a b5 f6 6f e1 dd ff 00 8e d3 3c 80 78 74 6a ae 64 4c a2 da 2a 70 7a d5 7b 84 51 d2 af 4d 6a 43 7d fa 88 c1 db b5 69 19 23 9e a4 5f 53 3d b1 f7 5a a2 99 50 2f 15 7a 48 9d 24 da 57 6d 23 59 a7 cb f3 6e 66 ff 00 66 b7 8b b1 c3 38 dd d8 c7 b8 0c 38 15 17 92 5b e7 dd b4 ff 00 0e da e8 a6 d3 01 87 f7 31 72 bc b3 33 7a fd 6b 3f ec 47 73 79 7f 37 fb b5 bc 2b 25 b1 c3 53 0f 7d d6 86 5c 96 c1 17 2e de 69 93 f8 b9 66 a8 1a Data Ascii: A[_C,V]5MrKV2_'?F\|9iclnl.:JW+oU'yw\ 'o<xtjdL*pz{QMjC}i#_S=ZP/zH$Wm#Ynff88[1r3zk?Gsy7+%S}\.if
2025-01-15 01:52:48 UTC	16069	IN	Data Raw: 3f 34 8f 53 95 15 9a df e6 fb ab 9a 4f 20 9f e1 db 56 b9 3d 29 af bc 2b 63 ad 1c cc 5c a9 11 c7 94 f9 b6 ee a7 a3 87 6e 29 98 91 97 8a 96 d9 47 fc b4 5e 68 64 eb 72 68 c2 f5 dd c7 f7 76 d2 f2 ab c2 b3 7f 77 f8 69 18 a8 6f 91 59 b6 ff 00 76 9b 23 b2 fd f5 e2 b3 b5 cd 51 13 c2 26 ea cb 85 a7 5b 84 45 c0 5d c7 fb d4 bb dc 6d fd d5 4b 1c bb ba d5 5d d8 56 57 b8 d8 e6 d8 d9 29 26 3f ba d8 a9 d2 74 6e 4f ca 3f dd a4 52 0f 55 e6 9c d1 a6 dc 05 e3 fd ea 87 63 44 a4 85 59 62 2b c7 dd a6 6f 5d dc 2b 31 a8 a6 01 55 bf 84 7f bd 50 34 8a 3a 35 35 1b 8a 55 1a 26 92 e8 af fb 27 fd ed d5 5a 4b 89 37 73 f3 7f c0 69 ac 41 5c 96 5c d5 79 1d c2 ec 33 ad 6b 18 a3 39 56 d4 9a 4b 96 46 c9 6e 3f da aa 72 90 78 45 e2 91 c9 ee ca d5 52 69 11 59 81 6a da 30 b9 8c b1 0a da b1 f7 0e Data Ascii: ?4SO V=)+c\n)G^hdrhvwioYv#Q&[E]mK]VW)&?tnO?RUcDYb+o]+1UP4:55U&'ZK7siA\\y3k9VKFn?rxERiYj0
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: 6d eb ff 00 8f 53 e5 8a 0f 6b 53 b8 47 79 7a ad f2 ca ac 3f ba d5 61 6f 67 7f be df f8 f5 52 45 b7 55 f9 3f a5 49 19 4d d8 1b b6 fe 14 38 c3 b0 2a f5 7f 98 b4 97 53 06 e7 a7 f0 d4 df da 97 01 b6 47 3a af fc 0a aa 66 22 b8 3f 29 a6 ac 69 f7 c4 aa c7 fb b5 3e ce 0f 74 52 c4 56 5b 48 92 f2 f6 e4 6e 7f b4 f3 fd ef bd 55 97 54 bd 66 c1 9f 77 fe cd 53 0d bf c6 ab 27 fb b9 a4 62 07 dd 89 7f ef 9a 6a 30 5d 06 f1 15 bf 9d 92 c7 a8 5d f4 32 d4 8b 77 74 39 13 b5 54 20 b7 25 78 ff 00 66 8f bc d9 fb b4 b9 21 d8 bf ac 56 fe 66 5d fb 75 c8 5c 79 ed 8a 6c b7 13 6d e6 76 ff 00 be aa bb 1d ab 83 ff 00 a1 52 7c ff 00 29 1b 73 47 24 7b 07 d6 2a b5 f1 32 78 66 b8 0c cf e6 f0 bf ec d2 b5 ec e7 8f 36 a2 65 1d 5e 55 ff 00 76 9d 1e c1 fc 34 72 c7 b0 bd bd 65 f6 87 ac f2 ed e6 76 Data Ascii: mSkSGyz?aogREU?IM8SG:f"?)i>tRV[HnUTfwS'bj0]]2wt9T %xf!Vf]u\ylmvR\|)sG${2xf6e^Uv4rev
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: a0 ea b4 8d 1c 67 fe 59 6d aa f7 49 b6 a3 e3 bc 01 be f3 2f fe 83 52 2d d6 ee 37 b3 55 63 6e 0f 21 69 56 30 9c fd d6 a1 f2 db 41 ea 58 62 c7 76 1a a0 b9 c8 5c 89 55 a8 90 1d df 7a a3 78 83 b5 4a dc 2f 7e 85 5b 89 df 76 04 aa df ee d3 4b 12 bf 7a ac b4 00 7f 0d 2a db 81 cd 6d cd 14 88 57 b9 4f a7 de 65 a6 3b 7f 71 77 55 c9 2d 03 f1 b7 fe f9 a8 9b 4e ca ff 00 74 55 29 c5 8b 52 ac 2f b5 98 9e ad ce da 9f 74 2d d5 6a 44 d3 9c 74 dc c2 a7 5b 3d bc 6d 6c d2 94 e3 71 59 a4 53 56 da d8 4f 94 d4 d1 c9 20 a9 5a d9 ff 00 b9 4b 0d b1 fe ed 27 24 d0 72 bb 9c 87 f6 8e a0 7a 6e 56 a5 6b cd 43 fe 7a b2 d6 ab d9 c3 fc 57 34 e4 b3 b4 db fe bf fe fa ae ff 00 69 0f e5 38 b9 2a 5f 56 64 3d c5 e3 75 9e 4c d2 a3 5e 1f f9 6f 27 fd f5 5b 69 67 6d b7 fd 7a b7 fc 06 86 b4 b6 0d cc Data Ascii: gYmI/R-7Ucn!iV0AXbv\UzxJ/~[vKzmWOe;qwU-NtU)R/t-jDt[=mlqYSVO ZK'$rznVkCzW4i8_Vd=uL^o'[igmz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	50176	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 01:52:48 UTC	346	OUT	GET /th?id=OADD2.10239405475856_1F6V8529RVRKMO1TM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-15 01:52:48 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 432486 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: FC2B7F8B454E4A79AAD68DB3E1992BE1 Ref B: EWR30EDGE1012 Ref C: 2025-01-15T01:52:48Z Date: Wed, 15 Jan 2025 01:52:47 GMT Connection: close
2025-01-15 01:52:48 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 f4 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 3a 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 ac 87 69 00 04 00 00 00 01 00 00 00 c0 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 36 2e 32 20 28 32 30 32 34 31 31 32 37 2e 6d 2e 32 38 38 35 20 31 37 39 37 34 33 31 29 20 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 32 3a 31 33 20 31 30 3a 30 38 3a 34 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 Data Ascii: JFIFHHExifMM*bj(1:r2i``Adobe Photoshop 26.2 (20241127.m.2885 1797431) (Windows)2024:12:13 10:08:468
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: 42 c9 ea 3d e9 ac bf 36 d1 d7 8c 9a 9b 8d bc 0c 7d 29 a4 7c bc fe 74 d4 8a 20 c7 aa fe 54 8d fa 8e bc 7e a2 a5 65 f4 3c e4 63 f9 0a 6e 0f 4c 7f 43 56 80 8c 8c 7f 2e 3a 75 a0 8f 5e 38 e3 34 ec 75 04 e0 e3 fc f4 a4 fe 1c 7b 74 ff 00 eb 53 13 19 80 78 f5 1f 9d 27 1d 05 3f 1f 36 47 7f c2 90 e7 92 0f 14 0c 6e 31 d3 b7 f9 ff 00 3e d4 80 e3 24 7e 19 a7 2f b7 1f 4a 41 f7 48 cf 6c 1f f3 f8 50 03 86 76 f7 fc 8f f2 a7 2f 39 23 a7 3e f4 c5 ec 06 3a 77 eb 4e 07 d7 ad 04 8f 6f bb c5 19 cb 7a 7d 3a e6 9a 4e 14 8e f4 64 6e e7 d6 80 1c 30 79 eb 4e 07 38 cf 4c 53 41 f9 78 e7 1d ff 00 1a 55 23 6e 49 c7 ad 26 36 3f 93 cf 53 8c f7 a5 c9 3d 0e 47 e3 de 99 f5 e0 e0 d3 bd fa 54 92 3b 38 5c fe 7e d4 e1 cf 1f 8f ff 00 ae 9a bc 2f 51 c7 a7 d2 97 1d 88 ff 00 eb 7d 3a d1 60 1d cf 41 Data Ascii: B=6})\|t T~e<cnLCV.:u^84u{tSx'?6Gn1>$~/JAHlPv/9#>:wNoz}:Ndn0yN8LSAxU#nI&6?S=GT;8\~/Q}:`A
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: ee c7 1c 31 1d 87 b5 3b 71 ed e9 d7 9e 94 12 4c a7 0b 81 d8 d0 1b 2b cf 19 eb 8a 8c 31 1c 67 d8 73 46 ef 97 8c 50 1b 93 17 3b bd 7a e4 ff 00 9f 5a 4d d8 e8 be f8 c5 45 b8 1f 50 3d fe b4 bf cb 91 fe 7f 1a 09 1e c4 15 ce 09 ff 00 3d e9 09 c7 27 90 31 d6 9a cc 3e a3 bf bd 04 81 d4 73 9e bd 33 eb f9 fb d3 b0 c4 63 e8 71 d7 83 4c e7 69 03 96 c1 fd 29 49 27 a9 f5 ff 00 3c d3 49 fc 46 31 57 10 23 97 ee f2 70 3a 7b 73 fd 2a 36 e7 8c 60 8e f4 f7 23 b9 03 f1 a8 9f 1b b1 c9 f7 3d 73 5a 08 32 07 5e 3a f7 a6 be 33 f8 fb 7a d2 e7 27 9e fc f1 4d 61 95 cf f4 e2 ad 0d 91 37 2a 73 c9 ee 4d 44 dc f3 fa 62 a5 fe 22 7f 5f 61 fa d4 6d 9e d9 c6 3b 75 ad 50 88 65 05 7a 64 9e 83 de a3 61 f3 54 b2 01 d7 1f 8f e1 51 1f 71 db a0 e3 b5 6a 98 0d 61 8e 08 cf 52 6a 33 91 c7 53 ed d7 8f Data Ascii: 1;qL+1gsFP;zZMEP=='1>s3cqLi)I'<IF1W#p:{s6`#=sZ2^:3z'Ma7sMDb"_am;uPezdaTQqjaRj3S
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: c7 3d 00 23 a7 a7 af ff 00 ae 9b 9c f1 c6 3d 8f 1f 97 5a 06 2e 73 93 d8 67 df 1e d4 67 a0 1c 9e 29 31 d0 f7 fc a8 20 05 c8 f4 e3 9e d9 e7 35 23 42 f3 d7 d4 75 20 7f 9e 94 9b 48 5e 3a 7a ff 00 fa a9 57 8c f6 6f 5f f3 f5 fc a9 c7 1d 3d fa 7f fa e8 b8 30 c7 cd 9e 83 fc f5 a6 e0 06 04 f4 eb f8 53 89 c2 1e 87 f4 00 f3 8a 1b 03 a0 c0 04 f0 47 35 22 1b ef e9 c5 23 77 24 e0 8c f5 ed 8f d6 9c c0 f4 ee 3a 13 d0 7f fa e9 af 93 80 38 38 38 f5 f6 a4 c0 63 f7 c6 3f 13 4c 60 07 41 d3 d7 ff 00 ad fe 7f 2a 7b 73 c0 e3 3d 39 ff 00 3f e4 d3 79 e8 7a 71 fa ff 00 f5 e9 0e e3 39 27 04 60 8e 3f 1f fe b5 34 e4 f7 e8 39 e9 da 9c c3 19 c6 40 1d 3d bf ce 68 23 3d ba 1e ff 00 d7 de 80 b8 dc fc b9 1d bb 53 09 21 70 3a 77 e7 d3 da 9e 7b fd 2a 32 0f a7 1c fa ff 00 87 4a 04 19 ce 73 8e Data Ascii: =#=Z.sgg)1 5#Bu H^:zWo_=0SG5"#w$:888c?L`A{s=9?yzq9'`?49@=h#=S!p:w{2Js
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: f4 0e c0 d9 0c 58 71 f9 63 f5 a5 dc 36 e0 f2 01 1c 0f 7a 63 10 17 d3 00 92 45 34 9f 94 e4 e7 a7 eb fc ba 7e 14 05 89 32 77 73 f8 e6 80 70 d8 07 91 d3 db 8a 61 3d ce 29 01 3b 40 23 1c e6 81 92 13 e9 9e df 5a 43 cb 72 3f 3f 7f f3 d6 93 03 6f 4e a3 07 1c f3 df 3f e7 fa 53 58 f5 c6 3b ff 00 9f fe b5 00 39 9b 3c f7 1c f1 eb 48 73 bb 1d 7a e7 8a 42 c0 36 07 5e 78 ff 00 3f e4 52 12 08 04 fa ff 00 9f ae 69 31 30 e9 d3 8c 71 f4 ff 00 3e b4 99 ca f1 cf a9 1e 94 9b b3 d0 82 79 cd 05 81 e4 1c fa 1c e7 fc f4 a0 2e 29 3b 7d fd 86 3f 0c 7a 53 47 de 19 ef f4 18 a3 07 f9 9a 3a 37 e7 f4 c6 3a 1c fe 94 c6 03 95 07 18 ce 68 1c 72 54 71 fc f3 4d 04 72 07 42 3f 3f 5a 32 42 13 eb 9c 74 39 ef f9 d0 01 cf 5c e4 93 fe 7b 51 9e e3 8f f3 da 8c 80 e0 76 3d c6 3f 9d 35 8e dc 12 4e 00 Data Ascii: Xqc6zcE4~2wspa=);@#ZCr??oN?SX;9<HszB6^x?Ri10q>y.);}?zSG:7:hrTqMrB??Z2Bt9\{Qv=?5N
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: 9e 3f cf d4 54 fa 6d ad c5 f5 c0 8a 15 dc cd 83 8c e4 85 ce 0b 60 75 03 93 c6 70 3f 3a ab 21 03 a7 cb ea 33 c8 1d 87 f9 ff 00 1a ee fe 0b e9 33 6a be 24 d3 5e cb 29 79 15 d2 4b 0f a4 c6 22 58 80 73 d4 82 c3 67 7c 0e bc 8a ae 85 a5 76 92 2e 78 57 e1 b6 ad ad db 69 f2 2e 99 2f d9 de dc 24 f7 1c 32 bb 09 a4 4d ab ea 4a ec 00 77 ca 9e 99 35 f5 6f c1 2d 13 fe 11 2f 05 b5 a3 46 25 be 9a 53 00 1b 82 aa 93 1a 06 50 de 82 4d fc f7 27 f1 ab 5a 06 99 a3 e9 96 31 2e 9a f0 98 c4 c2 5b 36 78 82 7d 96 27 c1 5c f6 3b 41 db d4 13 81 df 39 a7 e2 7f 10 e9 7e 16 d1 6c e3 86 e7 7c 96 6f 24 d1 4b 21 0b 99 18 e0 12 4e 00 08 0b 12 c4 60 31 1d f0 2b cd ad 26 f5 b9 f4 b8 2c 1a a7 2d 16 ac d4 f1 74 8f 6b a0 ea 8f 73 7a a2 da d5 82 bc 92 02 11 9c a8 25 41 f4 51 c7 be 7b f4 3e 47 0e Data Ascii: ?Tm`up?:!33j$^)yK"Xsg\|v.xWi./$2MJw5o-/F%SPM'Z1.[6x}'\;A9~l\|o$K!N`1+&,-tksz%AQ{>G
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: b3 c8 e0 02 73 8f cf 9a d8 54 80 1c 81 cd 55 9e e9 16 66 8d 64 8f 72 f2 54 b6 38 a8 44 77 5f 63 28 8e 7c ce 06 4f cb 8e 84 fa 8a 7c c8 95 16 58 bd d4 ed 60 93 6b c8 a0 8c 71 e8 09 c0 3c 7b d4 43 5a b5 37 22 03 71 10 90 8d ca 9b fe 62 33 8c e3 ae 32 40 e9 d6 b2 b5 0d 39 df e7 72 0b 10 37 a8 fb ae 00 03 a9 f4 03 e9 d2 b8 ad 5f 42 f1 0c 3a b4 f7 5a 5b f9 f0 cb 6c 23 8f 93 b9 30 1f 2b 80 09 ce 58 1c 8c f0 07 d6 b3 95 49 23 48 d3 4c ef f5 2f 10 da c3 70 22 e5 db a9 da 47 41 d7 f2 e2 9b 6d ae da 5c b4 87 27 6a 46 58 1f ef 0c 03 c7 e7 d6 b9 8d 1f c0 1a f6 ac 91 4f a8 df c9 61 13 dd ac d2 a1 c3 4a f1 aa f0 bc 60 2f 24 f6 e0 67 d6 bb 8b 1f 07 e8 b6 d6 6d 6c 21 63 1b b8 69 01 73 97 20 01 82 73 9c 60 0e 06 07 5f 5a 22 e7 2d 45 28 c6 24 5a 55 fa df 43 6e 60 52 1a e2 Data Ascii: sTUfdrT8Dw_c(\|O\|X`kq<{CZ7"qb32@9r7_B:Z[l#0+XI#HL/p"GAm\'jFXOaJ`/$gml!cis s`_Z"-E($ZUCn`R
2025-01-15 01:52:48 UTC	16067	IN	Data Raw: 24 d2 13 50 81 a1 b7 94 ee 72 c0 48 a0 12 30 48 38 23 a7 71 eb d2 bc 13 e2 e6 9c d6 5e 61 8b 08 c5 82 cc ad f7 b7 28 ce d2 33 d3 95 24 93 8c 91 ef 5f 33 88 a0 e9 d4 b9 f6 78 5c 42 ab 4d 1f 38 6b da 24 ba cd f3 e9 f6 71 a9 bb 68 cc a2 49 a6 11 89 18 1e 54 12 40 27 1c e7 3c 9e 9d 39 fa 3f f6 25 f8 37 a8 ae 82 ba b5 fb c9 a5 5f c1 70 19 2e a1 8c 3c 77 50 9c e5 31 9d 8c 3b 12 46 e1 d3 b0 35 4b f6 65 f8 3f ad eb 1e 32 be d4 b5 19 ed ff 00 b3 fc b5 44 b9 89 81 d9 83 b8 18 c8 dc ae 0e 59 0e 18 60 e7 d3 15 f5 df 86 b4 9b 4d 0b 49 8e ce d9 15 76 00 19 80 0b bc 80 06 e2 00 00 12 00 e8 00 af 5b 0f 09 4e 29 4b e1 3c 9c 5d 58 d3 6f 97 e2 65 b8 2d e0 b1 b1 8e 08 86 d8 e2 50 a3 93 c0 fa 9c 9f f0 aa 32 ea 91 bd fa 5b c4 fb 91 e0 32 99 06 36 e0 10 08 e7 9c f3 4b ad ea 91 Data Ascii: $PrH0H8#q^a(3$_3x\BM8k$qhIT@'<9?%7_p.<wP1;F5Ke?2DY`MIv[N)K<]Xoe-P2[26K
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: b4 ad 49 a6 d3 2c a3 b8 81 18 c9 f6 9b 58 64 55 da 39 cf 04 8e 06 78 2a 3b 8e 2b bf d1 34 ed 0f c4 1a 65 9f da a6 57 91 90 2d b4 e2 5c 18 a4 03 25 55 fe f2 8f 60 48 03 b7 07 16 ec 2e 34 99 94 07 4b c8 ee b6 86 8a 57 d8 e1 d7 82 14 48 a0 06 c1 ce 0e 55 b8 1d 73 50 49 0f 87 53 56 92 da 3b 88 34 f9 ef 9c 89 ec a5 04 db ce c0 f2 36 b6 0c 6c ad c8 21 b2 0f 38 e7 99 b7 51 f3 68 61 f8 d3 c0 d6 3a 92 48 97 cd 73 67 70 01 61 75 21 08 41 20 61 c9 04 47 28 6e e4 00 de bd c5 79 0f 8e fc 25 e2 2d 02 1f b3 dd 69 8d 25 9e 41 49 e3 97 cc 8c 8e cc 8e 00 e3 91 c1 00 f2 2b da bc 71 6d 69 69 6e 91 5f 24 81 55 c8 56 96 06 92 32 41 23 89 50 ab ab 8f 7d d9 1d 8f 53 9f a6 cf 14 76 3e 56 9c f1 cf 69 bb 05 45 c7 9d 1c 44 f4 e3 21 d4 1c 77 52 3b f1 5a 53 93 44 5a e7 cd 91 e8 76 f3 Data Ascii: I,XdU9x*;+4eW-\%U`H.4KWHUsPISV;46l!8Qha:Hsgpau!A aG(ny%-i%AI+qmiin_$UV2A#P}Sv>ViED!wR;ZSDZv
2025-01-15 01:52:48 UTC	16384	IN	Data Raw: 32 98 05 70 3b fa f7 a4 24 f4 a5 53 9e 47 03 df f9 d1 8e 73 db 3d 28 33 15 4f 63 4a 09 3d 7f 0a 45 c7 4f f3 cf d6 8e bc f3 c7 4f 7a 68 07 8e 7b 54 96 e8 1e 60 a4 e0 7a 9e b4 96 db 0b e4 f4 f4 f5 ab 33 72 01 00 0e 28 65 a2 1b b5 8e 29 31 13 ee 18 e4 9e 3f 91 35 18 f7 c8 fe 94 8d 92 c7 b8 fe 74 12 72 3d 73 e9 ff 00 d7 a6 4b 1d 90 79 38 c9 e7 9a 76 49 7e 37 74 c7 4a 8f eb f5 ff 00 0a 70 3e b4 0c 79 24 a8 1d 69 41 c2 f3 8a 8c 11 d3 f4 e2 9c 08 da 33 d2 81 a1 de d4 a4 e1 79 e9 8f fe b5 46 d9 3c 91 8f d6 97 23 d3 19 e9 e9 40 98 fd d8 5c 76 f6 fc a8 1c 70 7a 54 6c 79 23 27 3c f4 a5 0f 9f af 6a 68 63 c1 1d 7b 74 e6 83 fa 9c 66 a3 c9 e3 1f ca 9d bb 0c 31 f8 8a 04 d1 26 7e 5f 7f 6e 29 0b 12 b9 1d 0f 43 ef 4c 2d 9e be dd a9 37 7c bf 78 ee 1d e9 85 89 0f a6 0f 3d 45 Data Ascii: 2p;$SGs=(3OcJ=EOOzh{T`z3r(e)1?5tr=sKy8vI~7tJp>y$iA3yF<#@\vpzTly#'<jhc{tf1&~_n)CL-7\|x=E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	50179	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 01:52:48 UTC	375	OUT	GET /th?id=OADD2.10239405475857_1HVCAGG6HX6F987D5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-15 01:52:48 UTC	863	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 349448 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: AA0D00680B434543A4A2DDFB3E5855A9 Ref B: EWR311000108023 Ref C: 2025-01-15T01:52:48Z Date: Wed, 15 Jan 2025 01:52:48 GMT Connection: close
2025-01-15 01:52:48 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 f4 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 3a 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 ac 87 69 00 04 00 00 00 01 00 00 00 c0 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 36 2e 32 20 28 32 30 32 34 31 31 32 37 2e 6d 2e 32 38 38 35 20 31 37 39 37 34 33 31 29 20 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 32 3a 31 33 20 31 30 3a 30 38 3a 31 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 Data Ascii: JFIFHHExifMM*bj(1:r2i``Adobe Photoshop 26.2 (20241127.m.2885 1797431) (Windows)2024:12:13 10:08:14
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 78 4c d3 d5 3f 3e b5 0e 40 44 a0 0a 5d b8 e3 b5 4c 17 20 7f 3a 55 4e 95 1c c1 72 2d bf 9d 2a a6 79 a9 42 fe 94 ed b9 fe be d4 b9 89 22 09 eb d6 9e 53 1c fa 53 d7 da 94 2f 63 ce 7a 8a 9e 61 32 30 07 5a 4c 1e f5 2e 01 c5 05 7e 5f e9 4d 48 08 f1 8e 7d 29 48 fd 69 f8 c7 4a 52 01 ea 2b 44 c2 e4 58 cf 34 01 dc d4 8c 33 4d e2 a9 31 0a 3d a9 47 0d 93 f4 a4 03 14 e1 c7 14 0e e3 97 b0 34 f4 fb c0 fb d3 53 d0 d3 97 96 e7 91 51 2d 84 4a a7 3d 2a 45 03 77 35 1a 83 52 46 07 e1 5c f2 02 55 1f 8d 3d 0e 31 8e be d5 1f 3c 54 8a 40 ce 6b 26 09 12 03 eb 4e 5f bb d6 98 08 ed 4e 42 47 b6 7b 56 6c 64 91 f3 cd 4a a6 a2 5a 95 45 48 89 22 19 e2 ac 25 43 1f e7 53 46 3d 6b 39 30 24 5c d3 82 fe 1e c2 90 0f 97 14 fa 80 1c a3 1d 29 cb cf 4a 6a 8c 75 a9 00 f5 6f c6 90 ee 2a d3 97 ef 66 Data Ascii: xL?>@D]L :UNr-yB"SS/cza20ZL.~_MH})HiJR+DX43M1=G4SQ-J=Ew5RF\U=1<T@k&N_NBG{VldJZEH"%CSF=k90$\)Jjuo*f
2025-01-15 01:52:48 UTC	4144	IN	Data Raw: b5 3f 38 f7 ac d8 0e 5a 78 35 18 39 ff 00 1a 50 7b 1e dc 54 01 2a 9f 4e a2 9e 3d 7f 5a 89 4e 3a d3 c1 ed df eb 52 c0 90 7b fe 79 a7 af b7 38 a8 77 0e d4 f5 63 59 b2 89 41 eb eb 4f 0d d8 54 20 9e 3f 3a 5d dd c7 5a 86 09 13 06 f9 87 ad 2e fc f3 eb de a2 dd 8e 33 46 ea 40 49 b8 75 cf ff 00 5a 93 76 38 a6 6e ef eb 46 ef ca aa c0 38 93 de 93 38 5c ff 00 91 4d cd 19 c7 b7 e3 57 11 30 27 0b 4c 6f bb ce 7f 1a 52 df 37 1d a9 92 37 3e f9 ad 50 86 bf de cd 42 ff 00 51 9a 97 82 3f 53 51 f5 c9 3f 5a de 24 91 b0 f6 a6 30 ed 52 9f 41 4c 61 da b5 40 33 ae 4f 6a 3f a7 a5 2f 4e 28 db 8c 93 56 81 b1 31 8e 7d bd 69 08 ea 07 4a 5e 79 c8 a4 fe 74 c4 07 8e 7b d1 d3 d3 e9 47 5e bf 85 19 c6 31 40 c3 d3 d6 9a 46 7f 3a 50 0f 6f d2 85 1f 30 c9 a9 28 6e 3e 61 83 ed 4b b7 f3 cd 3b d3 Data Ascii: ?8Zx59P{T*N=ZN:R{y8wcYAOT ?:]Z.3F@IuZv8nF88\MW0'LoR77>PBQ?SQ?Z$0RALa@3Oj?/N(V1}iJ^yt{G^1@F:Po0(n>aK;
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 4c 27 d6 a3 98 63 4e 47 4f 4a 8d bd fa 53 9b 3d a9 ae 4f 3e f4 5c 06 13 9e 7a e6 9a 46 7d 8f 5a 5c e5 a9 a4 8a 39 80 8d 87 f8 d3 48 f5 fa 54 9e dd 78 a6 b6 2a 94 85 72 36 e9 4c 3c 73 fc e9 ec 3e 5e 7d 2a 36 c0 e0 f4 ab 4e e3 1a 4e 32 7b d3 49 ef da 91 8e 79 14 87 9a 62 60 72 28 f5 06 91 a8 ce 17 34 08 0f f4 c5 19 1f 8d 26 7b 52 1f 43 db a8 a0 62 e7 3f 4a 5d df e7 8a 66 7f 2a 01 cd 03 1f 9c f3 d2 93 3e 9f a5 37 71 fd 7f 5a 42 7b 03 da a5 a0 17 27 bd 36 43 d8 52 33 7c de 80 fb d3 33 9e 3d 3a 50 90 d0 ae 71 cf cb fa d3 09 f5 a5 38 db 9f 4a 61 23 d7 9a a0 62 93 95 23 b9 a6 37 2b 9c 64 d0 4f cd 4d 62 73 cf f9 c5 34 4b 06 cf 4e e3 8f 6a 89 c8 db 4f 63 4c 6f 4e f5 48 63 1b d0 ee a8 fa f4 a9 1b 96 23 de a3 63 d8 f4 aa 40 47 20 ef 51 b7 4a 99 c8 39 1b b8 35 1b 71 Data Ascii: L'cNGOJS=O>\zF}Z\9HTxr6L<s>^}6NN2{Iyb`r(4&{RCb?J]f*>7qZB{'6CR3\|3=:Pq8Ja#b#7+dOMbs4KNjOcLoNHc#c@G QJ95q
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 74 f4 5e 9f 9d 46 bf ad 49 19 cf f2 a5 70 1e a3 b1 1c 1a 70 ce ec fa 52 2f 38 f5 a7 27 f3 a5 70 1e 07 63 c6 78 a7 80 77 7f 9e 69 80 1d b8 1f ad 3c 63 ae 05 2b 80 e5 1e 9d 7d 29 ff 00 4a 68 18 e9 4e 1c f5 ea 29 00 52 92 37 60 f1 9a 45 c7 e5 4b 90 38 14 ae 02 36 3a 70 47 4a 42 69 41 a6 82 37 60 8e 9d 85 43 60 21 a4 6f 41 f4 a1 8d 37 3f 2f f9 14 80 46 ef cd 37 39 50 7d f0 7f 3a 59 08 eb d4 7f 3a 66 7d 7a d0 8a 06 34 84 f6 eb 41 20 7f 3c d3 58 e3 d2 86 01 9e df 8d 01 b9 c9 a0 1c b6 71 4d ce 39 ff 00 3c 52 01 fd 68 cf e7 9e f4 d0 7e 61 8f c2 97 27 6e 68 01 dd 38 f6 e0 d2 e7 9e b9 a4 07 3d 7f 5a 3a 75 f4 aa 0e a2 37 6c fe b4 d6 f5 3c 53 db 1d 0d 35 b9 e4 d3 45 a2 36 1f 8d 31 97 d4 62 a4 23 d7 81 4d 60 3b 74 fd 2a c5 72 07 c8 e3 1f 9d 46 41 fd 6a 79 30 30 33 8f Data Ascii: t^FIppR/8'pcxwi<c+})JhN)R7`EK86:pGJBiA7`C`!oA7?/F79P}:Y:f}z4A <XqM9<Rh~a'nh8=Z:u7l<S5E61b#M`;t*rFAjy003
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 63 5c b1 d2 6e 62 82 ee 5d bb f2 22 24 67 24 00 4f b9 20 73 f4 cd 76 7b 08 25 ab 3b 69 e1 94 ba 6a 7c e7 f0 f7 e0 06 b1 3d c1 b3 d7 f4 c8 a1 7b 6b c0 b3 ca 66 dc 97 10 30 38 92 22 0f ca c0 8c 6d 23 90 7b 75 ad 0f 1d 7e cb d7 16 70 dc cf e1 ed 47 cf 50 4b 5b c3 33 61 f1 8c 6d 27 18 27 3d fd 3d 2b dc 2f 7c 43 13 5b fd a6 d2 58 a4 77 51 9d 8d cf a8 61 9c 64 60 f6 ae 67 5d f1 96 b1 6d 1d c3 42 44 ad 6a 0b 4b 03 02 37 20 c6 4a 37 72 01 ce 3b 8f ca 8f 67 03 a1 61 22 d6 c7 cb 7e 2a f8 59 e3 1d 0d a2 37 3a 5b 34 73 c2 24 46 1d 79 38 da 47 62 0e 06 32 3e f0 f5 ae 29 91 95 89 c1 52 0e 08 61 8e 7b 8c 1f 4a fb 77 46 f8 87 a5 6b 36 31 58 78 8a c8 22 dc 1d 8b 23 2e 63 7e 31 9d c4 70 47 1d eb 87 f8 d1 f0 12 c7 5b be 9b c4 7e 14 91 4c 97 12 09 2e 6d 43 05 de 00 19 28 71 Data Ascii: c\nb]"$g$O sv{%;ij\|={kf08"m#{u~pGPK[3am''==+/\|C[XwQad`g]mBDjK7 J7r;ga"~*Y7:[4s$Fy8Gb2>)Ra{JwFk61Xx"#.c~1pG[~L.mC(q
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: e3 4f 9c 3b 4f 73 16 63 5c a1 40 ea ac 55 4b 03 90 09 e4 70 07 ad 70 55 f7 66 ed d0 ed a7 2b c5 5f a9 e8 17 16 de 12 f0 17 81 ff 00 b1 6d af 16 f6 fe f2 39 5a 7b a3 03 a8 40 c0 a8 53 81 95 00 0c 60 f2 70 d9 3d ab e7 ff 00 8a ce 9a 87 86 58 41 61 6d ba 59 d1 e5 9b cd dc c5 9c 03 85 63 db 2d 9c 93 fd 6b a6 f1 b5 fe a7 a0 df de d9 3c ab 7d 63 2d c8 36 53 14 03 ec d9 24 96 70 33 b9 8e 40 2b 8c 37 51 83 d7 91 f8 93 3c 7a d7 83 50 5a b4 a9 78 4b 45 72 ad 18 d9 b9 49 1b 97 1d 32 08 38 ed b8 f5 e6 ba 30 d1 d5 49 98 57 96 8d 23 07 c0 a6 3b 0d 3d c5 fc 9c b1 0b 1c 25 b6 16 db 22 82 ac 3a e0 72 71 ea a3 e8 73 3c 4f a8 cb 71 ad 9b 88 a0 ff 00 8f cc ca fb 70 76 28 c0 27 23 a0 27 fa 56 25 fd eb df 6b 65 d3 cc 09 1d b8 f3 1c f7 2a 30 48 03 a0 24 e7 15 d4 6a 1a 52 58 78 Data Ascii: O;Osc\@UKppUf+_m9Z{@S`p=XAamYc-k<}c-6S$p3@+7Q<zPZxKErI280IW#;=%":rqs<Oqpv('#'V%ke*0H$jRXx
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: b4 a3 8e b5 20 39 47 41 8f c6 9e 0f cb c7 5a 62 fa 7f 5a 7e 79 eb c5 0d 14 07 8f 7a 51 fa 8a 41 ce 78 f6 a0 0e bd ea 49 1f 4f 1c f5 fa 54 40 e5 bd fd e9 f9 f9 68 01 f8 23 ae 29 ca 7a 0a 60 fb bc 52 f1 d4 7e 34 80 7e e2 39 a0 9a 68 34 84 fe 5d 29 80 ac 48 e2 93 34 84 f5 02 93 39 e9 d6 80 11 bd a9 09 f4 e4 1e b4 8c 7d e9 a7 3f ca aa e0 3b 39 a4 ce 1b e9 49 f4 eb 41 ef 8a 0a 17 39 eb 4b 9e ff 00 fd 6a 66 73 c8 fc a8 eb cf 41 eb 40 0f 0c 39 c1 a7 a9 07 da a3 03 b5 39 73 da 80 24 ce 31 cf 5e b4 03 8f e2 eb dc d3 3a 1a 3f c3 bf bd 00 49 9c e4 9a 09 f9 b9 a6 af 3c 77 a0 9f 5e b4 9e e4 88 48 1d e9 84 e7 3e df 9d 2b 1e d4 c6 60 38 da 28 01 5b 1d cf 14 de 76 d0 49 2d 48 c7 0b 9a 10 0d 3e 9d e9 b9 ec 3a 8a 71 e7 ad 37 af 5a 63 e8 19 23 ad 35 8e 7e bc 50 dc 73 da 93 Data Ascii: 9GAZbZ~yzQAxIOT@h#)z`R~4~9h4])H49}?;9IA9KjfsA@99s$1^:?I<w^H>+`8([vI-H>:q7Zc#5~Ps
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: a9 10 2f dd a7 93 f2 e0 fe 94 c0 31 8a 5c fe b4 00 a4 9f f1 a6 b1 c7 52 68 26 a2 63 f3 64 74 a7 60 15 89 db c7 5a 63 13 bb d6 9c 4f 6f ce 9b 80 5b 8e 69 0d 89 c9 f6 a5 03 3c 76 a0 0e c3 93 4e 03 f3 a0 42 11 db b7 b5 21 14 fc 75 34 30 05 68 28 6a 8c f5 a1 79 a7 11 8e 68 02 80 1c a3 1c 77 a9 23 19 e2 9a 9f 7b 35 2c 6a 76 e6 93 04 70 14 ab 9a 40 3b d3 97 d6 bb 4e a1 72 47 34 e1 ed 4d cd 2a 9f 4a 09 1c bd 69 df 5e f4 8a 69 68 01 7f 4c 50 3d e9 78 ed 4a a2 a4 00 0c 2d 39 4e 3a 52 01 e9 4b c7 4a 18 31 47 14 a0 f4 a4 a5 5e d5 24 8f 5c 6e c5 3d 0e 2a 3c fa 9a 7a 9a 86 0c 7e 7b d2 9e 69 b9 34 ef a5 22 40 7e b4 0e 56 80 69 c3 8e 29 30 13 1e 94 9e d4 e2 32 b4 da 40 1e fe 94 87 9e 69 71 de 90 fd df 6a a0 11 ba 53 4f b5 29 a4 cf 6a 00 5c e3 8c d2 f5 eb 4d c8 a3 20 2d Data Ascii: /1\Rh&cdt`ZcOo[i<vNB!u40h(jyhw#{5,jvp@;NrG4MJi^ihLP=xJ-9N:RKJ1G^$\n=<z~{i4"@~Vi)02@iqjSO)j\M -
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 4a be 94 30 1e 06 17 8a 7a 0c 53 57 8f 5a 7a 8a 80 1c a3 0b c5 07 8e 7d 68 5e b4 60 0e 69 6e 01 81 4a a2 94 01 d0 0a 72 8a 0a 1c 83 bd 58 8f 23 19 a8 e1 5c 62 a6 41 81 49 92 79 98 f7 a7 2f 5a 00 ed 4e 03 f2 ae f3 a0 07 14 a0 52 01 8a 70 19 a0 07 2f 4a 75 34 7a 8a 72 8a 05 71 40 a5 a2 8a 91 3d 42 94 1f 43 48 46 28 a0 03 f8 b3 45 23 51 ee 6a 40 5a 51 c7 34 9d 3a 51 48 91 f9 a9 14 e6 a1 53 9a 72 9e f5 2c 09 81 a7 03 8e 0f 5a 88 1e f4 ec 8a 40 28 6e bf 95 00 fa 52 67 d6 8c 8a 09 1c cd e9 4d 63 de 93 3f 36 69 32 69 d8 a0 3c 37 14 84 fa f1 48 4f cc 4d 26 73 cd 31 dc 5e bd 69 b9 f5 a3 26 85 eb 54 21 73 da 93 a1 a3 26 8c 8a 00 3d a9 7f 8a 81 ce 29 28 01 cd d2 81 ef 42 f4 a3 3e b4 98 0e c8 a0 70 d4 83 d3 d6 81 93 d2 90 00 18 e7 b5 0b c7 3d a9 d8 a4 23 34 05 c1 79 Data Ascii: J0zSWZz}h^`inJrX#\bAIy/ZNRp/Ju4zrq@=BCHF(E#Qj@ZQ4:QHSr,Z@(nRgMc?6i2i<7HOM&s1^i&T!s&=)(B>p=#4y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	50175	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 01:52:48 UTC	346	OUT	GET /th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-15 01:52:48 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 352481 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 68551348043047ABB3FF010CAB658FCF Ref B: EWR30EDGE1407 Ref C: 2025-01-15T01:52:48Z Date: Wed, 15 Jan 2025 01:52:48 GMT Connection: close
2025-01-15 01:52:48 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 32 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 32 34 20 31 31 3a 30 33 3a 32 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.12 (Windows)2024:10:24 11:03:298C
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: c2 28 f9 a9 ed 4d 51 9a 30 d4 5c 6a 40 a0 6d a2 9d 96 a2 95 ca b2 33 30 29 68 5e 68 6c 57 49 cb b0 50 d4 b8 a1 b9 a0 a4 20 38 a5 ce 69 28 51 4f 61 8a d4 94 ea 3a d2 01 b8 f6 a2 97 ad 2d 00 27 b5 1c 52 53 be 5a 00 4c 66 8c 52 d1 9c d0 03 69 d4 37 dd a3 19 a0 03 f8 a9 b4 e6 34 63 da 9d c0 33 f2 d2 30 f4 a5 c6 69 70 69 00 ca 29 d4 37 b5 56 c0 20 14 ad 47 cd 4a a3 35 2d 80 9f 29 a3 18 a5 c7 cd 8f bb 4e da 0d 2b a0 19 8f 6a 6d 3f a3 62 93 1e d4 c0 6d 39 68 c0 14 ea 77 01 b4 b8 c5 25 0a 33 48 01 45 2e 3f d9 a4 e4 35 3f 27 bd 0c 04 50 69 31 f2 d3 94 f7 a5 c7 cb ef 4a e0 36 85 e2 8c 35 28 df 43 00 c8 0b 4d 26 9c c3 e6 c5 23 0c 74 a4 02 a5 3b 27 77 b5 35 b8 a4 63 9e b4 00 ac 33 cf cb 48 b4 7d 69 55 4d 00 1b 73 42 8c 75 a5 53 4e f9 4d 17 60 46 c3 e5 cd 00 66 9d 8f Data Ascii: (MQ0\j@m30)h^hlWIP 8i(QOa:-'RSZLfRi74c30ipi)7V GJ5-)N+jm?bm9hw%3HE.?5?'Pi1J65(CM&#t;'w5c3H}iUMsBuSNM`Ff
2025-01-15 01:52:48 UTC	4144	IN	Data Raw: 6a 29 71 41 2f 5d 84 fa 51 95 a3 a5 2e 32 b9 a0 49 5c 4a 31 ed 45 18 c5 05 24 2b 0a 4a 77 5a 4f a5 03 ea 20 18 a2 9d 8c 2d 26 0d 01 a0 94 63 da 9d 8f 6a 75 2b 86 c4 74 ab 81 4a ab 8a 18 52 e6 0d 46 d3 9a 85 c0 a0 0c d2 b8 9d c4 c5 0b 4e c5 18 c5 36 c4 90 dc 62 97 0b 4b 8f 97 9a 30 69 5c a1 0e de 82 9b 4e 51 4b 8f 9a 98 9a b8 ca 5c 53 98 66 93 1e b4 26 2b 30 a5 e9 46 3e 5e 28 c0 14 ae 56 a1 8a 5f 96 8a 3e 53 48 06 d2 fd 28 20 76 a3 04 ad 01 a8 a4 6d a3 19 a1 71 d2 97 a5 00 22 fd de 68 6c 51 f3 1a 1b 34 00 2f bd 14 bc 6e c5 14 01 45 70 29 57 d6 85 c7 f0 d2 b1 c5 74 33 9c 46 38 e9 43 64 ad 2b 62 85 a0 5b 88 a0 0a 56 23 6e 05 23 71 42 8a 35 10 9c 96 a7 e3 e6 a1 48 a3 a5 05 09 fc 5f 76 8f bb 47 56 e1 a9 5b ff 00 1e a3 50 06 14 63 34 b8 f4 a4 e7 76 05 00 27 fc Data Ascii: j)qA/]Q.2I\J1E$+JwZO -&cju+tJRFN6bK0i\NQK\Sf&+0F>^(V_>SH( vmq"hlQ4/nEp)Wt3F8Cd+b[V#n#qB5H_vGV[Pc4v'
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: ec 91 16 7f 88 50 b4 fb 85 86 d5 73 73 77 6d 06 ef bb e6 4c 16 a9 ea ba be 85 a5 b6 cb ed 66 da 17 6f e1 0d bf f9 56 15 31 54 69 fc 73 4b e6 75 d1 cb b1 75 9d a9 52 6d f9 26 59 53 8e 4f cb 4e cf 7a 6c 32 41 34 2b 3d b4 f1 cf 1b 7f 14 7f d6 9c a5 87 15 a2 92 92 ba 7a 1c d3 a7 3a 72 71 9a b3 11 b9 a3 18 ea b4 bd 29 71 9a 66 6c 6f fc 06 8e 94 ac 71 49 40 5a c2 f0 7a d0 c3 d2 95 85 1f 5a 00 45 f7 a1 86 78 14 ad 8a 3f 8a 81 ae c1 8c 36 68 a5 c5 1c 7e 14 0e cc 69 e2 92 9d 41 fb d4 12 e2 26 29 73 4e a4 c5 05 09 9f 9a 9d 4d 40 43 52 f3 40 6a 1c 52 1e 29 73 4b 40 b7 19 8a 5c 0e 94 37 fb b4 29 a0 4a c1 8f 6a 5e 05 2d 27 7e 28 2a c8 0f 3f 7a 8c 52 d1 40 09 8f 4a 5a 33 8a 4c 8a 4c 2c 05 68 50 b4 35 1d 78 a2 e2 b2 b8 6d f4 a3 18 a3 34 b4 c2 c8 4e 29 68 a3 f8 a8 18 51 Data Ascii: PsswmLfoV1TisKuuRm&YSONzl2A4+=z:rq)qfloqI@ZzZEx?6h~iA&)sNM@CR@jR)sK@\7)Jj^-'~(*?zR@JZ3LL,hP5xm4N)hQ
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: a0 02 97 07 6d 25 2f 4a 4d 95 18 88 d4 51 45 32 58 51 45 14 00 51 8f 6a 28 a0 02 8a 28 a0 02 8a 5c 52 fc b4 ae 52 8b 10 0a 56 e2 8f a5 1f c3 48 a4 ac 36 95 68 c5 18 a0 95 16 0d 45 0b cd 14 ec 4e af 62 b6 3d a8 c6 29 71 fc 54 01 5a 98 59 b1 a4 d2 f0 56 9c c0 74 a6 b8 1d a9 dc ae 56 90 2e 29 78 a3 9a 5e 3b d2 bd c6 83 01 a8 f9 45 2f 4a 38 a0 3f 31 1b 9a 40 b8 6e 5a 96 85 34 07 a8 37 0b 91 48 a3 2d 4b d3 ad 37 8d d4 08 57 14 8a 4f 4a 73 62 8c 01 40 75 0c 7b 52 e0 1a 6e 69 dc d4 96 0a 28 e3 f8 a8 dc 69 bd 68 06 d0 a7 06 91 40 a7 63 e5 a4 07 14 ee 89 b0 28 14 b8 f9 a9 18 d2 af dd a4 50 dc 61 a9 eb eb 4b 81 4d 71 d8 51 76 16 b0 35 23 1c f4 a4 51 9a 7e 3d a8 01 ac 48 a3 71 34 30 21 a9 ca a4 2e 68 bd 84 d3 62 30 a4 51 4e a1 73 46 83 13 1e b4 7f 0d 2d 26 33 43 1a Data Ascii: m%/JMQE2XQEQj((\RRVH6hENb=)qTZYVtV.)x^;E/J8?1@nZ47H-K7WOJsb@u{Rni(ih@c(PaKMqQv5#Q~=Hq40!.hb0QNsF-&3C
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: d2 63 57 be d4 e1 8c f5 d8 ad b9 db f0 15 c8 6a 9f 14 dc b7 d8 b4 1d 35 e4 59 1b e5 69 3e fc 87 e9 5e 63 71 70 f2 49 bc b6 e9 1b f8 9b e6 af 56 f8 71 a4 5a 58 e8 e9 76 f6 cb f6 99 57 3e 63 af cd f8 56 b5 f2 cc 2e 06 9f 35 5b cd fd c7 b7 97 e6 58 ec de af 25 3b 42 2b ae ec d6 f0 8d d6 bf 79 6b f6 9d 72 28 e0 69 3f d5 c2 aa 07 1e f5 b1 3d c0 8f 85 eb 55 5a 4f 97 8a 85 98 d7 81 3b 4a 57 b5 91 f6 d4 70 fc b1 49 bb d8 96 69 4b f2 d5 0e ec d3 5c fc b4 c6 6f 97 e5 a0 eb 8c 12 44 8c f8 6e 3a ff 00 b3 57 2d c5 ac 31 f9 97 2c db 9b ee a5 55 b5 90 40 bb ca ee 6e d5 e6 3f 1e 35 cd 56 da 38 a3 b6 bc 9e dc b6 4f ee bf 8a b6 c3 d0 75 ea a8 27 b9 cb 8c aa a8 d1 95 57 b4 7b 1e a8 d7 5b ee 36 41 1a e1 bf 87 fb b5 65 e4 f2 d7 1b ab e6 4f 03 fc 48 f1 0f 86 6f 24 78 e5 fb 74 Data Ascii: cWj5Yi>^cqpIVqZXvW>cV.5[X%;B+ykr(i?=UZO;JWpIiK\oDn:W-1,U@n?5V8Ou'W{[6AeOHo$xt
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 59 17 62 ff 00 7a bc 6c 46 26 73 95 e4 ee cf a0 a1 4a 86 1a 0a 31 8f 2a 31 66 b5 b3 8a 35 c2 b6 ef f6 aa 8b 59 19 24 c8 5e 19 ab a0 bf b0 da f8 32 6e 0b de a9 dc bc 71 2e d8 eb 8f da 36 f4 3b e9 4a 32 4b 97 52 b5 bc 42 05 f7 a5 62 ed 4c c9 66 a9 21 a3 7d 4e 9b 58 53 b2 28 f7 b3 6d 55 fb cc d5 cf 6b 9a ea 47 1b 03 22 a8 6e 23 5f e2 c7 ad 4f e3 bd 42 d2 d7 4d 51 71 3a 43 1c 52 6f 91 99 bf 4a f0 df 88 da cd e9 f1 24 8c 93 ee 56 8c 79 6a ad db b5 7a d9 6e 5e f1 53 b1 f3 f9 d6 73 0c 05 2e 67 ab 3b cd 73 59 b2 8b 50 8c 5f dc f9 10 ed f9 5b 6e ed c6 b1 df 43 bb f1 96 a9 12 8b c8 e2 b1 b6 cb c9 3b 7c aa a8 3b fd 6b ce 3e d7 73 73 26 fb db 99 1b 6a 9c 2b 7c d5 dd 7c 3a bd 8e 2d 0e 7b 43 3b 2f 9a a4 b7 f7 71 e9 9a fa 59 65 ef 09 4d 4e 2f 53 e1 a9 e7 31 cc ab ba 53 Data Ascii: YbzlF&sJ1*1f5Y$^2nq.6;J2KRBbLf!}NXS(mUkG"n#_OBMQq:CRoJ$Vyjzn^Ss.g;sYP_[nC;\|;k>ss&j+\|\|:-{C;/qYeMN/S1S
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 38 e1 56 16 91 2c 41 73 b5 76 fd e2 7b f1 55 f5 bb 08 ee 34 19 a2 b9 5f 36 6f 2c fc bd 94 d7 66 12 b3 a3 56 2d 33 3c 66 0e 15 f0 f2 a4 dd ef dc f9 aa e1 82 b3 0d db be 6a 67 c9 b7 23 f8 aa cf 88 60 4b 6d 7a 7b 68 d9 64 58 a4 f9 99 7e ee 7d a9 96 f1 ee e2 bf 4a a5 25 3a 6a 47 e0 98 ba 6e 95 79 53 ec ca ca c4 36 3e f5 58 8a 4d ad 9f fb e7 75 32 e2 27 56 e5 69 18 63 69 1e f5 aa b3 47 2b d1 9a 3a 7d f5 cd a4 8d 2c 1b 54 c8 a5 3e 6c 37 5e 32 3d ea 35 2b d1 93 fe 05 50 c2 5b cb da 7f e0 34 2f de c1 fe 2a 1a 0d 18 32 ee ff 00 80 d3 24 5c b7 c9 52 b2 fa 53 5d 08 6c 1a 91 b8 a2 1c 11 b6 95 3e 65 6c b7 dd a7 ba 01 48 b8 ef fc 35 5c c8 87 12 58 65 79 76 a7 94 b9 db 85 db 52 2a 6d fe 1d a5 7f bd 4d b6 32 41 32 cb 14 ad 1c 8b f7 59 6a c5 d5 c5 de a1 79 be e3 6b 4d 27 Data Ascii: 8V,Asv{U4_6o,fV-3<fjg#`Kmz{hdX~}J%:jGnyS6>XMu2'ViciG+:},T>l7^2=5+P[4/2$\RS]l>elH5\XeyvRmM2A2YjykM'
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: c1 61 54 2d ab dd 8c 74 75 5c 77 a8 7c dd db 91 fe 60 bf dd a9 16 75 59 15 a4 dd b7 77 cd b7 ef 55 ad 50 e9 2f 24 6d a4 db 4d 02 ed f9 fc f9 37 ee 3e b5 cb 6b 23 d4 94 ae d2 b1 15 ab 23 2e 07 5d d5 62 68 de 3e 0f f1 7c d5 41 65 11 b6 4a f1 5a 18 f3 15 64 65 65 dd 8d bb 97 ef 56 35 11 d3 46 6b b9 1b 63 76 4d 2c b7 1d fb 52 cc ca ab 8a ad 31 06 3f 7a 84 ae 74 ca 69 0f 79 01 a6 a6 59 a8 b7 89 24 56 de ff 00 f0 1a 9a d6 1c 4d 9d dc 2d 3b 58 c7 9e e3 96 37 1f 20 fb d5 2c 2d b1 98 9f 95 97 8a 49 98 6e c8 f9 aa 34 7f 5a 56 07 22 d4 8e 8d 6e aa 57 85 fb b5 42 f2 d5 96 68 ae 3c d6 5f 9b 2a ab f7 78 ab 6f 28 31 ed 1f 2b 54 37 01 de 15 01 b9 db f7 bf bb 4e 29 dc ce 53 49 17 53 51 82 7b 5f f5 9b 65 66 d9 fe f5 36 f2 64 dd 0c 4e df 36 e2 11 7e 83 35 98 63 16 76 eb 71 Data Ascii: aT-tu\w\|`uYwUP/$mM7>k##.]bh>\|AeJZdeeV5FkcvM,R1?ztiyY$VM-;X7 ,-In4ZV"nWBh<_*xo(1+T7N)SISQ{_ef6dN6~5cvq
2025-01-15 01:52:48 UTC	8192	IN	Data Raw: 91 b6 e4 98 f5 dc 0f 7f c2 a7 34 c3 c6 71 e7 8e 87 37 0e 62 aa 50 c4 ca 15 5d d3 28 5e 58 5b 41 63 14 a8 bb 5a 4e 5b 6d 51 99 1e da f1 42 4a b2 c7 b7 3f ee fb 55 a8 cc f3 69 2d 76 57 f7 3b b6 2b 7b d5 2c e7 e5 35 f3 d1 8b 57 4c fd 06 4e 33 b3 46 9c 6c 2e 63 c2 2e d6 fe 2f ee d2 08 a3 96 64 8b 51 96 74 83 f8 9a 2e 4a fd 33 55 ec ce c6 de bd 6a 7c 96 6c 9f 9a a1 e8 ca 50 94 b7 2c 6a 1f 60 13 2a 69 eb 2a c0 aa 04 7e 73 6e 7f a9 c7 7a a1 74 3c b5 ce fe 69 93 3c 8b 36 05 35 98 b2 fc ff 00 35 34 af a9 4a d1 8f 2a 2b 7d ad c4 db fe f0 5a 86 6b a6 dd 94 5f 9b fd 9a 4b d1 1a f5 fe 2f ee d6 7c 97 06 29 38 ae aa 71 b9 e7 d6 a8 d3 b3 2c 6a 9a ad db db ac 12 4e db 61 fe 1f ad 67 a4 b7 03 6c 9f 37 96 df c5 54 35 09 dd a4 62 5b 86 ad 1d 06 e6 31 23 5b c1 3c 72 aa ae 7c Data Ascii: 4q7bP](^X[AcZN[mQBJ?Ui-vW;+{,5WLN3Fl.c./dQt.J3Uj\|lP,j`i~snzt<i<6554J*+}Zk_K/\|)8q,jNagl7T5b[1#[<r\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	50199	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 01:52:49 UTC	346	OUT	GET /th?id=OADD2.10239391081812_16WIS2WQBVWJESJY8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-15 01:52:49 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 619387 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 9D472D44E9154795AB84FD21DC073981 Ref B: EWR311000106033 Ref C: 2025-01-15T01:52:49Z Date: Wed, 15 Jan 2025 01:52:49 GMT Connection: close
2025-01-15 01:52:49 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 34 3a 32 33 20 31 36 3a 35 36 3a 35 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.4 (Windows)2024:04:23 16:56:508C
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: f5 be 4c 3f 7e b4 3c 1b e2 ff 00 19 de 6b 5f f1 24 f1 6e b5 0c 30 ff 00 d3 c7 9d 6d fe e7 ef 2b d0 3c 3d f1 27 e1 af fc ba f8 b7 c0 7e 54 d0 79 b3 79 37 1f fc 5a d6 3c de 3b f8 33 f6 8f ec f9 7c 49 a7 6b 52 de fe f7 c9 d3 ad e6 b9 b9 ff 00 c8 55 97 b4 1f b3 3a 8d 27 e2 37 8c e3 ff 00 98 96 8b 7b ff 00 5f 76 fe 4f fe 81 56 f4 ff 00 8c 5e 23 dd f6 5d 43 c0 46 6b af 4b 3b f1 5c e6 b4 fe 01 d0 f4 df b5 e9 fa 6d c6 a9 2f ee e2 f2 6e fe e4 6d 5e 67 e2 1f 1d 6b 9a e6 a3 3e 95 a8 6a 5a 75 96 9f 34 f1 c5 0c d6 97 1f 63 48 d3 fe 5a 7f bf 47 b4 17 d5 cf 77 d6 3e 3d f8 76 c2 df 8d 13 59 9b 50 f2 7f 75 69 10 4f fc 7d ff 00 e5 9d 78 07 ed 33 f1 27 fb 6e db ed 5e 20 d4 bc e8 a6 fd d5 a6 93 a7 7c ff 00 ef fd ff 00 fd 0e ab ea 10 69 da 7f fc 4e f4 9b 6f f8 92 d9 7f c8 46 Data Ascii: L?~<k_$n0m+<='~Tyy7Z<;3\|IkRU:'7{_vOV^#]CFkK;\m/nm^gk>jZu4cHZGw>=vYPuiO}x3'n^ \|iNoF
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: fc 45 e1 ad 5f 54 b7 82 ea 1f dc c5 35 f7 95 0f ff 00 b7 58 73 41 77 71 e1 df 2a 2b 6b 7f 36 19 fc af 26 1a 7f bb 0f de 53 3b cf 09 c1 e1 7d 63 52 b1 fe d5 b6 b7 d5 3c e8 3c d8 66 fb 43 a5 73 fa 8e 9b 0e 9f e2 ab dd 27 fd 4c 50 f9 92 c3 e6 dc 55 7f b2 4d fb 98 74 ab 9f 3a ea 08 3f 7d 5a 1a 1c 7f da 16 f7 d7 73 5c db c3 34 30 49 f6 49 6e ff 00 e5 e2 8f 80 3e 3f 70 c7 86 df 57 b8 ff 00 89 85 a7 ef a2 86 0f df 55 cd 42 d2 ef fb 3b cd 96 e7 c9 f3 bc b9 7f 7d ff 00 2d 2a e7 f6 b7 f6 5e 9d 7d 69 69 6d ff 00 1f b6 3f f0 3f 36 a4 ff 00 84 96 d2 3d 16 7b 48 bf 7d 14 d6 31 ff 00 cb be ff 00 9e 90 7b 3a 66 e7 d8 2d 34 bf 06 4d a8 7f d4 53 ca 86 6f f7 aa 9f c4 8b 49 ae 35 a8 2d 62 d3 74 e8 7c 9f f9 6d 69 6f e4 fd a2 bd 13 c4 3e 1a f0 bc 9e 0c 82 d3 50 d1 2e 3f 73 e5 Data Ascii: E_T5XsAwq+k6&S;}cR<<fCs'LPUMt:?}Zs\40IIn>?pWUB;}-^}iim??6={H}1{:f-4MSoI5-bt\|mio>P.?s
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: ac 6a 53 fe 41 1a 9f 12 3c 27 77 a3 e9 de 6c ba 97 ef a6 fd d4 3e 4d bf fa ba e6 f4 f8 3c cb 68 74 ab bb 6b 7b df 27 cb ff 00 b6 7f ef d7 69 ae 6a d3 5c 69 ff 00 6b ba d3 7e db 58 7a b5 86 87 71 a7 41 e6 e9 b6 f0 cb ff 00 5f 1b 2a 30 f4 ea 53 a7 c9 39 dd 81 cf f8 cb 5a bb d3 ed e7 b4 fb 37 db 65 87 fe 3e e2 ff 00 9f 8f ee 7f b8 95 e6 7a 86 9b f6 3d 6a fb 50 d5 7f 7d 75 34 1f be fb 9b fc df f9 e7 bf fb 95 d4 78 cb 42 ff 00 8a 8b ec b2 ea 57 1e 54 df f3 db fb 8b f7 eb 2f c4 3f d9 1e 24 f1 17 9b a8 5b 5c 43 6b 0f fc b1 ff 00 97 6f 96 bb 3f 87 4c 29 ff 00 10 e6 ed 20 f3 2e 20 97 ed 36 d0 7f cb 4f fb 65 ff 00 3c eb 9f f1 0e 9b e2 2d 43 51 ff 00 9e 3e 74 ff 00 f1 e9 f6 8f f9 65 5d a6 ad e7 49 f6 eb b8 b4 db 7f 36 6f dd 43 34 3f dc ac 39 ae f4 e8 ee 2f a5 fb 35 Data Ascii: jSA<'wl>M<htk{'ij\ik~XzqA_*0S9Z7e>z=jP}u4xBWT/?$[\Cko?L) . 6Oe<-CQ>te]I6oC4?9/5
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: d3 35 a9 ec cf 8f ef 34 db bd 3e e6 1f ed bf f5 bf f2 c6 ee 5f e3 a2 d3 56 fe cf d4 a0 bb fb 4d c4 da 7f fc f1 af 48 f8 85 04 3a c5 c7 f6 55 a7 fa ab 28 3f 7d e4 fc f0 ec ff 00 7e b8 3b b8 21 8f c3 b0 5d cb a6 ff 00 c7 97 ee a1 fe 07 ff 00 81 d6 87 29 b1 36 9b a7 6b 1a 2f f6 ae 89 6d a8 c3 2c 33 c7 fd a3 fd c8 fc ca e6 fc 41 e1 ef f4 88 2e e5 b9 f2 74 f9 ff 00 77 fb 9f ef d6 87 86 75 2d 76 f3 51 9e d3 ed 37 13 45 ff 00 2d a1 fb 45 5c f1 65 a7 f6 7e 9d ff 00 12 fb 9f f4 58 7f d7 7f 1a 6f 6a 00 c3 d7 2f e1 8e e3 4b 8a ef 4d b7 9a 2d 2e 0f 2b f7 5f 72 4a cf b5 d5 a6 b7 b8 9e 5f b4 ff 00 a2 ff 00 cf a5 58 fb 45 a7 d9 ef 62 ba d1 7f 7d e4 7f ae 9a b0 fc 8f 33 cf 97 fe 78 c1 fe aa b4 33 35 7e dd 14 97 1f da ba 7f da 61 ff 00 96 53 7f b9 5a 9a b4 93 7d a2 1f b2 Data Ascii: 54>_VMH:U(?}~;!])6k/m,3A.twu-vQ7E-E\e~Xoj/KM-.+_rJ_XEb}3x35~aSZ}
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: 7c ef de 5d f9 bf 7e e3 fe fb ae 77 55 b6 6f ec e9 a3 97 f0 af 81 7c 25 a4 5d 79 d1 f8 2b c2 b6 71 9f f8 f4 8a d2 c1 3f f4 74 95 dc 5a 7f 68 ff 00 67 79 b7 5f f6 c7 c9 f9 2a 4b 4f 87 be 39 b7 ff 00 5b 6d a7 4d ff 00 5c 6e 2b 3f 50 d3 7c 67 a5 f9 f1 5d e8 97 10 ff 00 cf 2b b9 ae 3f d7 bd 00 13 41 35 e5 bf 9b 77 f6 8f 2a 6f fb ee a4 b4 d5 ae e3 b8 83 4f ff 00 48 d2 f4 f8 7f d7 4d ff 00 c4 25 57 9b 4d d7 2e 3f e6 1b 71 aa 4b ff 00 4e 9f 24 35 c1 fc 68 f1 9e 87 f0 ff 00 c2 b3 4b e2 5f ed af ed 5d 53 fd 06 d2 d2 d2 dd f7 c7 17 f1 3e f7 a0 0f 44 bb f1 4e a3 ac 69 df da b1 78 93 51 b2 d3 ef 7c c8 ad 34 98 6d fe 7b 8f f7 e4 fe f5 67 69 6d 63 a6 78 7e f3 c2 da 5e 97 6b 67 63 a9 7f c7 fe 9f 68 3c e7 9b 77 f1 dc 4d fc 55 c6 7c 06 d3 3c 45 aa 7f 65 c3 e2 0d 13 59 d1 Data Ascii: \|]~wUo\|%]y+q?tZhgy_KO9[mM\n+?P\|g]+?A5woOHM%WM.?qKN$5hK_]S>DNixQ\|4m{gimcx~^kgch<wMU\|<EeY
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: a4 7f f2 f1 ff 00 1f 15 af c7 50 e7 f8 0c 3f 1c 78 c3 fb 3f 4f 9b fb 2a da de 6b af f9 6d 77 f6 7f f5 7f f5 ce bc ff 00 c6 de 28 d7 35 0f 01 c1 a7 cb 73 a8 de ff 00 6a 4f fe bb fb 43 f7 36 91 27 fe cd 5e 81 17 81 3c 51 e2 cb 99 a5 b4 ff 00 42 b5 f3 e4 f2 6e ee fe e4 9f ec 57 93 fc 4d 82 ef 4f d4 bf e1 14 d6 ed bc 98 61 ff 00 a7 8f f5 7b 9f e7 f2 91 3f bd 5d 26 75 0e 93 c2 7e 21 9b 4f d1 ac 6d 6d 2e 6d f5 48 bf 79 17 ee 6b 43 56 8f 51 fb 4c 11 45 73 f6 2d 2a 6f f5 d0 ff 00 f6 15 cf f8 0a 4f b1 ff 00 6a 69 56 96 df ba b2 9f f7 3f df ff 00 62 bb 4d 26 4d 47 fd 06 d7 ec d7 1f f4 db ce b7 ff 00 8f 87 ff 00 62 b9 4e 8f f9 76 6a 68 97 f0 de 7d bb 50 d4 2e 74 ef b5 4d 07 da 7f b3 be cf fe 93 6f 12 fd cf 32 bc 8f f6 8a bb bc 92 db ed 76 97 3e 75 ac 33 fe fb fe 58 Data Ascii: P?x?Okmw(5sjOC6'^<QBnWMOa{?]&u~!Omm.mHykCVQLEs-oOjiV?bM&MGbNvjh}P.tMo2v>u3X
2025-01-15 01:52:49 UTC	16069	IN	Data Raw: ae 5d c3 25 c7 95 f6 6f b6 cd fb cf df 7f f6 14 f0 db 9c 5e d0 ea 34 fb 0f 33 c3 b0 4b 2d b7 93 2c 3f bd 9a 69 ab 3f c6 5a 4c de 24 f0 64 f0 cd 73 ff 00 2c 3c d8 7f 83 e7 ab 9e 18 bb b4 bc d1 60 97 ec d7 10 da ff 00 cf 1f e3 df 56 2e fc 9f f9 88 5c ff 00 a9 83 f7 d0 ff 00 cf 4a fa 94 69 ff 00 2e cf 9f ff 00 e1 28 f1 15 bf 88 bf 7b e2 4d 47 ca fd df fa 9b 8a d0 d3 fe 24 f8 8a 4f f4 49 7e cf 7b a7 cd 3f 95 77 e7 5b ff 00 e8 ca c3 f1 0a 7f c5 55 7d fe 8d e4 45 fe b6 68 6b 2e d6 7f b3 eb 53 f9 5f f9 1a de ba 66 67 ec cb 9a e6 85 a1 c9 71 fd a1 a5 7d a3 4b 97 fe 5b 43 ff 00 2c 7f ef df f0 57 71 fb 2f ff 00 a3 f8 77 54 8a 5f f9 63 7d ff 00 2c 7f da ac 3f b5 c3 79 6f 04 53 5b 7e ea 18 3c d8 6b a8 fd 9a de d2 3b 6d 6f ca fb 47 f6 84 d7 d1 ff 00 db bd 67 ed 04 7a Data Ascii: ]%o^43K-,?i?ZL$ds,<`V.\Ji.({MG$OI~{?w[U}Ehk.S_fgq}K[C,Wq/wT_c},?yoS[~<k;moGgz
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: cf f9 76 18 8f e1 95 e1 bb bb 92 e3 ce ff 00 48 fd cf fa df 26 ac 78 4e 7b 4f f8 4a a6 f3 7e cf e5 79 1e 6c 33 7d a3 fe 5a ff 00 d3 3a e5 fe d7 69 1d bf 95 f6 9b 88 66 ff 00 5b 5b 1f 0f 6c 2d 35 0d 6a 09 62 b6 d3 bf d4 79 50 dd ff 00 d3 c7 fb 75 c7 52 9f ee ce 2a 5f c4 3d c3 c3 32 4d 6f a2 df 5d dd dc f9 3e 74 ff 00 eb be e5 49 a1 c7 69 6f fe 89 f6 9f f9 6f 54 ed 23 86 3f 06 79 32 ff 00 d7 2a b9 a4 ff 00 a4 69 ff 00 6b 96 db fd 7f fa 9f 27 ef fc b5 ea d3 fb 07 ac 7c f7 f1 62 4f f8 b8 9a dd dc bf eb 7e dd fb 9a cf 8a 3f f9 7b fb 4f fa 98 3f f1 fa d4 f8 b1 1c 31 fc 55 be 8a 5f dc 5a fd bb fe 7d fe 7a c7 bb 9f ec fe 7f 95 f6 89 a2 ff 00 5b fb ef f9 69 5d 07 29 9f ae 7f d3 1f fb 6d e7 57 b2 7e ca b2 4d ff 00 0a aa fb cd ff 00 8f 58 75 49 3f 73 5e 1f ae 4f e5 Data Ascii: vH&xN{OJ~yl3}Z:if[[l-5jbyPuR_=2Mo]>tIiooT#?y2ik'\|bO~?{O?1U_Z}z[i])mW~MXuI?s^O
2025-01-15 01:52:49 UTC	16384	IN	Data Raw: fc 3f a5 78 93 4e 9e eb c8 8f ce 9a 1a b1 a4 f8 22 ee 4f 0a cf a7 c5 fd 9d fb 9f f5 3e 4e a1 b1 2b 87 fb 1e a0 1a 9f 08 c0 b0 d3 f5 af b0 5c 7f ad b2 c8 ff 00 be eb 53 ec 90 e8 77 3e 54 5f e9 ba 84 d3 fe fa 6a b9 f0 b7 46 87 4f b7 be 8b 55 b6 f2 65 f2 3f ef e2 56 a5 de b5 0d c5 bf 9b f6 6f 26 2b df 32 2f fb e2 bd fc 1e 1b d9 e1 e1 0a 86 55 2a 7e f0 e1 f4 ff 00 09 ea 32 6a 3f da 1a 86 b7 e7 45 e7 c9 fe ba ab f9 17 72 69 f3 c5 2d cd c7 9b ff 00 2c 7e c9 5a 1f db ba 74 7a 8f fc 23 f1 7f 67 43 a7 f9 1e 6f fd 36 ab 9a 1d df fa 3c d2 da 7d a3 ce f3 fc af 26 b9 f1 19 7e 12 bd 41 9c dd e5 a6 bb 1d bc f1 5d ea 5a 76 97 17 fa a8 7f d2 3e 7a e7 fc 3d e0 cf b3 ea 33 cb a7 db 5b c3 aa ff 00 ad 9a ee 6f f9 78 ff 00 81 d7 49 ab 78 6b fb 43 51 83 fd 27 fe 5b c9 2f f7 fe Data Ascii: ?xN"O>N+\Sw>T_jFOUe?Vo&+2/U*~2j?Eri-,~Ztz#gCo6<}&~A]Zv>z=3[oxIxkCQ'[/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	50209	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 01:52:49 UTC	375	OUT	GET /th?id=OADD2.10239391081813_18VUO41WSWZPI1SC6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-15 01:52:49 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 738044 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: E26B2F3F7FD2452284DAF1371764D1A5 Ref B: EWR30EDGE1016 Ref C: 2025-01-15T01:52:49Z Date: Wed, 15 Jan 2025 01:52:49 GMT Connection: close
2025-01-15 01:52:49 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 34 3a 32 33 20 31 34 3a 33 33 3a 35 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.4 (Windows)2024:04:23 14:33:578C
2025-01-15 01:52:49 UTC	8192	IN	Data Raw: b8 d5 2e a1 83 cd 96 ef 4e fd f7 da 3f e0 1f 2d 67 88 fe e0 61 c9 35 09 2e f5 0f 23 ec 9f be 8b f7 91 4d f6 bf 93 e4 ac fd 27 4d b4 b3 b9 fd ed cf fa ef 33 fc bd 5c fe da d3 b5 0f 23 fb 42 e6 e7 c3 12 cd 3f 95 0f f6 8f fa eb 8f f6 2a bf 88 60 fb 1e a3 ff 00 12 fd 4a e2 f6 2f 3f fd 2e 19 bf e5 de b4 a7 fc 33 2a 9f c4 29 f8 e2 3b b9 34 ef 3a ee e7 c9 b5 86 0f f9 f7 f9 2d ff 00 eb a5 71 76 97 77 77 1a 6c fa dd a6 9b e4 c5 37 fa 34 3f df f9 7f bf 5d 87 8f 34 9f ed 0d 1a 0d 3f 50 fd cc 53 4f 1f 9d 34 3f 27 99 12 ff 00 7e a9 f8 86 4f 2f c8 b4 b4 fd ce 9f 65 ff 00 a3 7f d8 ac ea 1d 34 ce 5f 5c 9e 18 ff 00 d6 db 7f db 1a cb f3 e5 8e df f7 b6 df ba ff 00 96 30 ff 00 cf 4a d8 9a 4b b9 3f d5 69 b7 1e 54 df bd ff 00 6e e2 a9 c3 a6 ff 00 68 5c 79 b2 db 7e eb fd 54 d1 Data Ascii: .N?-ga5.#M'M3\#B?`J/?.3);4:-qvwwl74?]4?PSO4?'~O/e4_\0JK?iTnh\y~T
2025-01-15 01:52:49 UTC	4144	IN	Data Raw: 30 92 4d 46 e2 df fb 57 c3 fa 77 f6 9c b7 9f f2 e9 fc 70 45 17 fd 33 fe 2a bb a0 be a5 e2 9d 3f ed f3 5b ea 06 5d 32 6f 2f f7 87 f7 b0 56 7f 89 ad 2c ed b5 9f b0 78 7f 51 b8 b3 96 ca 7f 33 49 d4 3e 74 ff 00 45 ff 00 a6 bf ed 2d 6c 78 5f c6 3a 74 1e 76 bd e2 0b 9b 88 75 9f 26 39 25 f2 ad fd 3f e7 a7 f0 ee 6a ee c5 29 3a 3e d6 8c 2e ff 00 13 9b 5b f2 4c eb e6 f1 2f 89 ed b4 6b 1d 13 5a d3 74 79 b4 b8 27 ff 00 44 bb fb 07 cf b5 93 ee 79 b5 81 e0 fb 5b cf 0e f8 ca 1d 2f ed 3e 74 b7 9f 68 93 ed 50 9f 27 f7 5b 3e 4f 32 45 ff 00 d0 2b 72 fb 56 86 e1 e1 d6 b4 bf 0e f9 f1 79 3e 56 95 16 a1 6f fe bd 5f ef fc ff 00 c7 58 7e 36 d5 f4 9f 00 7c 4b 9b c4 7a 56 9a 2c 6d 26 b2 ff 00 90 7d a5 fa 5c c5 f3 7f cb 3f 9f ff 00 1e ae 0c 3f ef e0 e2 e3 ef b5 a9 d1 52 a7 b3 3a 3d Data Ascii: 0MFWwpE3*?[]2o/V,xQ3I>tE-lx_:tvu&9%?j):>.[L/kZty'Dy[/>thP'[>O2E+rVy>Vo_X~6\|KzV,m&}\??R:=
2025-01-15 01:52:49 UTC	8192	IN	Data Raw: e2 ff 00 b9 1d 7d 61 f1 1e ce ee f3 e1 e7 f6 b4 3f d8 df d9 f0 f9 72 ff 00 a2 58 6c df f3 ff 00 ac df fe f7 f0 57 cd 66 95 f9 2a 43 b4 b4 3d 9c 3f f0 cf 94 ff 00 6a 0f 10 f8 9f 5c d4 3c ed 47 ec f6 5a 34 1f ba bb bb f3 ff 00 e3 f2 76 4f 91 f6 7f bb 5e 07 a8 da c5 69 73 65 6b 15 cf 9f e7 d9 7f aa ff 00 9e 0f fd da f7 8f da aa c6 ee e3 51 d2 ee a5 b6 f2 74 ff 00 23 f7 de 4f fc b4 af 0b f2 ee ff 00 b6 74 bf f4 9f f5 33 f9 53 7f d3 3f 9e bd ec 15 3e 4a 5e e1 e4 e3 3f 88 58 f0 cc 1f 6c d4 60 b4 ff 00 48 9a 2f b0 fe fb ca ff 00 97 7a e9 26 93 fd 1a c6 2d 3e e6 e2 cb ec 50 79 5e 77 f1 ec ff 00 96 b5 72 d6 d2 d3 c2 7a 85 f5 dc ba 27 d8 bc eb 1f f5 33 6a 1f f9 13 6a 7f df 75 87 e4 7d 9f c4 5f da 1f e8 ff 00 65 f2 3e cd ff 00 01 6a ec 39 c9 34 38 35 cb 7f de cb 6d Data Ascii: }a?rXlWf*C=?j\<GZ4vO^isekQt#Ot3S?>J^?Xl`H/z&->Py^wrz'3jju}_e>j9485m
2025-01-15 01:52:49 UTC	8192	IN	Data Raw: ef ff 00 ed 2f e0 ab 1e 13 b0 b4 ff 00 84 8a 7d 57 4a b9 f3 b5 0d 53 fe 58 fd a1 ff 00 d2 2d 63 fe 0b 7f ee 3a ff 00 ac ae 92 5b 08 b5 0d 3a 1d 43 49 b6 b7 ff 00 42 f3 2e 7f e2 61 71 bf cc 4f f6 7e 5a e4 ce 31 b5 e9 c3 ea d0 f7 ae 67 87 a7 4e 7e f9 a1 e2 1b eb bb 8f 86 7f f2 0d b7 f3 6c e0 8f ce f2 6d fe 4f 2a 4f e3 ff 00 7d eb 87 b4 4b b9 35 ab ed 3f 50 b9 fb 6c 53 41 f6 9f ed 1f f5 33 5a 5d 7f d3 6f 9f ee ff 00 b1 5d 84 ba 9f 89 ec 2d ef ae e4 d1 3c f8 af 3c bf df 5d db f9 3f b8 df ff 00 a0 37 f0 d7 07 e1 eb 4b b8 fc 45 35 a0 b6 f2 7f e1 20 83 cb d4 74 f9 b6 79 3f 37 fc f3 97 f8 3f e0 6f 5e 72 c4 7b 7a 76 8f dc 68 76 97 50 c5 7f 6b 3e a9 0d cf fc 4b fc 8f fc 07 96 3f ef a5 50 d5 3c 46 74 4d 1f cc d2 6e 7f b5 2d 4c 3e 64 b7 7f 3f 9d 02 7f 72 58 7f bd 51 Data Ascii: /}WJSX-c:[:CIB.aqO~Z1gN~lmO*O}K5?PlSA3Z]o]-<<]?7KE5 ty?7?o^r{zvhvPk>K?P<FtMn-L>d?rXQ
2025-01-15 01:52:49 UTC	8192	IN	Data Raw: 00 c4 57 ca d6 ab 52 bd 0e 48 4f 97 53 a7 ed 97 3c 33 a9 4d 79 a8 eb 7a ad ad cd c5 ef 9d fe 8d e7 43 b3 67 95 fe e7 fc b3 ff 00 7d 3e 6a 8f 56 82 ee de e3 ce ff 00 47 fb 07 9f 1d cc 5e 77 fc f2 5f f9 65 5d 07 83 63 86 e3 4e b2 d3 f4 4d 6f c9 96 ca 0f 37 fe be 3f bf bd 1f f8 ff 00 f4 1a c3 d3 f4 ab 4b 7f 15 41 69 f6 6f b6 c5 7b 3f 95 77 17 cf e4 ed fe ff 00 fc 0e b8 b1 55 2b d4 a9 0e 49 bb ad 0d 3d 9f b3 a6 6c 5e 49 ff 00 12 69 bf b3 ee 6e 21 f2 7c c8 bf b2 66 b8 fd f7 fb 0f e5 bf df ff 00 7e b8 f8 a7 fb 47 87 67 d3 ee b4 4d 6a 6b bf 22 38 e5 fe 3f b5 ec ff 00 96 92 7f b3 52 78 b2 38 ad fc 45 a5 cb 2e a5 e7 5d 59 41 ff 00 3f 1f f1 f7 13 3f dc ff 00 ae b5 a1 a2 58 da 6a 1f 6d 8a d7 51 b8 bd d4 2c bf d2 65 f3 77 ec ff 00 61 3f f8 9a d2 9d 0a 98 7a fc b1 f7 Data Ascii: WRHOS<3MyzCg}>jVG^w_e]cNMo7?KAio{?wU+I=l^Iin!\|f~GgMjk"8?Rx8E.]YA??XjmQ,ewa?z
2025-01-15 01:52:49 UTC	8192	IN	Data Raw: 53 df 47 a6 5a 5a 7f b9 ff 00 d9 7f 1a d7 45 33 9a a1 4f c6 56 90 eb 96 f7 de 1f 96 e7 4e 9b 4f b2 f3 22 fb 5d a5 bf fc f2 f9 ff 00 d6 ff 00 b1 fd ca cb f0 9d 87 f6 86 8b ff 00 08 d6 89 a2 6a 3a 2d d4 3e 5f ef bf d4 a7 9b fd ff 00 f8 15 7a 47 8f 34 9f f4 78 34 f8 7e cf e6 e8 b0 7f c7 a4 3f ea 63 b5 9f fd bf f7 aa 9c df 64 d1 f4 58 3f b1 2e 6e 2c a5 87 cb 8b ce 9b fd 27 fe fc ff 00 f1 6f 5d a7 31 b1 a1 e9 30 d9 e8 b3 c5 aa ff 00 df 98 6e 37 a5 c7 fb 15 a1 77 e1 af 14 78 a3 c3 bf d9 5a 7d cd c6 97 75 e7 c9 ff 00 1e 97 1b 26 d9 fe df f7 ea 3f 86 f2 43 1d c7 f6 af 88 35 2d 3a 1f 27 f7 5e 4c df be 9b cd fb 9e 62 6c ff 00 be 3f db ae c3 50 d6 ad 23 d1 67 d4 2d 2d b5 1d 4e 2f dd c5 35 a5 a5 bf fa 4d c2 37 fe 81 15 73 9d 03 fc 27 f0 e7 49 f0 db 41 ad cb a8 ea 10 Data Ascii: SGZZE3OVNO"]j:->_zG4x4~?cdX?.n,'o]10n7wxZ}u&?C5-:'^Lbl?P#g--N/5M7s'IA
2025-01-15 01:52:50 UTC	8192	IN	Data Raw: 5a 74 9a 8c 1f e8 de 4c b3 79 72 f9 df f3 ef 51 f8 87 c5 17 97 1e 44 5f 69 fd ed 97 99 e4 f9 3f ed 52 33 fd d9 d0 6b 9e 17 b4 d0 ff 00 e2 5f 77 73 fe 97 35 8f ef 66 ff 00 81 ff 00 05 53 d4 2e f4 e8 fc fd 3f 4f b6 f2 6d 61 9f f7 30 cd 71 fe af e4 f9 eb 3f c5 93 dd c9 a8 f9 bf da 57 13 7f 65 f9 7e 4c d3 7f b5 fd ca a7 0f 9d 1e a3 aa 7f cb 69 7c 88 ff 00 ed a7 cf ff 00 c4 d0 59 24 d7 7f da 97 1f 64 8a e7 c9 96 18 3c af 27 fe b9 fd cd f4 79 7e 5e a3 7d 14 b7 3e 4f d8 bf 75 fb 9a a7 77 27 d9 ee 27 d4 25 ff 00 8f ab d8 3c af dc d4 9e 64 d1 db f9 52 fe fb ce ff 00 9e d5 b1 ce 6a 43 3f 99 73 fd a1 2f d9 ff 00 fb 6d 1e 26 d6 a1 fb 3f 9b 17 fa df 23 cd ab 9a 4f 85 ed 35 8f 0e df 7d 97 c4 9f e9 70 c1 f6 98 7f ed 97 ff 00 15 58 77 71 cd 6f e4 5d fd 9b ce 8b c8 8f ed Data Ascii: ZtLyrQD_i?R3k_ws5fS.?Oma0q?We~Li\|Y$d<'y~^}>Ouw''%<dRjC?s/m&?#O5}pXwqo]
2025-01-15 01:52:50 UTC	8192	IN	Data Raw: 7d dd cf 9d a7 ff 00 aa 8a 18 7e 7a ea 2e e3 86 3b 7f f8 98 5b 6a 30 5a 7f d3 6f f9 69 59 53 a6 07 49 fb 28 5d da 68 7f 15 2c bf b4 2d ae 21 d2 a6 f3 2c 7c d9 bf 7d e5 f9 89 fb bd f5 da 5d 69 3a 47 88 3e 1d ea 9e 14 8a e7 ed b1 78 62 fa f7 c9 ff 00 48 87 fb ff 00 24 90 fc eb 58 7f 09 f4 28 75 cb 7d 52 ef 44 fe ce d2 e5 d2 fc bd 4a d3 fb 47 f7 3f 68 f2 eb 93 f8 c7 69 35 c7 87 75 bd 42 2d 13 4e d4 ee bc fb 6b ed 3a ef 4e b8 fd cf ef ff 00 d6 3f 93 5e 8d 3f e1 9a af 80 26 f0 7c 37 9e 15 82 5d 3f 5b d3 a6 ba bd ff 00 97 4d 47 fd 4d 68 5a f8 4e d3 43 b7 83 ed 7a 6d bc de 77 97 2c df d9 db 2d 92 b4 2d 3c 3d 69 1f 85 67 b5 d4 3f 73 15 94 11 dc ff 00 a2 7f cb 85 c3 7f 72 bc ff 00 56 d6 a6 b8 d4 6c 74 f9 7e cf ad 5a 79 f2 5b 43 2d a6 f4 9a de 5a f3 aa 53 a9 f0 0a Data Ascii: }~z.;[j0ZoiYSI(]h,-!,\|}]i:G>xbH$X(u}RDJG?hi5uB-Nk:N?^?&\|7]?[MGMhZNCzmw,--<=ig?srVlt~Zy[C-ZS
2025-01-15 01:52:50 UTC	8192	IN	Data Raw: 1f fb 35 7d 13 a1 e8 be 14 d2 fe 0a b6 ab 61 ae df d9 f8 df fb 2e 4f ed 4b 49 75 58 6f 62 d5 a2 ff 00 a6 6e ff 00 2a 2d 65 88 b7 b3 fd c6 8e 47 4e 1e a5 45 f1 ea 79 0f 89 a3 d5 bf e1 22 f2 b4 fb 6b 88 6e a1 9f fe 25 df 64 9f 7f fc 02 4d ff 00 dd 5a e7 74 df 0e f8 63 59 f1 15 e5 9a 6b 56 fe 07 b8 b7 9b 89 35 0b 99 ae fc ff 00 e1 fb e8 9f de af 55 f1 36 8d ff 00 09 07 83 7f b6 fe d3 71 67 a5 59 41 ff 00 1f 76 9b 3f e3 dd 7f d8 dd f7 ab 95 b6 d3 f5 1f 13 78 78 ea 7e 11 b6 d3 f3 78 7f 7d 14 a7 fe 26 93 ff 00 cf 3f 9d fe e4 7f ee 51 85 95 48 50 97 3e 9e 66 58 8f e2 1e b3 f0 ff 00 fe 10 ef f8 52 7f f0 86 58 78 8b 4f 86 ea cf cc 96 5c cf fb df b7 7f d3 07 fb 8f 5e 1b e2 3f 14 dd e9 fa 04 fe 16 d5 2d 74 ed 4a 5b 28 7c bb 3d 42 1f 91 e7 8b fe 9a ff 00 7f ff 00 43 Data Ascii: 5}a.OKIuXobn*-eGNEy"kn%dMZtcYkV5U6qgYAv?xx~x}&?QHP>fXRXxO\^?-tJ[(\|=BC

Target ID:	0
Start time:	20:52:20
Start date:	14/01/2025
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll"
Imagebase:	0xd20000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	20:52:20
Start date:	14/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	20:52:20
Start date:	14/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	20:52:20
Start date:	14/01/2025
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\GUtEaDsc9X.dll,PlayGame
Imagebase:	0x120000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	20:52:20
Start date:	14/01/2025
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",#1
Imagebase:	0x120000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	20:52:21
Start date:	14/01/2025
Path:	C:\Windows\mssecsvr.exe
Wow64 process (32bit):	true
Commandline:	C:\WINDOWS\mssecsvr.exe
Imagebase:	0x400000
File size:	2'281'472 bytes
MD5 hash:	3DC07E6A906F86FDD76CDF2B51738089
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000006.00000000.2254855112.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: us-cert code analysis team Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000006.00000000.2255015334.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000006.00000000.2255015334.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: us-cert code analysis team
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	20:52:23
Start date:	14/01/2025
Path:	C:\Windows\mssecsvr.exe
Wow64 process (32bit):	true
Commandline:	C:\WINDOWS\mssecsvr.exe -m security
Imagebase:	0x400000
File size:	2'281'472 bytes
MD5 hash:	3DC07E6A906F86FDD76CDF2B51738089
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000000.2274209166.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: us-cert code analysis team Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000002.2926241811.0000000001E97000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000007.00000002.2926241811.0000000001E97000.00000004.00000020.00020000.00000000.sdmp, Author: us-cert code analysis team Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000002.2926502101.00000000023BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000007.00000002.2926502101.00000000023BD000.00000004.00000020.00020000.00000000.sdmp, Author: us-cert code analysis team Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000000.2274388470.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000007.00000000.2274388470.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: us-cert code analysis team
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	20:52:24
Start date:	14/01/2025
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\GUtEaDsc9X.dll",PlayGame
Imagebase:	0x120000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	20:52:24
Start date:	14/01/2025
Path:	C:\Windows\mssecsvr.exe
Wow64 process (32bit):	true
Commandline:	C:\WINDOWS\mssecsvr.exe
Imagebase:	0x400000
File size:	2'281'472 bytes
MD5 hash:	3DC07E6A906F86FDD76CDF2B51738089
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000009.00000002.2298150332.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000009.00000000.2283925530.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000009.00000000.2284105441.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000009.00000000.2284105441.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: us-cert code analysis team Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000009.00000002.2298346949.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: wanna_cry_ransomware_generic, Description: detects wannacry ransomware on disk and in virtual page, Source: 00000009.00000002.2298346949.0000000000710000.00000002.00000001.01000000.00000004.sdmp, Author: us-cert code analysis team
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	20:53:18
Start date:	14/01/2025
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	71.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	63.2%
Total number of Nodes:	38
Total number of Limit Nodes:	9

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00407CE0 Relevance: 50.9, APIs: 18, Strings: 11, Instructions: 175
libraryloaderfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6F7F0EF0,?,00000000), ref: 00407CEF
GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
sprintf.MSVCRT ref: 00407E01
sprintf.MSVCRT ref: 00407E18
MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00407E2C
CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000004,00000000), ref: 00407E43
WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00407E61
CloseHandle.KERNELBASE(00000000), ref: 00407E68
CreateProcessA.KERNELBASE ref: 00407EE8
CloseHandle.KERNEL32(00000000), ref: 00407EF7
CloseHandle.KERNEL32(08000000), ref: 00407F02

Strings

WINDOWS, xrefs: 00407DF2, 00407E0D
CloseHandle, xrefs: 00407D29
kernel32.dll, xrefs: 00407CEA
CreateProcessA, xrefs: 00407D07
CreateFileA, xrefs: 00407D0F
tasksche.exe, xrefs: 00407DEA
WriteFile, xrefs: 00407D1C
D, xrefs: 00407ED3
C:\%s\qeriuwjhrf, xrefs: 00407E12
C:\%s\%s, xrefs: 00407DFB
/i, xrefs: 00407E8D

Memory Dump Source

Source File: 00000006.00000002.2292630848.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2292487465.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292714421.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292825641.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: AddressHandleProcResource$CloseFile$Createsprintf$FindLoadLockModuleMoveProcessSizeofWrite
String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
API String ID: 4281112323-1507730452
Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA

Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__set_app_type.MSVCRT ref: 00409A43
__p__fmode.MSVCRT ref: 00409A58
__p__commode.MSVCRT ref: 00409A66
__setusermatherr.MSVCRT ref: 00409A92
_initterm.MSVCRT ref: 00409AA8
__getmainargs.MSVCRT ref: 00409ACB
_initterm.MSVCRT ref: 00409ADB
GetStartupInfoA.KERNEL32(?), ref: 00409B1A
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00409B3E
exit.KERNELBASE ref: 00409B4E
_XcptFilter.MSVCRT ref: 00409B60

Memory Dump Source

Source File: 00000006.00000002.2292630848.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2292487465.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292714421.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292825641.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
String ID:
API String ID: 801014965-0
Opcode ID: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
Opcode Fuzzy Hash: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59

Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
InternetCloseHandle.WININET(00000000), ref: 004081A7
InternetCloseHandle.WININET(00000000), ref: 004081AB

Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5

Strings

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com, xrefs: 0040814A

Memory Dump Source

Source File: 00000006.00000002.2292630848.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2292487465.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292714421.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292825641.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
API String ID: 774561529-2614457033
Opcode ID: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
Instruction ID: 3b8a91e0baa4f3639afdb349cfc438007093f0a6557163af6b5eb03d237fc32a
Opcode Fuzzy Hash: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
Instruction Fuzzy Hash: B3018671548310AEE310DF748D01B6B7BE9EF85710F01082EF984F72C0EAB59804876B

Non-executed Functions

Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

sprintf.MSVCRT ref: 00407C56
OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
CreateServiceA.ADVAPI32(00000000,mssecsvc2.1,Microsoft Security Center (2.1) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6F7F0EF0,00000000), ref: 00407C9B
StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC

Strings

Microsoft Security Center (2.1) Service, xrefs: 00407C90
mssecsvc2.1, xrefs: 00407C95
%s -m security, xrefs: 00407C50

Memory Dump Source

Source File: 00000006.00000002.2292630848.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2292487465.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292714421.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292825641.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
String ID: %s -m security$Microsoft Security Center (2.1) Service$mssecsvc2.1
API String ID: 3340711343-2450984573
Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF

Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
__p___argc.MSVCRT ref: 004080A5
OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
OpenServiceA.ADVAPI32(00000000,mssecsvc2.1,000F01FF,6F7F0EF0,00000000,?,004081B2), ref: 004080DC
CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126

Strings

mssecsvc2.1, xrefs: 004080D6, 00408105

Memory Dump Source

Source File: 00000006.00000002.2292630848.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.2292487465.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292714421.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292742466.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292825641.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.2292956684.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
String ID: mssecsvc2.1
API String ID: 4274534310-2839763450
Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF

Analysis Process: mssecsvr.exePID: 2820, Parent PID: 632COMMON

Execution Graph

Execution Coverage:	34.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	36
Total number of Limit Nodes:	2

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
__p___argc.MSVCRT ref: 004080A5
OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
OpenServiceA.ADVAPI32(00000000,mssecsvc2.1,000F01FF,6F7F0EF0,00000000,?,004081B2), ref: 004080DC
CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126

Strings

mssecsvc2.1, xrefs: 004080D6, 00408105

Memory Dump Source

Source File: 00000007.00000002.2925253901.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2925238806.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925270307.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925364058.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925384416.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
String ID: mssecsvc2.1
API String ID: 4274534310-2839763450
Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF

Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
InternetCloseHandle.WININET(00000000), ref: 004081A7
InternetCloseHandle.WININET(00000000), ref: 004081AB

Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5

Strings

http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com, xrefs: 0040814A

Memory Dump Source

Source File: 00000007.00000002.2925253901.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2925238806.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925270307.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925364058.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925384416.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
API String ID: 774561529-2614457033
Opcode ID: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
Instruction ID: 3b8a91e0baa4f3639afdb349cfc438007093f0a6557163af6b5eb03d237fc32a
Opcode Fuzzy Hash: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
Instruction Fuzzy Hash: B3018671548310AEE310DF748D01B6B7BE9EF85710F01082EF984F72C0EAB59804876B

Non-executed Functions

Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

sprintf.MSVCRT ref: 00407C56
OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
CreateServiceA.ADVAPI32(00000000,mssecsvc2.1,Microsoft Security Center (2.1) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6F7F0EF0,00000000), ref: 00407C9B
StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC

Strings

Microsoft Security Center (2.1) Service, xrefs: 00407C90
%s -m security, xrefs: 00407C50
mssecsvc2.1, xrefs: 00407C95

Memory Dump Source

Source File: 00000007.00000002.2925253901.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2925238806.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925270307.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925364058.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925384416.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
String ID: %s -m security$Microsoft Security Center (2.1) Service$mssecsvc2.1
API String ID: 3340711343-2450984573
Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF

Function 00407CE0 Relevance: 40.4, APIs: 12, Strings: 11, Instructions: 175
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6F7F0EF0,?,00000000), ref: 00407CEF
GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
sprintf.MSVCRT ref: 00407E01
sprintf.MSVCRT ref: 00407E18
MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00407E2C

Strings

C:\%s\%s, xrefs: 00407DFB
tasksche.exe, xrefs: 00407DEA
CloseHandle, xrefs: 00407D29
kernel32.dll, xrefs: 00407CEA
CreateProcessA, xrefs: 00407D07
WINDOWS, xrefs: 00407DF2, 00407E0D
WriteFile, xrefs: 00407D1C
/i, xrefs: 00407E8D
C:\%s\qeriuwjhrf, xrefs: 00407E12
CreateFileA, xrefs: 00407D0F
D, xrefs: 00407ED3

Memory Dump Source

Source File: 00000007.00000002.2925253901.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2925238806.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925270307.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925364058.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925384416.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: AddressProcResource$sprintf$FileFindHandleLoadLockModuleMoveSizeof
String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
API String ID: 4072214828-1507730452
Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA

Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__set_app_type.MSVCRT ref: 00409A43
__p__fmode.MSVCRT ref: 00409A58
__p__commode.MSVCRT ref: 00409A66
__setusermatherr.MSVCRT ref: 00409A92
_initterm.MSVCRT ref: 00409AA8
__getmainargs.MSVCRT ref: 00409ACB
_initterm.MSVCRT ref: 00409ADB
GetStartupInfoA.KERNEL32(?), ref: 00409B1A
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00409B3E
exit.MSVCRT ref: 00409B4E
_XcptFilter.MSVCRT ref: 00409B60

Memory Dump Source

Source File: 00000007.00000002.2925253901.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2925238806.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925270307.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925285769.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925343606.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925364058.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925384416.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000007.00000002.2925477072.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd

Yara matches

Similarity

API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
String ID:
API String ID: 801014965-0
Opcode ID: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
Opcode Fuzzy Hash: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report GUtEaDsc9X.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\WINDOWS\qeriuwjhrf (copy)

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

C:\Windows\tasksche.exe

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Windows Analysis Report
GUtEaDsc9X.dll

Function 00407CE0 Relevance: 50.9, APIs: 18, Strings: 11, Instructions: 175
libraryloaderfileCOMMON

Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111
COMMON

Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45
networkCOMMON

Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54
serviceCOMMON

Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49
serviceCOMMON